In a quantum future, our economy needs to be protected. A cybersecurity expert explains why 

(Credit: Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Abhinav Chugh, Acting Content and Partnerships Lead, World Economic Forum

  • The dawn of the quantum computing age brings with it many potential new risks – including those related to security.
  • Government agencies and industry groups have expressed a growing sense of urgency when it comes to transitioning to a quantum safe future.
  • Cybersecurity expert Jaya Baloo explains why and how we need to protect our economies in case of a quantum future.

The privacy of online communication is currently protected by cryptography, which shields information as it travels around the internet. It secures everything from making online purchases to accessing work email remotely. With capabilities of quantum computing growing rapidly, industry experts reckon that it will take at least another 10 years before quantum computers with very large numbers of qubits are available.

Quantum computers could run algorithms that could break the public key encryption we use today. Researchers are performing intensive research to review, select and improve several dozen different algorithms to replace the current ones to prevent this.

The technology is still at an early stage and will take several decades before it reaches full fruition, which allows us a brief window to develop the current digital and IT infrastructure to be prepared for a quantum future.

We discussed why and how the current cyber landscape could develop and prioritise certain areas to avoid the potential harms and risks from developments in quantum computing with Jaya Baloo, Chief Information Security Officer at Avast.

Jaya has been working in the field of information security, with a focus on secure network architecture, for over 20 years and sits on the advisory boards of the Netherland’s National Cyber Security Centre, PQCrypto and EU Quantum Flagship’s Strategic Advisory Board. She is currently a member of the World Economic Forum’s Global Future Council on Quantum Computing.

For many years, the quantum threat to cryptography was considered theoretical. However, with recent advances in building a physical quantum computer, Jaya believes we are not far from our currently used cryptographic algorithms breaking down.

What drew you towards developing your expertise in cybersecurity and becoming a leader in this domain?

I think I’ve always been curious about security. When I was a child, I was fascinated by phone phreaking and my interest developed in earnest when I was working as a network engineer at KPN. The fact is, once you get started in cybersecurity, it’s hard to remain on the sidelines and instead you’re very quickly drawn to taking a position because there are so many foundational dilemmas that we deal with just in a day’s work. Global issues influence security teams at an incredibly operational level and include everything from the impact of geopolitics on supply chain security to policies on cryptography as well as the use of certain tooling to assess the security posture of networks.

What is most misunderstood about your work? What do you wish people knew?

The thing that is most misunderstood about working in cybersecurity is how it often becomes visually characterized by Hollywood. It is often depicted as incredibly fast paced and exciting, as a sort of cat and mouse game between hardened defenders and hooded attackers. Unfortunately, the truth is a lot more about doing the regular, diligent, routine, and day-to-day incremental efforts to prevent an attack or to analyze and respond to one when it does happen. In reality, it’s still about a lot of dedicated people staring at their screens with very few car chases in between.

I wish people understood better just how fragile our cybersecurity position is and just how much effort we need to put in to improving the basics now to be prepared for the future. We still rely on foundational protocols that were developed in the 1970s and haven’t changed a lot since then for our primary transmission communications layer. We have lots of new tools developed with old classes of vulnerabilities in them. We still don’t proactively test and change rapidly enough to evolve in line with the new threats that we’re facing. Added to that is that there’s an enormous interdependency from a critical infrastructure point of view because we rely on the same tools all over the world, so a single successful attack has a very large ripple effect.

In your opinion, what is the most critical cybersecurity challenge that leaders currently face?

Currently, I think the biggest challenge that leaders face is understanding that we have excluded the cost of cybersecurity in our existing IT infrastructure. The sunk cost of these old investments means that fixing or upgrading is not always an easy decision and organizations have extensive risk management tactics to explain rather than adhere to best practices. When this is already a challenge, thinking about additional safeguards for new technology often seem to be a nice to have rather than a need to have unless compelled by regulatory requirements. A good practice is to reserve about ten percent of IT budget for your non personnel spend for information security. If all parties started doing that, our innovation capacity would catch up on our legacy infrastructure. Then, we would slowly but assuredly be more secure.

Why do we need a tighter focus on encryption as a guarantee of privacy and online safety?

Cryptography is at the heart of our global internet economy from online banking to guarding intellectual property as well as the more foundational need to have secure and private communications between individuals. It guards human rights but also supports national security. Unfortunately, this does not mean that we have not had challenges to this capability as evinced by the cryptography wars of the 1990s. It always makes me think of a quote by Benjamin Franklin, that “those who would give up essential liberty for a little bit of temporary safety deserve neither liberty nor safety”, which speaks to the tension between national surveillance capabilities versus individual privacy needs. We need good, strong, well tested cryptography without backdoors in order to protect a free and democratic society. There are alternatives available for law enforcement to conduct targeted investigations without jeopardizing the common security available to us all and our fundamental human rights.

How could developments in quantum computing disrupt this?

The promise of quantum computing is that very long held and difficult scientific problems will be solvable in a novel way. Our current cryptography is based on difficult math problems, such as integer factorization and discrete logs, which would take our current computers a very long time to solve. However, a quantum computer of sufficient scale can speed up the solving of these problems so significantly that it will effectively break our currently used cryptographic algorithms.

What actions are required to enable a secure and sustainable transition to the quantum economy?

