Just a few years ago, quantum computing felt like something of a fantasy, a dream that belonged to the distant future. But how quickly things move on. Now, quantum is much nearer than many people think. It may only be 5-10 years before its use is quite widespread. Already, there are viable quantum technologies available on the market and some big tech players have formed a deep understanding of the topic. And in the TMT sector and elsewhere, those at the front of the pack are setting up specialist units to make an assessment of the opportunities – and the threats.
It’s important to recognise both sides of the equation. Without doubt, quantum computing will open up whole new possibilities. But it also brings risks, especially around cyber. Put a powerful quantum computing capability into the hands of a bad actor and their ability to crack codes and break into systems will be exponentially increased.
It was therefore fascinating and timely to hold a panel discussion event recently with some highly knowledgeable participants. I was joined by Michele Mosca, CEO of evolutionQ, a specialist in quantum-safe cyber security; Dr Daniel Shiu, Chief Cryptographer at ArQit, that specialises in quantum encryption technology; and Vincent Van Wingerden, Technical Architect at Azure Quantum at Microsoft.
A quantum of positive opportunities
Firstly, to the positives. Quantum computing will enable us to calculate things that we just can’t calculate right now. It could have huge and positive benefits in areas like science and medicine. It could also be a powerful tool across business sectors. In TMT, for example, it could help telco businesses with the planning of the complex movements of their fleets of field engineers, instantly recalculating and re-planning when any disruptions or unexpected events occur. Anything relating to data, probabilities, permutations, forecasts, models, logistics – quantum will potentially change the game.
Ultimately, when quantum computers are used everywhere it will also lead to better security as Vincent Van Wingerden observed when he said: “Theoretically, quantum computers will allow us to send signals that are completely safe.”
The quantum cyber threat
The challenge, though, is getting there. Because many of the forms of communication and security we use now – commonly based on public key encryption (asymmetric cryptography) – will be wide open to quantum capabilities.
As Michele Mosca said: “Cryptography is a foundational piece in today’s digital infrastructures and security. Not all cryptography will be vulnerable to quantum computing, but many current forms will. Public key encryption could be decimated by it. Past communications, for example, such as those via video calls or through VPNs that have been recorded and stored could be hacked into through quantum. That ship has sailed.”
A problem for today, not the future
This is a ‘now’ problem not an issue for the future – because much of the technology currently being deployed by businesses will still be in use in 15-20 years’ time. That’s why thinking about quantum and quantum-readiness needs to start today.
However, in a snap poll that we carried out at the event, 45 percent of attendees said the quantum threat was not on their business’ radar at all; 30 percent have only had early discussions; and just 25 percent have engaged with experts to protect the business.
Getting to grips with quantum now makes sense on many levels. No one wants to be left behind in something that could ultimately revolutionise their industry. And it makes financial sense too. It is not expensive to invest in quantum, because you don’t need to buy any hardware or software – it’s all in the cloud. The cost is the people resource you put onto it. It’s worth remembering that it’s cheap to get started now, but expensive to catch up later.
Quantum Risk Assessment
So where should you start? A good place is with a quantum risk assessment. It’s an area that we’re starting to work with growing numbers of TMT clients on – identifying risk points, establishing a roadmap to address them and thinking about the lifecycle management that will be needed.
One of the most common problems, as Daniel Shiu pointed out, is that businesses frequently don’t know where they are using public key encryption: “Public key encryption presents a massive attack surface via quantum. Businesses don’t know how vulnerable they are because they don’t actually know where public key encryption is being used across their enterprise.”