Cybersecurity

Why we need to solve our quantum security challenges

The interior of an IBM-designed quantum computer

Quantum technology could make current cybersecurity systems obsolete Image: IBM Research on Flickr (CC2.0)

Louise Axon
Research Fellow, Global Cyber Security Capacity Centre, University of Oxford
Sadie Creese
Professor of Cybersecurity, University of Oxford
Jamie Saunders
Oxford Martin Fellow, University of Oxford
William Dixon
Global Head, Research, ISTARI
  • The quantum computing age is growing ever closer - and it could render current encryption systems obsolete.
  • These risks could also prevent this technology's true value from being realised.
  • Addressing this issue requires action at the national and global levels - now.

Last week, the industrial giant Honeywell announced that it has built the world's fastest quantum computer, overtaking their main competitors IBM and Google in a technological arms race that has the potential to unlock trillions of dollars of value to the world’s economy.

Using lasers to target atoms suspended in absolute-zero temperatures, Honeywell took the world one step closer to a quantum future that will bring about major advances across industries including healthcare, computing, finance and mobility, but most notably security.

Have you read?

The most significant implications of this technological arms race are increasingly being felt by the global cybersecurity community. This is because quantum computing has the potential, if used maliciously, to break the systemically important cryptographic underpinnings of the infrastructure on which enterprises and the wider digital economy rely. Furthermore, the community has to act now to ultimately ensure security and strategic advantage issues don’t become major barriers to fully realizing the potential transformative value of quantum technology.

Which sectors will create the most value with quantum computing?
Which sectors will create the most value with quantum computing? Image: McKinsey & Company, Viva Technology

Quantum technology and the security ecosystem

At a recent meeting of the World Economic Forum Centre for Cybersecurity’s Future Series, a group of leading global technology, security and policy experts discussed the strategic cybersecurity issues arising from quantum technology. There are two major sets of challenges that require collective action by the global community:

1. Quantum computing has the potential to break the encryption on which most enterprises, digital infrastructures and economies rely

The sheer calculating ability of a sufficiently powerful and error-corrected quantum computer means that public key cryptography is "destined to fail", and would put the technology used to protect many of today’s fundamental digital systems and activities at risk. The key exchanges, encryption and digital signatures that protect financial transactions, secure communications, e-commerce, identity and electronic voting all rely on mechanisms which would be made redundant in such a scenario.

Businesses and governments could be rendered unable to ensure the confidentiality, integrity and availability of the transactions and data on which they rely. Ultimately, this could put all our data at risk. While the timeline and potential impacts are debated by technology and security professionals, there is a clear potential future threat relevant to the risk decisions being made today. This is especially the case where sensitive data and systems currently being rolled out have long lifespans, such as in the healthcare sector, satellites, transportation vehicles and industrial control systems - all of which could be in operation for decades.

Discover

How is the Forum tackling global cybersecurity challenges?

The global ecosystem has created – and is increasingly rolling out – a range of shared infrastructures with distributed ownership and governance. Where these systems have long legacy tails, a collective dependence on cryptography that may be at risk already exists. This comes at a time when hyper-connectivity is leading to increasingly shared architectures, interconnected systems and interdependent business models. Infrastructure including the security of the internet's architecture itself is underpinned by implementations of public-key cryptography (for example, SSL, TLS and HTTPS) that are distributed globally and which could be at risk.

2. The geopolitics of quantum technology could act as a barrier to unlocking its full value

National security concerns over sovereignty, and maintaining control over strategic capability, could also act as major barriers to unlocking the potential transformative value of quantum technology in the wider economy. Quantum technology has the potential to be game-changing for national security and the information race, and there is a real risk that competition will interfere with international collaboration and widen asymmetries in security and industrial capability. National governments are putting significant investment into the development of sovereign quantum technologies and skills, and several countries have already placed quantum technologies on their lists of controlled goods.

Complex security challenges can already be identified. These include communicating how quantum algorithms have made decisions (explainability), ensuring that the algorithms actually do what they purport to do and are not inherently biased (verification), and certifying the results they produce. While this issue exists for artificial intelligence (AI, other more transformational risks – including misuse by criminals and other actors – also exist.

Loading...

Responding to the quantum security challenge

Addressing these risks requires action now both at an individual enterprise as well as at a collective level. An approach similar to the global technology councils that emerged to manage AI might be required to govern the full range of global governance principles and models as quantum technology rolls out. A list of principles could include promoting the ethical use of quantum resources or ensuring that quantum infrastructure is not used to break standard encryption, as well as enabling equitable access so that 'quantum poverty' doesn’t emerge.

One key step will also be building ‘quantum literacy’ across the ecosystem at an enterprise and policy leadership level. There is an need to educate and train leaders on what is meant by quantum technology; its different elements, when it might become available and at what rates, the nature of the associated risks and how they apply to organizations, and what, therefore, needs to be protected. Enterprise leaders are among the first who will need to make judgements on the materiality of the quantum risk to their business and decide when and how to act. There is also a need for a sector-by-sector analysis to explore where there are distributed industries who need to move together to address the threat collectively; this is most important when the responsibility for driving this transition is unclear.

Incentivizing the adoption of quantum-resistant cryptography is a possible solution – but to secure the global ecosystem, policy and governance initiatives will be needed. Standards such as NIST's post-quantum cryptography challenge can clarify the practices that should be adopted by individual organizations, and by ensuring international interoperability of these and similar standards we can take a critical step in enabling broader adoption across the globe.

Conclusion

As a strategically important technology, and one that is generating record amounts of investment, we are at a tipping point in the quantum arms race that is developing between nations. The technology has the potential to generate major and systemic risks to the ecosystem, which – unless we act collectively in order to address the obstacles – might act as major barriers to unlocking the true value of quantum technology. This offers an opportunity, especially to the cybersecurity community, to pioneer the principles, approaches and multi-stakeholder ecosystem that will be crucial in building the trust required to fully harness the promise of this new technology.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Quantum Computing

Share:
The Big Picture
Explore and monitor how Quantum Computing is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

5 ways to achieve effective cyber resilience

Filipe Beato and Jamie Saunders

November 21, 2024

We asked 6 tech strategy leaders how they're promoting security and reliability. Here's what they said

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum