Manage the Risks of Quantum Computing

Learning Objectives

After completing this unit, you’ll be able to:

Describe the development of quantum computing and its security implications.
Explain the impact that the development of quantum computing could have on cryptography and broader systemic risks.
List actions to address the challenges associated with quantum computing.

The Development of Quantum Computing

Quantum computers harness the laws of quantum physics to process information and enable information-processing tasks that classical computers cannot feasibly achieve. Classical computing has only two states (on/off, 1/0, true/false) where the only outcome is one of those states (either/or). The power of quantum computing is that it allows multiple states (limitless computations). Using this power, engineers put more transistors on chips, which harness processing power and numerous probabilities as outcomes. Quantum computers will be able to solve computational problems that classical computers were unable to.

Because quantum computing can solve the most complex mathematical problems for organizations—rapidly, in a manner that classical computers cannot—it will be one of the most strategically important emerging technologies in the next 5 to 15 years. Organizations can use quantum computers to solve real-world problems in a matter of seconds or minutes, versus the weeks, months, or years that it takes classical computers to analyze and store information. Your organization could use quantum algorithms to bring about major advances and transformative benefits in a range of use cases. For example, a pharmaceutical company could apply quantum computing to molecular simulations, accelerating drug discovery and materials science. An aerospace company could use quantum computing to find the optimal loading structure for a plane, potentially altering how these companies build aircraft.

Organizations can also use quantum computing to improve AI capabilities by providing a computation boost, enabling AI technologies to tackle more complex problems faster. Some companies and research labs are already offering early versions of quantum computing services. These companies are beginning to engage clients to collaborate on creating the algorithms to realize niche benefits, such as better understanding of COVID-19 and its evolution, and an accelerated pace of developing antivirals and vaccines.

However, even though organizations are making rapid progress in the development of quantum computers, they also face numerous risks that they may need to address to prevent security concerns from threatening adoption. While there is still time to mitigate these risks, individual organizations need to start considering their options.

Broken Cryptography and Broader Risks

The global cybersecurity community already feels significant implications of the development of quantum computing on cybersecurity risks. Let’s take a look!

Disrupting Cryptographic Infrastructures

Enterprises rely on securing data and transactions using cryptographic means for encryption. Quantum computing could pose a cybersecurity risk to this. A sufficiently powerful and error-corrected quantum computer would solve some of the classical mathematical problems on the intractability that many of these cryptography methods rely on. It would therefore have the potential to break the cryptographic security that enterprises and the wider digital economy rely on. Today’s key exchanges, encryption, and digital signatures rely on cryptographic mechanisms to secure network communications. If these encryption methods are broken, the trust of data transmitted or received via the internet would be diminished.

A quantum computer surrounded by symbols of technologies whose encryption could be broken by quantum computing: a shield for virtual private network (VPN), and so forth.

The fortunate news is that both classical and quantum cryptographic solutions that are resistant to this threat (“quantum-safe”) are emerging.

Download Now, Decrypt Later

Organizations may need to take into account the potential future quantum threat to cryptography when making risk decisions today. Organizations currently encrypting their sensitive datasets may believe that this information is protected well into the future. However, with quantum computing,adversaries could steal your organization’s data today and use quantum-enabled decryption in the future to harvest that data. Over time, your organization’s systems may accumulate hundreds of billions of bytes of encrypted data. When their life spans end, if you do not dispose of that data properly, attackers could use quantum computing to unlock a treasure trove of historical data.

Secondary Risks That Arise from Broader Economic and Industrial Transformation

Successful organizations are always looking for a competitive advantage. As industry use cases for quantum computing emerge, organizations will need to consider how they’ll start to adopt it into their business models. However, organizations using quantum computing will also face new security dilemmas. As organizations grow, they may outsource quantum computations on their most valuable intellectual property (IP) to third-party services, which potentially risks adversarial interference within the supply chain.

There is also a risk that organizations may not detect unintended functionalities arising from quantum algorithms that are inherently biased, or that adversaries have manipulated. What exacerbates these challenges is how organizations may lack personnel with quantum expertise, which leads to poor risk management of quantum systems and processes.

Actions to Counter Quantum Security Risk

Quantum Security Risk for Organization Leaders

Organization leaders will need to address the risks to their organization, particularly to:

Assess the materiality threat of quantum computing to cryptography and the organization’s assets.
Ensure that the cryptographic estate (all cryptographic assets and properties owned by the organization) is adequately managed and that plans are in place for transitioning to quantum-safe cryptography within a suitable timeline.
Consider new security threats and mitigations in the face of an attacker with quantum computing capabilities.

Identification and Handling of Distributed Risk

For some shared infrastructures and interdependent sectors, organizations will need to coordinate their actions to achieve quantum safety. It may be unclear who is responsible for driving this transition wherever there is distributed governance and ownership. A sector-by-sector analysis would be valuable to identify where distributed parties must act collectively to address the threat, and whether the responsibility for driving this transition needs to be assigned.

Secure Quantum Development

National governments and industry will need to work together on their investment strategy for developing quantum capability. As organizations develop quantum programs, it’s a smart idea to regularly revisit security dimensions and monitor emerging risks. Organizations may also need to build a workforce that has sufficient expertise to develop secure quantum hardware and algorithms and to maintain their security operationally.

Governance Principles Revisited

Your organization should use standards, governance principles, and regulations to manage the risks of quantum computing. However, the effort to identify the necessary governance principles is still nascent. The practices that your organization may need to adopt will likely need to be revisited and clarified over time.

Equitable Access to Quantum Capability

Quantum technology has the potential to create significant and far-reaching benefits. It’s important to ensure that there is equitable access to the technology across the world to unlock these benefits, and to avoid widening asymmetries in security and industrial capability between nations. Governments need to ensure that the right balance is struck between recognizing the potential benefits of equitable access to quantum capability and the reality about the associated risks.

Sum It Up

In this unit, you’ve been introduced to quantum computing applications and their security implications. You’ve learned more about the impact that the development of quantum computing could have on cryptography and broader systemic risks. You’ve also discovered some of the challenges associated with quantum computing, and suggested actions to address them.

In the next unit, you learn about the different approaches to securing digital identities (IDs), as well as actions to address the challenges associated with doing so. Let’s go!