The Security Implications of Quantum Technology
Quantum technology has begun and will continue to result in the introduction of new products and services into the global marketplace - all of which have security implications.
It is likely that you have heard the word quantum circulating around the security environment, especially in the media. An Internet search on “quantum technology” will return more than 300 million results.
There are a substantial number of estimates, forecasts and projections about the quantum technology market. For this article I took a number of those figures and averaged them for some projections. Currently, overall financial market estimates of the four main quantum technologies covered here (computing, networking, security and sensors) are all in the billion dollar range. They are all projected to grow at a double-digit compound annual growth rate. As with most emerging technologies, there are few, if any, widely accepted standards, and that is the case when discussing quantum technology.
To ensure we are all have the same understanding of this subject matter, here is some context on the four main areas of quantum technology. First, quantum technology is an umbrella term with multiple sub-categories used to describe a field of science, physics and engineering. As this field continues to evolve, it has begun and will continue to result in the introduction of new products and services into the global marketplace, all of which will have security implications. The sub-categories with high-level, general descriptions are:
- Quantum Computing – an evolving technology that is focused on the use of principles of quantum theory. Quantum Computers uses particles (qubits) rather than bits (with values of 0 or 1). Qubits can be either of those, or a superposition of both 0 and 1 at the same time.
- Quantum Networking – (also called the Quantum Internet) leverages quantum computing that facilitates the transmission or communication of information represented in qubits. Currently, an increasing amount of quantum network development is leveraging quantum encryption.
- Quantum Security – is the umbrella term that leverages the unique capabilities of quantum computing to facilitate offensive and defensive security functionalities.
- Quantum Threats – the term that refers to the ability of quantum computing to break standard and current encryption. Some believe it can also model cyberattack processes that would identify unique insights into the capability.
- Quantum Encryption – (also called
- quantum cryptography) applies quantum mechanics principles to encrypt data and information in a way that cannot be read by anyone other than the intended recipient. If someone accesses the data/communication (even though they can’t read it), their access results in changes that clearly indicate that an unauthorized access has taken place.
- Quantum Sensors (Quantum IoT) – a device that leverages quantum computing and capabilities in electronic/electro-mechanical devices that uses quantum coherence to measure physical quantities or qualities, as well as leveraging quantum entanglement to advance measurements beyond what can currently be done by traditional sensors.
When you examine the current estimates of the global quantum technology market, it is clear that this has already begun to be implemented and used. The majority of current projections of quantum technology growth through 2025 has a double-digit compound annual growth rate (CAGR). There are quantum technology implications that have already begun to impact security. Physical security impact by quantum sensors and digital security impact by quantum computing, encryption and networking must be evaluated by security professionals and here is one reason why.
A number of countries, including the United States, Russia, Europe, Columbia, China Canada and more, have national quantum information science programs/initiatives. Recently, IBM issued a warning about the implications of quantum computer’s abilities to break current encryption capabilities. In May 2018, ZDNet published one of their statements titled, “IBM warns of instant breaking of encryption by quantum computers: ‘Move your data today.’” In April 2019, the Carnegie Endowment for International Peace published a paper titled, ‘Implications of Quantum Computing for Encryption Policy.’ In that paper they stated, “Its (quantum computing’s) future development could reshape many aspects of computing, including encryption.”
Although the impact of quantum computing on encryption has been widely discussed, there has been less attention to how quantum computing would affect proposals for exceptional access to encrypted data, including key escrow. And that is a rapidly growing concern.
Here’s why. A short time ago, the Defense Information Systems Agency (DISA) estimated the quantum computing power that would be required to break low, medium and high levels of current encryption. In addition, IBM discussed their development and advancement of their quantum computing power through the next few years. Using the information from those two organizations, I calculated quantum computing will likely be able to break current encryption. The projected quantum computing power (in qubits) needed to break current high-end encryption will likely be reached in the 2025-2026 timeframe with the lower-level of encryption likely to be reached in the 2023-2024 timeframe. Based on additional information published by Kryptera researchers about AES-128 encryption, using the same data and method as I did here, I calculated quantum computing will likely reach enough power to break AES-128 by 2026 and break AES-256 by 2027. These two calculations are examples that clearly explains why a growing number of security professionals are increasingly concerned about the implications of the evolution of quantum computing.
Some organizations and professionals believe that a number of cyberattacks are currently taking place to collect encrypted data and communications, so that when quantum computers have enough power, they can decrypt valuable and sensitive data and communications.
Quantum key encryption is currently available. There are a few vendors that offer quantum encryption applications for stored data and for communications. Using quantum encryption substantially reduces the projected risks of quantum computers and much more, both now and in the next few years. Currently, some analysts and researchers estimate that by 2025, the global market for quantum encryption will experience double-digit compound annual growth rate as well and the 2025 global market will grow to between $1 and $6 billion from about $300 to 500 million in 2017.
Quantum technology is a tool that is advancing solutions that will have significant consequences and challenges to a number of industries, including aerospace, energy, finance, healthcare, information technology and more.
In 2016, China launched the world’s first quantum communications enabled satellite and has demonstrated its capabilities. An increasing number of thought-leaders and organizations believe the evolution of quantum computing poses substantial security threats. Given the potential time it will take for organizations to address these rapidly evolving threats, security professionals need to move forward now.
Enterprise security professionals should develop a case for action that justifies the need to begin assessing the risks, implications and potential funding needed and time required to address the rapid evolution of quantum technology.
Taking place in parallel, enterprise security should take a continuing education program that explains, at a high-level, the use and application of quantum technology as it relates to security within their organization.
Last, enterprise security should begin to evaluate the accuracy of their enterprise’s data asset and communications inventories and determine what they need to defend against quantum computing capabilities. They should prioritize these inventories and begin to implement quantum encryption now and over the next few years.