To celebrate Business Continuity Awareness Week and the theme ‘Embracing the challenge of Resilience’, this week’s bulletin has been written on the subject of cyber resilience by Jamie Lees, a consultant at PlanB Consulting. Jamie discusses the features of quantum computing and how it can affect our data.
In today’s world, the use of encryption to secure digital assets has become commonplace. However, as technology continues to advance, encryption methods that were once thought to be virtually impenetrable, are now at risk. Quantum computing has the potential to revolutionise the way we process information, but it also presents significant risks to organisations that rely on encryption and other cryptographic solutions to protect their data.
Consider a scenario where we have lost encrypted data, currently, we would assume the risk exposure to our organisation would be limited. However, what if the threat actor could crack the encryption, either immediately or store this data and crack it in 5 to 10 years? What risk would this present? This is where quantum computing becomes a concern. Quantum computing uses the principles of quantum mechanics to process information, and it has the potential to disrupt and revolutionise cybersecurity.
Quantum computing operates in a fundamentally different way from traditional computers. Instead of using classical bits to store and process data, quantum computing uses quantum bits, or qubits, which operate based on the principles of quantum mechanics.
One of the key differences between qubits and classical bits is that qubits can exist in multiple states simultaneously, unlike classical bits, which can only be in one of two states (0 or 1) at any given time. As qubits can be either a 0, a 1 or in both states at once, a quantum processor can perform multiple calculations simultaneously, vastly increasing its processing power and enabling it to solve complex problems significantly faster than traditional computers.
Another important aspect is the concept of entanglement, which allows qubits to be linked in such a way that their states become interdependent. This means that when the state of one qubit is measured, it affects the state of the other qubit. This property of entanglement allows quantum computing to perform certain types of calculations that would be impossible for classical computers.
In terms of cryptography, this means that quantum computers have the potential to breach many currently used cryptographic solutions, as well as create new ways of encryption. Their ability to calculate significantly faster than traditional computers means that quantum computers can both create new cryptographic solutions, but also break current encryption methods that are currently considered secure, taking the time to break encryption from years, or potentially centuries, to a matter of hours.
In a scenario where the attacker can afford to operate quantum computers, but the victim cannot, this presents a significant vulnerability to an organisation’s cybersecurity. On the other hand, if quantum computing becomes widespread, the likelihood of being attacked by a threat actor with quantum computers increases, however, the impact is likely reduced as it can be assumed that the victim will be able to employ quantum-based defences to match the threat.
As cryptography is a ‘dual-use good’, the likelihood of quantum-based cryptographic solutions being publicly available to organisations is significantly reduced if the primary users of quantum-based processors are state actors, but far more likely if the technology is prolific, similar to current cryptographic solutions. Therefore, the economics of quantum computing is critically important.
While it is likely that the cost and barrier to entry for quantum computing would reduce over time, there would be a window of time where organisations will be especially vulnerable to breaches in their cybersecurity with little answer. Furthermore, any lost encrypted data would now have to be assumed to be unencrypted.
Therefore, the risks of quantum computing are significant, and organisations need to be aware of the potential threat it poses to their cybersecurity. Quantum computing is still a relatively new and rapidly evolving field, however, as we have seen with the rapid adoption of Artificial Intelligence solutions over the last 6-12 months, if it is proven viable, the technology will advance quickly. Risk, Information Security and Business Continuity practitioners should maintain vigilance of quantum’s progress and future implementation. Furthermore, it is essential to consider what data we currently hold, and the impact of its loss to our organisations, even if that data is encrypted, and even if it is not accessed for some time.