Why cyber security is essential for a post-quantum world

Futuristic quantum computing will soon become the technology of the present.
It will be a positive advancement for many disciplines, but the potential security impacts are generally not fully understood by citizens, organizations, or decision-makers.
These different audiences need tailored messaging to enable a collective and coordinated response to mitigate the risk associated with this new technology.
Collective action in advance of quantum computing can offer opportunities to build a new security foundation, which will offer a step-change in our ability to secure our digital infrastructure.

Quantum computers are a technological step-change that look like they could have had their roots in 19th-century science fiction or steampunk art, an aesthetic that blends industrial era imagery like cogs, clockwork, and machine parts with Victorian art and design, and includes futuristic elements like robotics and artificial intelligence

This could be why they are often viewed as computers of the future or part of science fantasy. However, recent advances in the technological underpinnings of quantum computing, as well the required error correction code capabilities, are slowly migrating the conversation from ‘if’ to ‘when’.

When quantum computing becomes more fully available, it will be capable of performing large numerical calculations such as the statistical modelling of chemistry, how we create materials and more accurate predictions of weather patterns.

Along with this modelling ability, quantum computing has the potential to factor large numbers. This could threaten the basis of public-key cryptography algorithms that underpin many of our daily commercial activities such as online payments, secure communications, and a myriad of trusted internet transactions.

Although we still don’t know exactly when this threat will materialize, it is prudent that organizations review their current cryptographic reliance and start to think about when they will need to migrate to post-quantum cryptography.

Post-quantum cryptography is currently being developed under the auspices of the National Institute for Standards and Technology (NIST) and there is reason to be optimistic about the future availability of tools to mitigate the threat posed to cryptography by quantum computing.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum's Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority.

World Economic Forum | Centre for Cybersecurity

Our community has three key priorities:

Strengthening Global Cooperation - to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.

Understanding Future Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.

Building Cyber Resilience - to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.

Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.

The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.

For more information, please contact us.

Managing cybersecurity risks

As with many types of technology disruption, getting the right messaging to every level of an organization is crucial. This helps determine that there is neither undue alarm nor complacency at either end of the spectrum.

In response, the World Economic Forum's Global Future Council on Cybersecurity (GFC on Cybersecurity) has identified several different audience personas for quantum and drawn up recommendations tailored for each audience type. These recommendations guide audiences on how to approach the cybersecurity risk aspects of quantum computing, and how to take action.

They are particularly useful for chief information security officers who assess specific risks, and for corporate leaders who must understand that risk in the broader organizational and regulatory context. The recommendations help set out the paradigm shift posed by quantum computing advances and ensure that unprepared organizations can mitigate their vulnerabilities.

Policymakers and standards organizations

Support the development of international quantum cybersecurity and risk management standards for quantum computing
Promote enhanced quantum awareness among leaders from both the public and private sectors
Accelerate development of a cybersecure global ecosystem by including quantum cybersecurity technology as an area of focus

Corporate leaders and boards

Adopt a holistic approach that balances the potential opportunities of quantum computing against the risks
Understand that risks may be necessary to fulfil various regulatory and legal responsibilities
Invest in updating information technology systems and technical infrastructure, and prioritize crypto-agility to avoid lock-in and costly future changes
Invest in the development and acquisition of knowledgeable and skilled staff that understand the technology and the threats

Chief information security officers

Champion quantum computing concerns within the organization and educate corporate leaders and business stakeholders
Launch initiatives to assess quantum computing risks and exposures, and establish and/or modify processes to account for quantum computing capabilities
Build a crypto “inventory” that includes data assets to determine which ones need to be re-encrypted with quantum-resistant cryptographic algorithms

Cybersecurity and privacy practitioners

Research new quantum-resistant and crypto-agile tools. Once these tools are developed and ready for production, utilize them
Participate in related public-private partnerships and industry events to broaden and deepen your quantum-based knowledge
Contribute your business and technical expertise to standards organizations and the global community

Issue Briefing: What's Next for Quantum Computing? | ...

Data protection laws and policies need to be simplified so that end-users and consumers can understand them. This needs to happen quickly because of the paradigm shift that quantum computing could bring about.

While the GFC on Cybersecurity recommendations are likely to be generally accepted as sound practice, the projected quantum-computing paradigm shift could make unprepared organizations especially vulnerable.

Quantum computing isn’t a threat, but it may be a double-edged sword. While it will create value and may also enhance some elements of security, the less we know about it the more risk we will face. We need to start educating leaders, organizations and citizens right now. And tailoring the message to the right target audience is key.

Under the umbrella of the Quantum Computing Network, the World Economic Forum Centre for Cybersecurity is building a global multi-stakeholder initiative with a view to building a secure quantum economy.