Lightning fast quantum computers mean that we are in a new race to strengthen cybersecurity defences

South China Morning Post Dipublikasikan 01.11, 20/11/2019
Lightning fast quantum computers mean that we are in a new race to strengthen cybersecurity defences

A new type of computer, based on quantum theory, is going to change the way that organisations deal with data in the future because it will allow them to solve some problems at an exponentially faster rate than traditional computers.

This will lead to a period of massive technology disruption and will create both new opportunities and risks.

While fault-tolerant quantum computers do not exist today, the development of one may be closer than we think " likely within 15 years. Once quantum computing becomes a reality, it will pose a threat to the very pillars of our cybersecurity infrastructure.

If we think hackers are too easily beating the system today, just imagine what will happen if they gain access to quantum computers before systems are quantum-resilient.

Today, public-key cryptography is used for securely exchanging information, protecting stored data, authenticating the origin and integrity of software and other information, and more. Cryptography matters because this is how all sensitive and confidential data and connected systems are protected.

This goes well beyond impacting the financial industry " just think about the potential impact on other industries such as telecommunications, aerospace, utilities, defence and medicine if they become vulnerable to cyberattacks.

The best-known methods for breaking these codes with conventional computers require an exponential number of computing clock-cycles, which generally makes this a futile effort. Quantum computers can break these codes with astronomically fewer steps, which may be implemented in a few hours according to recent estimates.

The only way organisations will be able to defend against quantum breaches will be to transition to quantum-safe cryptography, which is a time-consuming and complicated process.

As public encryption methods get closer to being broken, if institutions to whom people entrust their digital assets and personal information have still not made this transition, people will start to lose trust and confidence in them. This could lead to serious economic disruption.

That is why both private and public organisations must begin the race to defend against quantum attacks now to secure our personal and commercial data from quantum hackers in the future.

According to a recent study authored by Dr. Michele Mosca and Dr. Marco Piani of evolutionQ Inc and commissioned by the Global Risk Institute in Financial Services (GRI), 50 per cent of the global thought leaders in quantum science and technology who were surveyed believe a quantum threat to current public-key cryptosystems is "about 50 per cent" or more likely to occur in the next 15 years.

Furthermore, 90 per cent of them believe the threat is "about 50 per cent" or more likely to occur in the next 20 years.

This quantum threat to cybersecurity can be mitigated by deploying new cryptographic tools (both conventional and quantum) that are believed or known to be resistant to quantum attacks. Nonetheless, the transition to quantum-safe cryptography is a challenge itself because it requires the development and deployment of hardware and software solutions, the establishment of standards, the migration of legacy systems, and more.

The urgency for an organisation to complete the transition to quantum-safe cryptography relies on three simple parameters: the shelf life time " the number of years the data must be protected by the cyber-system; the migration time " the number of years to migrate the system to a quantum-safe solution; the threat timeline " the number of years before the relevant threat actors will be able to break the quantum-vulnerable systems.

If the threat timeline is shorter than the sum of the shelf life time and of the migration time, then organisations will not be able to protect their data for the required years against quantum attacks. Depending on its own specific shelf life times and migration times, each organisation will have a longer or shorter time at its disposal to implement post-quantum cryptographic solutions.

To help organisations assess the overall urgency of taking action, GRI has made available the evolutionQ quantum risk assessment methodology. The methodology is available at no cost.

The world will soon mark the 20th anniversary of the Y2K challenge " a relatively "simple" two digit programming bug, but which nevertheless took years and over 100 billion dollars to fix. In contrast, ensuring that all of our encryption algorithms are quantum resistant will take many more years of development, and a lot more money.

The bottom line is that whenever quantum computing arrives, we need to be ready for the security challenges it will present. And the time to start preparing is now.

Michele Mosca serves as a special advisor on cybersecurity to the Global Risk Institute. He obtained his doctorate in mathematics at Oxford University on the topic of quantum computer algorithms.

Sonia Baxendale is president and CEO of the Global Risk Institute. She also serves as a director on the board of Laurentian Bank, Foresters Financial, RSA Group, Hospital for SickKids Foundation and Toronto Artscape.

For more insights into China tech, sign up for our tech newsletters, subscribe to our award-winning Inside China Tech podcast, and download the comprehensive 2019 China Internet Report. Also roam China Tech City, an award-winning interactive digital map at our sister site Abacus.

Copyright (c) 2019. South China Morning Post Publishers Ltd. All rights reserved.

Artikel Asli