17 Jul 2023
by Matthew Parish

The impact of quantum computing on your security: a call to action

Atkins’ Dr Matthew Parish explains why businesses need to start thinking about quantum resistant algorithms now.

The advent of quantum computing promises a wide range of benefits. These includes the ability to efficiently and effectively model complex systems and to solve large optimisation problems, and the benefits increase further when teamed with artificial intelligence (AI). It will enable huge advancements in industries such as finance, logistics and pharmacology, and has the potential to impact all aspects of digital life. But with great power comes great risk. Quantum computing could be used to decrypt passwords, imitate legitimate users, and access your most sensitive information. To protect your organisation, you need to understand your risk, then prioritise and start the steps needed to mitigate it.

What are the security implications of quantum computing?

Quantum computers operate by manipulating quantum-bits, qubits, which can simultaneously exist in both binary 1 and 0 states. While this can be hard to comprehend, and the maths is 'complex' to say the least, in essence, it means that quantum computers offer a step change in capability: they can solve, with relative ease, many of the problems with which classical computers struggle. This has significant implications – particularly in relation to the cyber security.    

Many of the digital services we rely on are enabled by Public Key Infrastructure (PKI), which establishes and manages the encryption that keeps your information secure. You may not be familiar with PKI, but you will be familiar with the applications and services it supports, which include email encryption, user authentication and digital signatures. New paradigms, such as zero-trust architectures, are placing increasing emphasis on PKI and similar techniques – but once a sufficiently competent quantum computer is available, it could potentially compromise all these services. This may mean threat actors spoof users’ credentials, gaining access to your network, fraudulently signing important documentation and stealing information, resulting in dire consequences for your business.

Although quantum computing technology is not yet mature enough to do this, it's not far off; estimates vary, but it is likely that a sufficiently programmable and fault-tolerant quantum computer will be available in the next 10-15 years. While a capable quantum computer is likely to be at least a decade away, there are two risks that must be considered now.

Firstly, there is a risk that your encrypted data is being quietly collected for decryption in the future. It is thought that large quantities of encrypted data are being harvested and stored for the day when a quantum computer is made available, and will then be decrypted on an industrial scale. How would your business be affected should your private communications be made available in 10 years? There may be elements that cause embarrassment or distress, or perhaps even reputational damage, financial loss and a reduction in your competitive edge.

Secondly, there is a risk that your enterprise cannot transition to a quantum resilient state before the development of a capable quantum computer. Migrating a significant proportion of your business’ infrastructure and services needs investment and planning and, to complicate this, there may be instances where quantum resilient and traditional elements must co-exist.

Getting ready for quantum

If the horizon for a quantum computer is 10 years, then you don't have long to start your journey. As with any business investment, you will need to first focus on the drivers and work out from there. A quantum readiness review will clarify your needs and identify potential solutions. What is your risk appetite? What are your priority systems, and which parts of your network and your business are most vulnerable? A gap analysis using your risk appetite and vulnerabilities will enable the development of a roadmap for transition. When the overarching approach has been defined, you can then concentrate on developing an achievable programme of activity, based on realistic solutions. However, making significant investment prior to the wide-spread adoption of ‘quantum-safe’ or ‘post-quantum’ cryptographic standards, which are being developed, risks diverging from the market and emerging best practice. That could be a costly mistake.

To protect your systems and data you need to start thinking about post-quantum issues now – understanding where your risk lies, identifying quantum resilient solutions and transition paths, and securing funding to deliver these changes. Quantum computing is advancing fast, and action starts by accepting that it poses both a risk and an opportunity to your enterprise. By placing quantum computing on your planning agenda today, you can make strides towards identifying where your systems’ encryption may place you at risk, consider how to address these risks, and explore the benefits of working with partners and suppliers who can support you through your quantum journey.

Visit our website to discover more about Atkins’ cyber security expertise.


The voice of the UK tech sector is shaping UK Quantum policy 

Join techUK's Quantum Working Group

techUK's Quantum Working Group focuses on pushing forward the UK's emerging quantum market whilst addressing key challenges hindering commercialisation such as skills, procurement and trade.

Join here

 

Latest news

Quantum Image.png

The Regulatory Horizon Council publish report on regulation for quantum technology applications

All insights

 


For more information please contact: 

Laura Foster

Laura Foster

Head of Technology and Innovation, techUK

Authors

Matthew Parish

Matthew Parish

Chartered Engineer and Principal Consultant at Atkins, Atkins