First things first, we need to know where we use our current cryptography and for what purpose. Most organizations have no idea what their cryptographic resources are and how it enables daily operations. Once we’ve completed that inventory, we need to figure out how to transition to new post quantum algorithms which are a new set of algorithms that will still be resistant to a quantum computing attack, while potentially also looking for very specific opportunities to deploy something called quantum communications (secure communications links based on the principles of quantum mechanics). Looking through an organization’s supply chain, there may be vendors that are working in this area and will afford easy transition opportunities to an organization. However, no matter what, they should be thinking about it and just understanding a vendor’s maturity in this area is vital to enable a smooth transition.

What would be your advice to policymakers and other cybersecurity experts to achieve this?

Although it would be wonderful if everyone just voluntarily adopted best practices habitually, I fear we require some regulatory framework and national strategy to make sure that the most vulnerable and critical parts of our economy are quantum ready. My biggest concern is the time we have left to transition to a secure post quantum future. It’s important to be able to embrace the benefits of quantum computing and quantum technologies to advance our society while managing any potential downsides from the weakening on cryptography. Since there is such a strong strategic and national security advantage in terms of surveillance capabilities, I fear that certain infrastructure and software will find its way onto the Wassenaar Arrangement on export controls for conventional arms and dual use goods and technologies.

I would urge policy makers to ensure that there are no export restrictions against export of quantum technologies which would only further deepen the digital divide. Due to our interconnected economies, we need democratization of technology and must ensure global participation to be collectively secure, a sort of digital version of herd immunity.

the sting Milestones

Featured Stings

Stopping antimicrobial resistance would cost just USD 2 per person a year

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Lebanon: UN rights office calls for de-escalation of protest violence

Here’s how companies can make sure they are blockchain-ready

Why the financial scandals multiply?

JADE Generations Club: Connecting perspectives, changing Europe.

At global health forum, UN officials call for strong, people-focused health systems

To entrepreneurship and beyond!

My ‘’cultural’’ contacts with China

‘We are nowhere closer’ to Israeli-Palestinian peace deal, than a year ago, Security Council hears

‘Rare but devastating’ tsunamis underscore need for better preparation, UN chief urges on World Day

‘Regional security and integration’ in Central Africa under threat, Security Council warned

‘Spectre of poverty’ hangs over tribes and indigenous groups: UN labour agency

Recovery and Resilience Facility: Romania submits official recovery and resilience plan

Artificial intelligence: Commission takes forward its work on ethics guidelines

Industrial policy: recommendations to support Europe’s leadership in six strategic business areas

The ocean is teeming with microplastic – a million times more than we thought, suggests new research

Can Obama attract Iran close to the US sphere of influence?

Bring killers of journalists to justice: UN agency seeks media partners for new campaign

Regulate social media platforms to defend democracy, MEPs say

Canada has the most comprehensive and elaborate migration system, but some challenges remain

G20 LIVE: World Leaders in Turkey for G20 Summit. Global Economy will be discussed in Antalya

These countries are the most optimistic about economic recovery from the pandemic

Last-chance Commission: Why Juncker promised investments of €300 billion?

COP25: Developing nation’s strike hard

Ireland’s planning to make its Emerald Isle even greener

Peer-to-peer learning: a way to develop medical students’ trainings

ISIL continues to pose a ‘serious challenge’ worldwide – UN counter-terror chief

Biodiversity: MEPs demand binding targets to protect wildlife and people

Leaders need hard data to make the hard decisions about sustainability

Nicaragua ‘crisis’ still cause for concern amid murder, torture allegations: Bachelet

Trump: Hostile to Europe, voids Tillerson’s “ironclad” ally pledge

Businesses, governments and consumers to implement a more climate-friendly approach to #BeatPlasticPollution on World Environment Day 2018

Right2Water initiative: Is the Commission ready to listen to citizens?

Trump’s withdrawal from the Paris climate deal is bad for US business. Here’s why.

3 natural mysteries that could be explained by quantum physics

The winds of change: 5 charts on the future of offshore power

Millions of Bangladeshi children at risk from climate crisis, warns UNICEF

COVID-19 and the importance of scientific credibility in decreasing the number of cases

Antitrust: Commission opens investigation into possible anti-competitive conduct of Amazon

Plastic is a global problem. It’s also a global opportunity

NASA is recruiting new astronauts – this is what it takes to apply

Why it’s time to celebrate migrants

Fighting forest fires in Europe – how it works

The Pegasus Project awarded the 2021 Daphne Caruana Galizia Prize for Journalism

Detecting online child sexual abuse requires strong safeguards

Sexual reproductive health rights SRHR and ending HIV: can one be achieved without the other?

Greenhouse gas emissions have already peaked in 30 major cities

Transparency, EU values, and pluralism: new rules for European political parties

Central Asia bloc has important role in ‘peace, stability and prosperity’ beyond region, says Deputy UN chief

Greater transparency, fairer prices for medicines ‘a global human rights issue’, says UN health agency

It’s time to end our ‘separate but unequal’ approach to mental health

How smart tech helps cities fight terrorism and crime

EU and Mercosur reach agreement on trade

UN committed to helping Haiti build better future, says Guterres, marking 10-year anniversary of devastating earthquake

Antitrust: Commission sends Statement of Objections to O2 CZ, CETIN and T-Mobile CZ for their network sharing agreement

5 things to know about the exploding world of pro gaming

World Food Programme accesses Yemeni frontline district for first time since conflict began

UN chief calls for ‘immediate end’ to escalation of fighting in southwestern Syria, as thousands are displaced

The world’s food waste problem is bigger than we thought – here’s what we can do about it

A Sting Exclusive: “Seize the opportunity offered by Africa’s continental free trade area”, written by the Director General of UNIDO

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: