- Alongside their promise, quantum computers could threaten the security on which our digital ecosystem is built.
- To counter this threat, we need to create a global community of stakeholders committed to promoting safe and secure quantum applications.
- The foundations of this new security paradigm are already in place - but there are barriers to clear first.
The power of quantum computers creates an unprecedented threat to the security of our data through its potential to break the cryptography that underpins our digital ecosystem. The technology community can address and manage this risk that has the potential to act as a strategic blocker to the wider adoption of Quantum technology; doing so will help unlock the trillion-dollar potential value of quantum technology to the global economy.
For all the dramatic advances they will offer, quantum computers could threaten our ability to encrypt information and exchange it securely. While this development has the potential for significant economic and geopolitical disruption, the technology to mitigate this risk exists today – and it also presents a transformative opportunity to deliver a new level of digital trust and security.
What the world needs is a quantum security coalition, a global community of those who are committed to promoting the safe and secure adoption of new quantum applications, promoting better quantum literacy among global leaders, and accelerating a secure global ecosystem, including quantum security technology, that will be able to unlock the true value and potential of this technology securely.
Have you read?
Quantum security principles
Quantum science is now being harnessed to build a strong cybersecurity response to both a future as well as the current threat landscape. The resultant technologies can provide the basis for a new security foundation that will offer a step-change in our ability to secure our digital infrastructure – but we need action now to incentivize their widespread adoption across the digital ecosystem.
Leveraging the laws of physics, quantum-enabled technologies, such as quantum key distribution and quantum random number generation, are not susceptible to attacks from either quantum computers or powerful mathematical techniques. As such they can provide robust and future-proof security and potentially a new paradigm of trust not currently available using traditional approaches.
These physics-based approaches, based on advanced cybersecurity software and next-generation cryptographic strategies (known as post-quantum algorithms), deliver resilient cybersecurity infrastructure capable of safeguarding our digital lives and connected societies – today and into the future. Quantum-enabled technologies form the core of the quantum principles that can be employed to assure the security of digital communications. The following examples of potential applications will play a critical role in building trust in the digital ecosystem.:
1. Quantum key distribution technology uses quantum effects to protect the most critical and vulnerable link in the security chain: the exchange of encryption keys between parties. The diagram below illustrates a quantum key distribution system using an optical fibre-based channel to exchange key material, protected by the laws of quantum physics. Adaptations to other channels such as 'over-the-air' quantum key distribution are also maturing.
2. Quantum effects can also be harnessed to deliver high-speed streams of truly random (known as full entropy) bits, which can be used to construct high-quality encryption keys. By virtue of being truly random, and thus unpredictable, such keys are more secure. Devices capturing these quantum effects are now mature and are today being deployed in existing technology and infrastructure.
The importance of entropy in security is well illustrated by cautionary tales of what has happened when too much reliance has been placed on deterministic or algorithmic approaches to generating random numbers.
In 2017, Russian hackers cheated casinos out of millions of dollars by targeting weak (software-based) pseudo-random number generation algorithms in slot machines. They used smartphones to record the patterns of the spins of slot machine wheels and then reverse-engineered the underlying random number-generation algorithm. This enabled the hackers to predict the spins and monetize this predictability. As a consequence, the gaming industry has been one of the first to start realizing the potential power of quantum-enabled true random number generation.
Building a quantum security coalition
The foundations of this new security paradigm are firmly in place; however more work is needed to drive broad adoption. This is a new technology, and within the security ecosystem progress is being made within the academic, innovation labs and specialist technical communities. But within the security field we see two main barriers that the wider community needs to address:
Barrier 1: Maturity and standards
While quantum entropy is a known, highly capable technology for generating encryption keys that is also ready for broad implementation, there still remain barriers to the deployment of other components of the quantum principles, specifically post-quantum algorithms and quantum key distribution. This includes determining which of the proposed post-quantum algorithms will provide the most robust and durable security while minimizing operational impacts and costs. Similarly, there are multiple different types of quantum key distribution under development that meet a range of needs, and potentially causing confusion among early adopters.
Barrier 2: Building the quantum security ecosystem
Currently, there is a major gap in both awareness of and information about the potential applications, risks and security solutions associated with quantum technology. For leaders charged with ensuring the security and integrity of the systems on which businesses rely, there is still hyperbole in the quantum security debate. The community can change this by building quantum literacy at the board and CEO level. This will require actions at the individual as well as the collective leadership level – from gaining an inventory of information assets (including shared infrastructure) and developing a comprehensive understanding of risks potentially impacted by quantum technology to building a roadmap identifying key milestones and trigger events.
In parallel, this technology transition requires the urgent development of a pipeline of professionals to implement these principles effectively. The quantum security market alone is expected to grow to globally to $25 billion in just a few short years. The community needs to start investing in skills and the supply ecosystem must start preparing for a quantum-enabled safe and digitally secure posture. The acceleration of government-led initiatives such as those announced in the US, EU, India, Japan, and Australia will also help.
Securing our quantum future
It is imperative that the cybersecurity community begins to build and accelerate its adoption of quantum security technology, and to move its value from the technical to the transformative space. This emerging technology is already being implemented to build a strong cybersecurity response to the potential cryptographic threat, but these new quantum-enabled technologies provide the basis for a new security foundation that will offer a step-change in our ability to secure digital infrastructure.