To make the most of your techUK website experience, please login or register for your free account here.
Atkins’ Dr Matthew Parish explains why businesses need to start thinking about quantum resistant algorithms now.
The advent of quantum computing promises a wide range of benefits. These includes the ability to efficiently and effectively model complex systems and to solve large optimisation problems, and the benefits increase further when teamed with artificial intelligence (AI). It will enable huge advancements in industries such as finance, logistics and pharmacology, and has the potential to impact all aspects of digital life. But with great power comes great risk. Quantum computing could be used to decrypt passwords, imitate legitimate users, and access your most sensitive information. To protect your organisation, you need to understand your risk, then prioritise and start the steps needed to mitigate it.
Quantum computers operate by manipulating quantum-bits, qubits, which can simultaneously exist in both binary 1 and 0 states. While this can be hard to comprehend, and the maths is 'complex' to say the least, in essence, it means that quantum computers offer a step change in capability: they can solve, with relative ease, many of the problems with which classical computers struggle. This has significant implications – particularly in relation to the cyber security.
Many of the digital services we rely on are enabled by Public Key Infrastructure (PKI), which establishes and manages the encryption that keeps your information secure. You may not be familiar with PKI, but you will be familiar with the applications and services it supports, which include email encryption, user authentication and digital signatures. New paradigms, such as zero-trust architectures, are placing increasing emphasis on PKI and similar techniques – but once a sufficiently competent quantum computer is available, it could potentially compromise all these services. This may mean threat actors spoof users’ credentials, gaining access to your network, fraudulently signing important documentation and stealing information, resulting in dire consequences for your business.
Although quantum computing technology is not yet mature enough to do this, it's not far off; estimates vary, but it is likely that a sufficiently programmable and fault-tolerant quantum computer will be available in the next 10-15 years. While a capable quantum computer is likely to be at least a decade away, there are two risks that must be considered now.
Firstly, there is a risk that your encrypted data is being quietly collected for decryption in the future. It is thought that large quantities of encrypted data are being harvested and stored for the day when a quantum computer is made available, and will then be decrypted on an industrial scale. How would your business be affected should your private communications be made available in 10 years? There may be elements that cause embarrassment or distress, or perhaps even reputational damage, financial loss and a reduction in your competitive edge.
Secondly, there is a risk that your enterprise cannot transition to a quantum resilient state before the development of a capable quantum computer. Migrating a significant proportion of your business’ infrastructure and services needs investment and planning and, to complicate this, there may be instances where quantum resilient and traditional elements must co-exist.
If the horizon for a quantum computer is 10 years, then you don't have long to start your journey. As with any business investment, you will need to first focus on the drivers and work out from there. A quantum readiness review will clarify your needs and identify potential solutions. What is your risk appetite? What are your priority systems, and which parts of your network and your business are most vulnerable? A gap analysis using your risk appetite and vulnerabilities will enable the development of a roadmap for transition. When the overarching approach has been defined, you can then concentrate on developing an achievable programme of activity, based on realistic solutions. However, making significant investment prior to the wide-spread adoption of ‘quantum-safe’ or ‘post-quantum’ cryptographic standards, which are being developed, risks diverging from the market and emerging best practice. That could be a costly mistake.
To protect your systems and data you need to start thinking about post-quantum issues now – understanding where your risk lies, identifying quantum resilient solutions and transition paths, and securing funding to deliver these changes. Quantum computing is advancing fast, and action starts by accepting that it poses both a risk and an opportunity to your enterprise. By placing quantum computing on your planning agenda today, you can make strides towards identifying where your systems’ encryption may place you at risk, consider how to address these risks, and explore the benefits of working with partners and suppliers who can support you through your quantum journey.
techUK's Quantum Working Group focuses on pushing forward the UK's emerging quantum market whilst addressing key challenges hindering commercialisation such as skills, procurement and trade.
For more information please contact:
Head of Technology and Innovation, techUK
Head of Technology and Innovation, techUK
Laura is techUK’s Head of Programme for Technology and Innovation.
She supports the application and expansion of emerging technologies, including Quantum Computing, High-Performance Computing, AR/VR/XR and Edge technologies, across the UK. As part of this, she works alongside techUK members and UK Government to champion long-term and sustainable innovation policy that will ensure the UK is a pioneer in science and technology
Before joining techUK, Laura worked internationally as a conference researcher and producer covering enterprise adoption of emerging technologies. This included being part of the strategic team at London Tech Week.
Laura has a degree in History (BA Hons) from Durham University, focussing on regional social history. Outside of work she loves reading, travelling and supporting rugby team St. Helens, where she is from.
Chartered Engineer and Principal Consultant at Atkins, Atkins