How quantum computing risks turbocharging cyber attacks

Heads are still reeling from the massive leap forward AI offers. But quantum computers are set to take this to the next level, and with it a host of security risks.

Rita Gatt

3 min read

2:00PMMarch 12, 2024

The Australian Business Network

Quantum computers are set to be available by the end of the decade.

Last year, generative artificial intelligence exploded on to the scene after years of cautious and deliberate investment and development, shocking the world with its inherent potential for economic gain and economic disruption.

Collectively, our heads are still reeling from this massive leap forward. However, we need to prepare for more change. Gen AI is far from the only future-orientated technology that has been in development for many years. We are now very close to the deployment of quantum computing technology, and its impact on all our lives will be just as consequential as Gen AI is proving to be.

Quantum computing, like AI, has been the subject of extensive long-term research aimed at solving complex problems using quantum principles. Governments, organisations, and researchers have invested over $30bn into the technology globally in 2022 alone, with Australia contributing more than $130m. It is estimated that QC technology could be accessible to organisations like corporations or universities by the decade’s end.

This has many positive implications – but it also has extremely disruptive potential, particularly in the fields of cybersecurity and cybercrime. Headline-making critical cyber incidents are already growing in prevalence and, according to the World Economic Forum, represent one of the major risks facing the global economy.

Governments, business, and other organisations need to be aware that QC technology can turn this headache into a heart attack. Let me explain. At its core, quantum computing represents a departure from classical computing, the prevalent mode used in devices such as iPhones, laptops, and supercomputers.

A cryostat from a quantum computer stands during a press tour of the Leibniz Computing Center. Picture: Sven Hoppe/dpa

Quantum computers leverage quantum bits, based on the principles of quantum physics, primarily superposition and entanglement, to achieve unprecedented processing power.

Superposition allows quantum systems to exist in multiple states simultaneously, enabling quantum computers to process millions of operations concurrently. Entanglement, a phenomenon where particles are interconnected even when they are distanced from one another, enhances computational efficiency by allowing quantum computers to solve complex problems at an accelerated pace.

The bottom line is that quantum computers’ estimated speed surpasses their classical counterparts by more than 100 million times. Tasks deemed unfeasible for classical computers, requiring over 40 years for completion, can potentially be unravelled in seconds through the process of quantum computation.

This has vast implications for existing digital security infrastructure, which is safeguarded by cryptographic algorithms that could be cracked in minutes by the brute force of quantum computing. If the technology falls into the hands of bad actors – and it most certainly will – then new vulnerabilities will emerge across encryption, code signing, and signature validation, jeopardising data confidentiality, software integrity, and connection authenticity.

The quantum threat extends beyond cryptographic algorithms, posing risks such as increased data breaches, compromised internet and message exchanges, potential breakdowns in cryptocurrencies, challenges to the integrity of digital documents, and the risk of “harvest now, decrypt later” attacks (which is when data is stolen and held until the technology necessary to decrypt it becomes available).

Inside IBM’s Quantum Lab.

To repeat, the proliferation of this technology is not far away, so we must prepare. Security specialists will need to reimagine their strategies, C-suite executives must leverage quantum capabilities to revolutionise products and services, and board members, risk professionals, and regulators should be prepared to scrutinise organisations on readiness and ethical considerations.

The integrated nature of modern supply chains necessitates the development of quantum-safe strategies across industries. This won’t be easy, with potential timelines for large organisations developing and implementing these strategies spanning over a decade. Industries such as banking, healthcare, and telecommunications will need substantial updates to integrate post-quantum cryptographic algorithms across software networks.

It would be easy to dismiss quantum computing cybersecurity concerns as Y2K style hysteria. That would be wrong because those in the know take the issue seriously. Recommendations from groups like the USA’s National Security Agency and the National Institute of Standards and Technology emphasise the urgency for organisations to develop secure quantum readiness plans.

A structured approach involves establishing a dedicated quantum task force, conducting discovery activities to unveil cryptographic vulnerabilities, engaging with suppliers to understand potential exposures, and assessing risks and prioritisation outcomes.

The integration of quantum computing into our technological landscape represents a seismic shift that demands proactive measures to mitigate security risks, transition towards quantum-safe technologies, and strategically prepare for the quantum era.

Collaboration between governments, organisations, and researchers is crucial to navigating the challenges of the quantum in order to maximise QC’s benefits while minimising disruption.

Rita Gatt is national lead partner, regulation, security and risk at Deloitte Australia.