A race to develop quantum computing in cybersecurity is underway as governments and the private sector invest in full stack development technology to ensure that organisations’ data are not being targeted by nation-states, according to a news article in technology and business magazine T_HQ.
Are quantum computing algorithms the future of cybersecurity? It would seem so as US President Joe Biden recently signed a National Security Memorandum (NSM) aimed at maintaining U.S. leadership in quantum information sciences. As the war in Ukraine heats up, the U.S. is investing in tech that mitigates the risks of quantum computing to the nation’s security.
According to T_HQ: “The National Institute of Standards and Technology (NIST) will also publish new quantum-resistant cryptographic algorithms that can protect against future cyberattacks. These “quantum-resilient cryptographic standards” being developed by NIST will be vital to ensure the future of secure communications on the internet, officials explained.”
A fact sheet by the Biden Administration notes that: “The process to transition America’s most vulnerable IT systems to these new standards will take time, resources, and commitment. America must start the lengthy process of updating our IT infrastructure today to protect against this quantum computing threat tomorrow”.
What does this mean for (re)insurers and corporates in the US? Must they introduce new quantum security platforms to protect their data from malicious cyber actors?
Duncan Jones, head of cybersecurity at Quantinuum, which describes itself as the world’s first full-stack quantum computing company says that Biden’s announcement has encouraged the right level of focus on the migration needed to achieve quantum security. A holistic approach to quantum skillset is required. It is a vital area for national defence because cybercriminals will use quantum technologies if they can get their hands on it.
In this environment, a report by Dimensional Research reveals that two-thirds of cybersecurity leaders believe that today’s encryption protocols are effectively useless against quantum computer hackers. Half of organizations are not even aware of quantum security threats!
Jones says: “It’s a big undertaking. For small and medium-sized businesses, they just need to wait for their vendors to make the changes for them. But for larger organisations, government agencies, and such, there is a lot to be done. They need to understand what data is valuable and worth protecting. They need to know what cryptography is being used. Knowing this is a big task is planning the migration.
“Cryptography is everywhere today. Companies need to think about how they migrate from vulnerable to quantum-safe systems. These memos make it crystal clear that the US government understands that and wants enterprises and agencies to get on with it. Apart from a few examples, we are in testing phases. We are still waiting for standardized algorithms to approach this. NIST has been working on this for six years. It should be anytime now when they announce it. But even with the announcement, it takes organisations about 18 months of refinement,” added Jones.
According to T_HQ, Jones also highlighted that for organisations to embrace quantum computing in cybersecurity, they do not need to buy a quantum computer. SaaS that can be integrated into existing systems, reducing costs. Corporates must start making migration plans now and invest in the tools and knowledge to understand what sensitive information they have. Quantum encryption key distribution is another area that is still in its research phase. In terms of timescales, cyber experts believe that such technology could be available several years from now, offering another security layer.