How the world can prepare for quantum-computing cyber risks
Quantum computing is soon to become a technology of the present. Image: IBM Zurich Lab/Creative Commons
Listen to the article
- Futuristic quantum computing will soon become the technology of the present.
- It will be a positive advancement for many disciplines, but the potential security impacts are generally not fully understood by citizens, organizations, or decision-makers.
- These different audiences need tailored messaging to enable a collective and coordinated response to mitigate the risk associated with this new technology.
- Collective action in advance of quantum computing can offer opportunities to build a new security foundation, which will offer a step-change in our ability to secure our digital infrastructure.
Quantum computers are a technological step-change that look like they could have had their roots in 19th-century science fiction or steampunk art, an aesthetic that blends industrial era imagery like cogs, clockwork, and machine parts with Victorian art and design, and includes futuristic elements like robotics and artificial intelligence
This could be why they are often viewed as computers of the future or part of science fantasy. However, recent advances in the technological underpinnings of quantum computing, as well the required error correction code capabilities, are slowly migrating the conversation from ‘if’ to ‘when’.
When quantum computing becomes more fully available, it will be capable of performing large numerical calculations such as the statistical modelling of chemistry, how we create materials and more accurate predictions of weather patterns.
Along with this modelling ability, quantum computing has the potential to factor large numbers. This could threaten the basis of public-key cryptography algorithms that underpin many of our daily commercial activities such as online payments, secure communications, and a myriad of trusted internet transactions.
Although we still don’t know exactly when this threat will materialize, it is prudent that organizations review their current cryptographic reliance and start to think about when they will need to migrate to post-quantum cryptography.
Post-quantum cryptography is currently being developed under the auspices of the National Institute for Standards and Technology (NIST) and there is reason to be optimistic about the future availability of tools to mitigate the threat posed to cryptography by quantum computing.
How is the Forum tackling global cybersecurity challenges?
Managing cybersecurity risks
As with many types of technology disruption, getting the right messaging to every level of an organization is crucial. This helps determine that there is neither undue alarm nor complacency at either end of the spectrum.
In response, the World Economic Forum's Global Future Council on Cybersecurity (GFC on Cybersecurity) has identified several different audience personas for quantum and drawn up recommendations tailored for each audience type. These recommendations guide audiences on how to approach the cybersecurity risk aspects of quantum computing, and how to take action.
They are particularly useful for chief information security officers who assess specific risks, and for corporate leaders who must understand that risk in the broader organizational and regulatory context. The recommendations help set out the paradigm shift posed by quantum computing advances and ensure that unprepared organizations can mitigate their vulnerabilities.
Policymakers and standards organizations
- Support the development of international quantum cybersecurity and risk management standards for quantum computing
- Promote enhanced quantum awareness among leaders from both the public and private sectors
- Accelerate development of a cybersecure global ecosystem by including quantum cybersecurity technology as an area of focus
Corporate leaders and boards
- Adopt a holistic approach that balances the potential opportunities of quantum computing against the risks
- Understand that risks may be necessary to fulfil various regulatory and legal responsibilities
- Invest in updating information technology systems and technical infrastructure, and prioritize crypto-agility to avoid lock-in and costly future changes
- Invest in the development and acquisition of knowledgeable and skilled staff that understand the technology and the threats
Chief information security officers
- Champion quantum computing concerns within the organization and educate corporate leaders and business stakeholders
- Launch initiatives to assess quantum computing risks and exposures, and establish and/or modify processes to account for quantum computing capabilities
- Build a crypto “inventory” that includes data assets to determine which ones need to be re-encrypted with quantum-resistant cryptographic algorithms
Cybersecurity and privacy practitioners
- Research new quantum-resistant and crypto-agile tools. Once these tools are developed and ready for production, utilize them
- Participate in related public-private partnerships and industry events to broaden and deepen your quantum-based knowledge
- Contribute your business and technical expertise to standards organizations and the global community
End-users and consumers of digital products and services
Data protection laws and policies need to be simplified so that end-users and consumers can understand them. This needs to happen quickly because of the paradigm shift that quantum computing could bring about.
While the GFC on Cybersecurity recommendations are likely to be generally accepted as sound practice, the projected quantum-computing paradigm shift could make unprepared organizations especially vulnerable.
Quantum computing isn’t a threat, but it may be a double-edged sword. While it will create value and may also enhance some elements of security, the less we know about it the more risk we will face. We need to start educating leaders, organizations and citizens right now. And tailoring the message to the right target audience is key.
Under the umbrella of the Quantum Computing Network, the World Economic Forum Centre for Cybersecurity is building a global multi-stakeholder initiative with a view to building a secure quantum economy.
Don't miss any update on this topic
Create a free account and access your personalized content collection with our latest publications and analyses.
License and Republishing
World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.
The views expressed in this article are those of the author alone and not the World Economic Forum.
Stay up to date:
Quantum Computing
Forum Stories newsletter
Bringing you weekly curated insights and analysis on the global issues that matter.
More on CybersecuritySee all
Kate Whiting
December 12, 2024