- Futuristic quantum computing will soon become the technology of the present.
- It will be a positive advancement for many disciplines, but the potential security impacts are generally not fully understood by citizens, organizations, or decision-makers.
- These different audiences need tailored messaging to enable a collective and coordinated response to mitigate the risk associated with this new technology.
- Collective action in advance of quantum computing can offer opportunities to build a new security foundation, which will offer a step-change in our ability to secure our digital infrastructure.
Quantum computers are a technological step-change that look like they could have had their roots in 19th-century science fiction or steampunk art, an aesthetic that blends industrial era imagery like cogs, clockwork, and machine parts with Victorian art and design, and includes futuristic elements like robotics and artificial intelligence
This could be why they are often viewed as computers of the future or part of science fantasy. However, recent advances in the technological underpinnings of quantum computing, as well the required error correction code capabilities, are slowly migrating the conversation from ‘if’ to ‘when’.
Have you read?
When quantum computing becomes more fully available, it will be capable of performing large numerical calculations such as the statistical modelling of chemistry, how we create materials and more accurate predictions of weather patterns.
Along with this modelling ability, quantum computing has the potential to factor large numbers. This could threaten the basis of public-key cryptography algorithms that underpin many of our daily commercial activities such as online payments, secure communications, and a myriad of trusted internet transactions.
Although we still don’t know exactly when this threat will materialize, it is prudent that organizations review their current cryptographic reliance and start to think about when they will need to migrate to post-quantum cryptography.
Post-quantum cryptography is currently being developed under the auspices of the National Institute for Standards and Technology (NIST) and there is reason to be optimistic about the future availability of tools to mitigate the threat posed to cryptography by quantum computing.
What is the World Economic Forum doing on cybersecurity?
The World Economic Forum’s Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. The centre is an independent and impartial platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors.
Since its launch, the centre has driven impact throughout the cybersecurity ecosystem:
- Training a new generation of cybersecurity experts
Salesforce, Fortinet and the Global Cyber Alliance, in partnership with the Forum, are delivering free and globally accessible training through the Cybersecurity Learning Hub.
- Building a global response to cybersecurity risks
The Forum, in collaboration with the University of Oxford – Oxford Martin School, Palo Alto Networks, Mastercard, KPMG, Europol, European Network and Information Security Agency, and the US National Institute of Standards and Technology, is identifying future global risks from next-generation technology.
- Improving cybersecurity in the aviation industry
Through the Cyber Resilience in the Aviation Industry initiative, the centre has been improving cyber resilience in aviation in collaboration with Deloitte and more than 50 other companies and international organizations.
- Making the global electricity ecosystem more cyber resilient
The centre and the Platform for Shaping the Future of Energy, Materials and Infrastructure have been bringing together leaders from more than 50 businesses, governments, civil society and academia to develop a clear and coherent cybersecurity vision for the electricity industry.
- The Council on the Connected World agreed on IoT security requirements for consumer-facing devices to protect them from cybers threats, calling on the world’s biggest manufacturers and vendors to take action for better IoT security.
- The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace, which aims to ensure global digital peace and security.
Contact us for more information on how to get involved.
Managing cybersecurity risks
As with many types of technology disruption, getting the right messaging to every level of an organization is crucial. This helps determine that there is neither undue alarm nor complacency at either end of the spectrum.
In response, the World Economic Forum's Global Future Council on Cybersecurity (GFC on Cybersecurity) has identified several different audience personas for quantum and drawn up recommendations tailored for each audience type. These recommendations guide audiences on how to approach the cybersecurity risk aspects of quantum computing, and how to take action.
They are particularly useful for chief information security officers who assess specific risks, and for corporate leaders who must understand that risk in the broader organizational and regulatory context. The recommendations help set out the paradigm shift posed by quantum computing advances and ensure that unprepared organizations can mitigate their vulnerabilities.
Policymakers and standards organizations
- Support the development of international quantum cybersecurity and risk management standards for quantum computing
- Promote enhanced quantum awareness among leaders from both the public and private sectors
- Accelerate development of a cybersecure global ecosystem by including quantum cybersecurity technology as an area of focus
Corporate leaders and boards
- Adopt a holistic approach that balances the potential opportunities of quantum computing against the risks
- Understand that risks may be necessary to fulfil various regulatory and legal responsibilities
- Invest in updating information technology systems and technical infrastructure, and prioritize crypto-agility to avoid lock-in and costly future changes
- Invest in the development and acquisition of knowledgeable and skilled staff that understand the technology and the threats
Chief information security officers
- Champion quantum computing concerns within the organization and educate corporate leaders and business stakeholders
- Launch initiatives to assess quantum computing risks and exposures, and establish and/or modify processes to account for quantum computing capabilities
- Build a crypto “inventory” that includes data assets to determine which ones need to be re-encrypted with quantum-resistant cryptographic algorithms
Cybersecurity and privacy practitioners
- Research new quantum-resistant and crypto-agile tools. Once these tools are developed and ready for production, utilize them
- Participate in related public-private partnerships and industry events to broaden and deepen your quantum-based knowledge
- Contribute your business and technical expertise to standards organizations and the global community
End-users and consumers of digital products and services
Data protection laws and policies need to be simplified so that end-users and consumers can understand them. This needs to happen quickly because of the paradigm shift that quantum computing could bring about.
While the GFC on Cybersecurity recommendations are likely to be generally accepted as sound practice, the projected quantum-computing paradigm shift could make unprepared organizations especially vulnerable.
Quantum computing isn’t a threat, but it may be a double-edged sword. While it will create value and may also enhance some elements of security, the less we know about it the more risk we will face. We need to start educating leaders, organizations and citizens right now. And tailoring the message to the right target audience is key.
Under the umbrella of the Quantum Computing Network, the World Economic Forum Centre for Cybersecurity is building a global multi-stakeholder initiative with a view to building a secure quantum economy.