Emerging Technologies

Quantum computing will change the cyber landscape, here's why we need proper governance

Quantum computing

Quantum computing is still in its early phases but needs adequate governance for its future. Image: Jeremy Bezanger/Unsplash

Ibrahim Almosallam
Director of Research, Saudi Information Technology Company (SITE)

Listen to the article

  • Quantum computing can process data and information in a manner far superior to that of a classical computer.
  • Proactive governance is key to maximising the technology's benefits, mitigate potential risks and ease the transition into a post-quantum era.
  • A behavioural approach to governance should be considered, alongside technical and procedural ones.

It is hard to underestimate the power of quantum computers. Compared to a classical computer, a quantum computer is like a plane is to a car. They operate fundamentally differently and no matter how fast a car is, it cannot fly over a river. Quantum computers use different physical principles, or quantum mechanics, to communicate and process information in such a way that no classical computer can ever do using classical physics.

A classical computer can only hold one bit of information at a time (0 or 1), whereas qubits in quantum computers can be in a superposition state and have aspects of both 0 and 1 simultaneously. However, the result of an operation will also be in a superposition state and manipulating superposition states to extract the desired answer is the field of quantum algorithms. The focus of this article is on how to govern this technology to ensure a secure future.

A significant moment for quantum computing

We now live in a ‘Wright brothers’ moment’ in quantum computing history. But when a commercial jet version arrives, it will deliver a new leap in information technology similar to what classical computation delivered in the 20th century, and, just like with any general-purpose technology – such as the internet, electricity, and, for that matter, fire – alongside great benefits, comes great risks.

Have you read?

Among the benefits are that quantum computers could be used to simulate quantum physical processes for much faster drug and material design; to accelerate artificial intelligence (AI) development and to provide new levels of security and information communication. But they could also be used to break public-key encryptions, to amplify current AI risks at a faster pace, or be misused in biotechnology to design bio-weapons or other risks.

As such, it is hard to imagine the success of such technologies without strong regulations and governance policies. Can you imagine a world without electricity regulations, internet protocols and fire safety standards? However, even though the risks of quantum computers are well understood, little has yet been done to mitigate them due to the unclear horizon as to their future.

Governance of quantum computing

Proper governance is key to minimizing the risks and maximizing the benefits of quantum computing. However, it is easy to get lost in all the detail about potential benefits and risks and, as an extension of classical computing, it will inevitably inherit them both.

So when forming quantum computing policies, it is more effective to first examine current policies to determine which needs to be:

  • Adopted to address similar risks.
  • Extended to mitigate enhanced risks.
  • Amended to address new or unforeseen risks.

One promising area of quantum computing is optimization, which will accelerate AI development, and, consequently, its risks, such as data bias. Therefore, it is vital to distinguish between what quantum computing will add and what it will multiply.

Three types of approach to governance

Taking cybersecurity as an example, without loss of generality, governance approaches can be grouped into three categories:

  • Technical: Software or hardware hardening, such as stronger encryptions or two-factor authentication.
  • Procedural: Enforced policies and regulations, such as stronger passwords or compliance.
  • Behavioural: Exploiting psychological and social behavior to influence decisions, such as changing defaults, awareness or social pressure.

All three are equally important, but the latter is often overlooked. Procedural approaches are based on classical economic theory that assumes humans are rational, selfish and profit maximizers. On the other hand, behavioural techniques are based on modern behavioural economics that understands that humans are not perfectly rational and are influenced by their emotions and cognitive biases.

There are many ways to mitigate quantum risks through behavioural tactics, but we’ll highlight two examples here.

'Don’t give me time, give me a deadline'

A fault-tolerant quantum computer will be able to break most public-key encryptions that secure our modern communications. Even if the threat is still far away in the future, preparation has to start now because an adversary can store encrypted data today, then retroactively decrypt once the technology is mature enough.

This threat is an excellent example of how all the above tactics can be employed. A technical take on the problem, for example, is to develop new encryption schemes that are quantum-proof, which is already an active field of research in cryptography. Another technical approach is to use quantum key distribution (QKD) protocols – combating quantum computers with quantum communication channels to exchange keys.

On the procedural front, the NIST’s post-quantum cryptography competition and EU’s OpenQKD projects are great examples of putting standards and agreements in place to pave the way for a quantum-secure future.

Loading...

However, people need to be incentivized to walk down this path and this is where we think behavioural approaches can help. Simply raising awareness will not cut it; anti-smoking campaigns being a case in point.

Instead, creating a sense of urgency might be a more effective behavioural approach – such as drawing an artificial deadline to transition to post-quantum cryptography. Deadlines, even if self-imposed, have shown to be effective in improving performance.

For example, after the NIST standards are announced, say within five years that any data encrypted using pre-quantum cryptography would no longer be protected legally. This way, consumers will pressure vendors to provide quantum-safe solutions, and, as a result, vendors will accelerate their transition efforts.

It is well known in the sociology sphere that humans tend to overestimate, and sometimes underestimate, their performance compared to their peers. A famous Swedish study published in 1981 found that 88% of US drivers think they have better than average driving skills.

This is an example of the Dunning-Kruger effect, a cognitive bias whereby people with limited knowledge tend to overestimate their abilities. Although the key term here is “limited knowledge”, it is also shown that people tend to acknowledge their weaknesses and improve themselves with performance feedback, especially when compared to others.

One experiment showed that people worked harder when told they would learn their ranking compared to another group where no feedback was given. We can imagine such tactics working on the macro scale. Accordingly, a global quantum-readiness index can be considered a form of feedback that would help nations assess their performance and track its trajectory.

Moreover, such relative rankings would create the social pressure needed to incentivize governments in order to enhance their quantum readiness. Although, such indices should be designed carefully not to discourage nations at the bottom of the list. For example, by subdividing the lists by regions and diversifying the metrics, such as having a dimension for quantum sensing, governments would be pressed to give it more attention, even if otherwise they are ranked at the top of the overall list.

A new problem that needs a new solution

Quantum computing is a new problem that requires our latest solutions. It is crucial not to let the old threats make us lose sight of the new ones. Behavioural approaches are very effective and inexpensive in that regard.

Discover

What is the Forum doing to avert a cyber pandemic?

That being said, this is not an argument to use behavioural approaches in place of technical or procedural approaches when considering governance for quantum computing, but instead to include them in the mix of possible solutions and considered when designing new quantum computing-related policies.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Quantum Computing

Share:
The Big Picture
Explore and monitor how Quantum Computing is affecting economies, industries and global issues
World Economic Forum logo

Forum Stories newsletter

Bringing you weekly curated insights and analysis on the global issues that matter.

Subscribe today

Here’s why it’s important to build long-term cryptographic resilience

Michele Mosca and Donna Dodson

December 20, 2024

How digital platforms and AI are empowering individual investors

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum