July 10, 2022
Quantum computing has gathered increasing tech industry attention over the past few years, and analysts expect broken algorithms and security threats posed by the computing evolution will unfold and gradually build steam over the next decade.
“Gartner projects that by 2030 [quantum computing] will be strong enough to damage existing asymmetric cryptography and will stop being used,” Mark Horvath, senior director analyst at Gartner, told SDxCentral via email. “It should be replaced with ‘quantum safe’ algorithms over the next 5 years.”
Meanwhile, U.S. government agencies and enterprises are increasing preparation for a significant cyberthreat dubbed Y2Q, or “years to quantum.” This week alone, the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Commerce’s National Institute of Standards and Technology (NIST) both announced efforts aimed at coping with quantum computing threats.
Quantum computers have the ability to simultaneously encode information and store “qubits.” This enables quantum computers to tackle algorithms that would be virtually impossible for classic computers.
A fully functioning quantum computer would be capable of operating in four states at one time — 00, 01, 10, 11 — compared to traditional computers that operate in a single bit system, according to the Bulletin of the Atomic Scientists.
Quantum computing first started as a theoretical curiosity in the 1980s. However, in the past 10 years, the anomaly has been making steady progress and is currently “enjoying both a lot of investor capital and a lot of attention from the physics community,” Horvath wrote.
“We see a lot of financial services and health care companies starting to use quantum computing in an earnest way, both to make progress on their problems and to be prepared for when this becomes a more commonplace technology,” he added. “We’ve seen quantum computing used for portfolio balancing, credit decisioning, block trade algorithms, logistics problems like route optimization, warehouse sorting, and in pharmacology and medicine.”
NATO, the White House, and NIST have been taking preparatory steps for a scenario in which quantum computers become weaponized by threat actors. In 2018, the National Quantum Initiative Act aimed to accelerate quantum research and further develop U.S. economic and national security.
“Nation-states, like the U.S. or China, are really investing in quantum computing because they see the threat of if someone can break crypto and get keys to sign code, then that means a nation-state can attack your critical infrastructure,” Jim Alfred, VP of BlackBerry technology solutions, said in an interview with SDxCentral. “Threat actors can send a software update that looks authentic. Then you’re toast, right? So, if you’re building critical infrastructure you have to worry that someday there’ll be a cyberwar.”
The vendor community is responding as well because quantum poses a modernized risk that could potentially “render today’s public key cryptography useless,” according to BlackBerry, which plans to provide support for quantum-resistant secure boot signatures for semiconductor manufacturing company NXP.
The anticlimactic outcome of the “millennium bug” two decades ago was in part due to preemptive measures, fueled by government spending, to avoid calamity. The U.S. spent upwards of $100 billion in the preface of Y2K, according to BlackBerry.
Eerily similar, concerns over Y2Q should revive preemptive efforts to update security methods that will soon become useless against next-generation attacks.
Both BlackBerry and Gartner recommend hitting the ground running with pilots and experimenting with both quantum computing and post-quantum cryptographic algorithms.
Replacing weakened crypto by taking inventory, coding for modularity, and experimenting with replacements can enhance crypto agility that ultimately can better prepare for quantum computing threats.
“Quantum computers could be here sooner than you think. A lot of people are waiting, but it’s important to be ready,” Alfred said.
“Experiment with both quantum computing and post-quantum cryptographic algorithms, both efforts will take time, but both have substantial payoffs later in the decade,” Harvoth concluded.
Source – SDX Central July 2022
Call or email Cocha. We can help with your cybersecurity needs!