Image Source: PsiQuantum
Quantum computing represents the next big “moon landing” moment for technological advancement. When it happens – and it will, with researchers getting ever closer to the big breakthrough – it will revolutionise industries and redefine how we engage with computing.
That revolution will come with some significant implications around cyber security. Especially as the threat actors start to make their own breakthroughs.
Australia, with its strategic investments and pioneering research, is determined to become a global leader in this transformative field. There are several reasons for this. One of the big ones is that we’re in a good position to be an ally to the US in its own quantum computing work, as a close ally that the US is confident collaborating with at the most confidential of levels.
A good example of this is that the Australian government has announced a pledge of approximately AUD$940 million to PsiQuantum, a US-based quantum computing start-up. For those that aren’t aware of the company, PsiQuantum has the stated aim of building the world’s first “useful” quantum computer, and is researching an approach to quantum computing that many believe has the most likely chance of success.
The potential of quantum computing in Australia is not just theoretical. It is estimated that quantum technologies could add $6.1 billion to Australia’s GDP by 2045. This would also add another 16,000 new jobs to the economy by 2040. These figures underscore the economic significance of quantum computing and its capacity to drive innovation and job creation.
From a cyber security perspective, quantum computing do pose some unique challenges, and governments, enterprises and organisations need to be aware of these before the technology is in use:
- Decoding Current Encryption: The immense processing power that quantum computers will allow will also allow these computers to solve complex problems at unprecedented speeds, and that would enable them to bypass the encryption locks that currently protect the world’s communications and data. Essentially, passwords will be rendered redundant almost overnight.
- Authentication Risks: Quantum Key Distribution (QKD) is a proposed method for secure communication in the quantum era, but it does not authenticate the transmission source. This could lead to security vulnerabilities where the origin of a communication cannot be verified.
- Infrastructure and Cost: Implementing QKD requires special hardware, which increases infrastructure costs. Additionally, it raises insider threat risks, as the security and validation of QKD itself become a challenge.
- Denial of Service Risks: The reliance on QKD could also increase the risk of denial of service attacks. If the quantum communication channels are disrupted, it could lead to significant outages and affect the availability of critical services.
- Impact on Security Measures: Beyond encryption, quantum computing poses challenges for other security measures such as intrusion detection systems and malware analysis. The advanced capabilities of quantum computers could render current security tools ineffective, requiring a complete overhaul of cybersecurity strategies.
Australia does recognise the urgency to prepare for the quantum era. The Australian Signals Directorate (ASD) is encouraging organisations to transition to Post-Quantum Cryptographic algorithms, which are designed to be secure against quantum attacks. This proactive approach ensures that Australia’s cyber infrastructure remains resilient in the face of quantum threats.
In addition to the government’s recommendations, there are two other steps that all organisations should be undertaking now:
- Establish a Quantum-Readiness Roadmap: This includes engaging with technology vendors to discuss post-quantum roadmaps and conducting an inventory to identify and understand cryptographic systems and assets that may be vulnerable to quantum computing threats.
- Workforce Training: It’s crucial to invest in training the workforce to understand quantum risks and the necessary measures to mitigate them. This includes educating employees about quantum-resistant technologies and the importance of safeguarding IoT devices, data safety, and digital assets from potential quantum computing breaches.
These are areas that Excite Cyber can help organisations draw up the roadmap towards. It might seem like the advent of quantum computing is still some way in the distance, but it’s closer than people might think. McKinsey estimates that there will be 5,000 or so computers in operation by 2030. This might not seem like many but it’s enough that some potential threats will have access to them. For those organisations in critical infrastructure or major enterprises in particular, the time to prepare is now.