Planning for risks in the quantum age

Quantum computing is sounding less like a distant sci-fi dream these days, with the pace of investment and scientific advances bringing it closer to reality. These new quantum systems will bring new opportunities, but also threaten some of our existing cybersecurity fundamentals.

Organisations must start thinking about, and planning for, how they respond to these threats. As part of Cyber Security Awareness Month this October, the Australian Cyber Security Centre (ACSC) has nominated planning for the quantum future as one of four recommended priority areas.

However, discussions about quantum often end up full of mystique, jargon, hype and misunderstandings. We need a clear understanding of the true risks and potential responses to ensure a focus on what matters and avoid getting swept up in panic and poor decision-making.

It is important to realise that quantum computers will not just do the same calculations as today’s computers only faster, better or cheaper. They don’t work by trying all solutions at once, and they don’t leverage computational power across multiple universes.

Instead, quantum computers enable certain new types of calculations that are impossible using current computers. Finding such types of calculations is an active area of research. One such discovery, back in 1994, was Shor’s algorithm, which uses quantum computers to factorise large numbers.

This might sound esoteric, but it could impact certain forms of encryption—but not all. The risk is not about sensitive stores of data, but how we secure data sent across networks. To keep such data confidential, we rely on a special type of encryption called public/private key encryption. A sufficiently large and accurate enough quantum computer could potentially allow someone to decrypt such data and see the data sent across the network.

Today’s quantum computers are small-scale, experimental prototypes that will need a lot of scientific and engineering work to scale up to the point where this could be feasible. Estimates vary, but such a scenario is probably between five and 15 years away.

The first such systems will be big, scarce and expensive. Each one will probably take several days to decrypt a single session of network traffic, with a likely six-figure cost just for the electricity required for such a calculation. Anyone with access to such a system would undoubtedly focus on high value targets.

Therefore, there will be no mythical ‘Q-day’ when suddenly all encryption becomes useless. Instead, there will be an increasing risk to traffic sent across public networks.

This means that when addressing the threat, organisations need to start with systems sending data that is of the highest value to adversaries that have such quantum computers.

One risk is the ‘harvest now, decrypt later’ strategy. Some data sent across a network today could be of value to someone in the future, so there is a chance they could collect it and store it for future decryption—if they are well-resourced, patient and willing to spend their future scarce quantum computing resources on you.

Various esoteric quantum-based solutions have been suggested to address this risk. However, quantum random number generators provide no protection against this threat, while quantum key distribution technology is far too immature for widespread deployment today. Fortunately, there is a solution called ‘post-quantum cryptography’—basically some new maths for public/private key encryption—which can be implemented generally as a software upgrade on existing computing hardware.

To help organisations get started on this upgrade process, ACSC published this year a proposed ‘LATICE’ framework. The first three steps are to ‘Locate’ where you may be using encryption that could be vulnerable, ‘Assess’ the risk, and then ‘Triage’ to decide the priority action. The triage step is vital, because upgrading everything will be a long-term, complex program of work. We must most urgently complete the upgrade of high-risk systems and start the upgrades that will take a long time to complete.

However, the ACSC has confused matters by setting an ambitious target of 2030 to complete all upgrades. Maybe this is a stretch target to encourage starting work as soon as possible, but it could cause unnecessary and harmful panic. A tight deadline will incentivise organisations to rush and to measure upgrade progress by volume, rather than prioritising by risk.

Unnecessarily rushed migration and implementation of new complex standards risks introducing new vulnerabilities. Major vendors such as Microsoft have said some of their systems won’t be upgraded until 2033—so do we expect Australian organisations to replace such products by hand-crafted bespoke solutions to meet a 2030 deadline? Most of our partners have taken a much more nuanced approach. Britain’s National Cyber Security Centre, for example, recommends upgrading high risk systems by 2030, and all systems by 2035.

We do need to avoid complacency, even if widespread quantum computing may be several years away. Organisations should start as soon as possible to assess what could be vulnerable and plan the necessary upgrades. However, don’t be panicked by an artificial deadline. There will be no such thing as Q-day when everything is broken at once. Instead, follow the advice to calmly locate, assess and triage to determine your highest priorities, and start there.

This article was originally published on InnovationAus.