The impact of quantum computing on your security: a call to action

Atkins’ Dr Matthew Parish explains why businesses need to start thinking about quantum resistant algorithms now.

The advent of quantum computing promises a wide range of benefits. These includes the ability to efficiently and effectively model complex systems and to solve large optimisation problems, and the benefits increase further when teamed with artificial intelligence (AI). It will enable huge advancements in industries such as finance, logistics and pharmacology, and has the potential to impact all aspects of digital life. But with great power comes great risk. Quantum computing could be used to decrypt passwords, imitate legitimate users, and access your most sensitive information. To protect your organisation, you need to understand your risk, then prioritise and start the steps needed to mitigate it.

What are the security implications of quantum computing?

Quantum computers operate by manipulating quantum-bits, qubits, which can simultaneously exist in both binary 1 and 0 states. While this can be hard to comprehend, and the maths is 'complex' to say the least, in essence, it means that quantum computers offer a step change in capability: they can solve, with relative ease, many of the problems with which classical computers struggle. This has significant implications – particularly in relation to the cyber security.

Many of the digital services we rely on are enabled by Public Key Infrastructure (PKI), which establishes and manages the encryption that keeps your information secure. You may not be familiar with PKI, but you will be familiar with the applications and services it supports, which include email encryption, user authentication and digital signatures. New paradigms, such as zero-trust architectures, are placing increasing emphasis on PKI and similar techniques – but once a sufficiently competent quantum computer is available, it could potentially compromise all these services. This may mean threat actors spoof users’ credentials, gaining access to your network, fraudulently signing important documentation and stealing information, resulting in dire consequences for your business.

Although quantum computing technology is not yet mature enough to do this, it's not far off; estimates vary, but it is likely that a sufficiently programmable and fault-tolerant quantum computer will be available in the next 10-15 years. While a capable quantum computer is likely to be at least a decade away, there are two risks that must be considered now.

Firstly, there is a risk that your encrypted data is being quietly collected for decryption in the future. It is thought that large quantities of encrypted data are being harvested and stored for the day when a quantum computer is made available, and will then be decrypted on an industrial scale. How would your business be affected should your private communications be made available in 10 years? There may be elements that cause embarrassment or distress, or perhaps even reputational damage, financial loss and a reduction in your competitive edge.

Secondly, there is a risk that your enterprise cannot transition to a quantum resilient state before the development of a capable quantum computer. Migrating a significant proportion of your business’ infrastructure and services needs investment and planning and, to complicate this, there may be instances where quantum resilient and traditional elements must co-exist.

Getting ready for quantum

If the horizon for a quantum computer is 10 years, then you don't have long to start your journey. As with any business investment, you will need to first focus on the drivers and work out from there. A quantum readiness review will clarify your needs and identify potential solutions. What is your risk appetite? What are your priority systems, and which parts of your network and your business are most vulnerable? A gap analysis using your risk appetite and vulnerabilities will enable the development of a roadmap for transition. When the overarching approach has been defined, you can then concentrate on developing an achievable programme of activity, based on realistic solutions. However, making significant investment prior to the wide-spread adoption of ‘quantum-safe’ or ‘post-quantum’ cryptographic standards, which are being developed, risks diverging from the market and emerging best practice. That could be a costly mistake.

To protect your systems and data you need to start thinking about post-quantum issues now – understanding where your risk lies, identifying quantum resilient solutions and transition paths, and securing funding to deliver these changes. Quantum computing is advancing fast, and action starts by accepting that it poses both a risk and an opportunity to your enterprise. By placing quantum computing on your planning agenda today, you can make strides towards identifying where your systems’ encryption may place you at risk, consider how to address these risks, and explore the benefits of working with partners and suppliers who can support you through your quantum journey.

Visit our website to discover more about Atkins’ cyber security expertise.

The voice of the UK tech sector is shaping UK Quantum policy

Latest news

26 Jul 2024

The UK announces five new quantum hubs

The UK's world leading 'quantum hubs' model has provided world leading research and innovation since 2014. The renewal of this system, with new hubs announced and a focus on practical use of quantum technology, is welcomed by techUK as a strong step towards commercialisation.

Opportunities