Quantum computing: How should cybersecurity teams prepare for it?

The late Field-Marshall Archibald Wavell wrote of the Malayan Campaign, “The story (…) is typical of the British way of war, and therefore begins with a complete lack of preparation.” I often think about this quote as I seek to understand the emerging threats to our critical national infrastructure. Which of the myriad threats are we actually preparing to defend against?

Adapting to change

Our community – that is, technologists, mathematicians and information assurance professionals – has generally adapted well to changes in the technology landscape.

At the start of the Cold War, the western security apparatus sought to understand the actions of their adversaries by intercepting radio signals bouncing off the ionosphere and analyzing the messages they carried. Later, when the Soviets moved to microwave transmissions, that same security apparatus deployed cutting-edge line-of-sight interception techniques.

Then, in 1977, after the Soviets began to successfully encrypt their communications, the NSA launched the Bauded Signals Upgrade program, delivering a supercomputer designed to compare encrypted messages with elements of plain text transmitted by mistake, allowing the agency to break many of the Soviets’ high-level codes. Time and time again, our innovation has kept us safe, but only when we have prepared to meet the threat.

Quantum information theory, which has been explored since the beginning of the 20th century, has led to an exciting yet dangerous new prospect: new quantum algorithms to solve computational problems which have thus far proven to be intractable – or at least unachievable within a useful period – by classical computers. One such problem is the breaking of the Advanced Encryption Standard, a key pillar of modern data encryption.

A joint research team of engineers from Google and the Swedish Royal Institute of Technology published a study that theorized the breaking of a 2048 bit key in just 8 hours, something that would take today’s classical computers over 300 trillion years. The catch? This theory requires a 20 million-qubit computer, and the largest quantum computer that exists today has only 65.

Their study, alongside many like it, tells us that quantum technology will present the greatest threat to the security of our critical systems in the history of computing. It may even be useful to us in future conflicts. However, quantum computers will need considerably more processing power than is available today and will require a significantly lower error rate if they are to be utilized for cyberspace operations.

To meet this challenge, institutions across the world are rushing to develop quantum computers that are capable of delivering on the promising theory.

The U.S. National Institute of Standards and Technology is currently evaluating over 60 methods for post-quantum cryptography, quantum key distribution, and other security applications. Early indications are that quantum technology will provide an ability to detect, defend, and even retaliate against all manner of future threats.

Away from security, most people understand that quantum computing has immense potential for good – with applications in the scientific and medical research fields easy to imagine. However, this vast computing power could also be used to undermine the classical computer systems that our nation relies upon so heavily.

Quantum computing benefits: Preparing for the future

How can we prepare for the benefits of quantum computing, whilst defending against its malicious use by our adversaries?

It is well known, for example, that MD5 and SHA1 are still deployed extensively across computer systems, despite being depreciated for nearly ten years. Similarly, our critical infrastructure is littered with single points of failure and outdated technology. Quantum technology will not fix these issues, and they will be exploited by our adversaries’ quantum computers.

For those organizations not involved in the development of quantum computers, preparatory actions are clear. We must urgently overcome our inability to keep existing computers secure; the quantum computer of the future will be of little use if we fail to break our dependency on legacy technology and poor management practices today. And as quantum computing improves, we must remain in front of our adversaries by leveraging new technology before it is adopted by those who wish to do us harm.

The question then becomes this: what, precisely, are the benefits of quantum computing? It is a good question that doesn’t have a good answer. Quantum computing is far too immature for any immediate real-world application or for us to see the benefits that its theory promises. We can make some educated guesses, though.

Peter McMahon, Applied and Engineering Physics at Cornell University, writes of quantum computing capabilities, “We’re trying to find something useful we can do with a near-term quantum computer that would answer a question in quantum gravity, or high-energy physics more generally, that couldn’t be answered otherwise, for instance, can we simulate a model of a black hole on a quantum computer? Would that be useful? We don’t know if we’ll find anything, but it’s very interesting to try.”

I think that McMahon’s comment captures perfectly the wonder and curiosity surrounding quantum technology; we don’t know, specifically, what its application will be, but the possibilities are exciting.

Take, for example, a problem faced by cyber defenders daily: monitoring data ingress and egress relies largely on linear pattern matching. Traditional computers process these patterns in a linear form – that is, ruling each pattern in-or-out one by one – whereas a quantum computer’s non-linear processing could observe and compute all traffic patterns at once, whilst also updating the threat model of the platform and introducing new traffic controls, all without manual intervention.

Whilst all quantum benefits are only theorized at this stage in the technology’s development, smart organizations will be adapting their strategy over the coming years to account for a quantum future.