As technology grows and advances, potential cyber threats grow with it. While this notion is nothing new, the current speed of innovation makes it more important than ever to consider the implications these developments will have on our cybersecurity capabilities — especially with cybercriminals becoming more sophisticated and more adept at using emerging blind spots to their advantage.
Cybercriminals are already finding new ways to hack existing systems — increasingly targeting physical entities like critical infrastructure — and too often we are finding ourselves reacting to the situation, attempting to mitigate damages after the fact. We simply need to be better prepared. And while that is far easier said than done, what we can do — right now — is stay as informed and as educated as possible on the implications of these giant technological leaps. These advancements will undoubtedly accelerate the rate at which we see cyber threats emerge, making cybercriminals potentially even more dangerous.
In this first part of my “Emerging Tech, Evolving Threats” series, we will initiate an exploration of a technology that is simultaneously pushing society forward and opening new doors for cyberattacks.
Traditional computers and computing systems operate on binary bits — information processed in the form of ones or zeroes. Quantum computing, on the other hand, transmits information via quantum bits, or qubits, which can exist either as a one or zero or both simultaneously. So rather than having to perform tasks sequentially like a traditional computer, quantum computers can run vast numbers of parallel computations. But what does that mean in terms of manifestable power? In 2019, Google resolved a calculation on a quantum computer in just minutes that would have taken a classical computer more than 10,000 years to complete.
Fortunately, the ubiquitous presence of such power yet lies a way off, which suggests we should have time to prepare ourselves. Many people think that quantum computing most likely will not be realized in the near term. In fact, John Donohue, scientific manager at the University of Waterloo’s Institute for Quantum Computing, notes “the [quantum computing] community is pretty comfortable saying that’s not something that’s going to happen in the next five to 10 years.”
Here is why that projected timeline is so important. The practical implications of such technology may not become fully clear or appreciated until it arrives. Notwithstanding that, some of its game-changing implications are already fully grasped. The cybersecurity world must, consequently, start preparing now. NIST is one organization that already is grappling with the implications of the fact that one of the most widely used schemes for safely transmitting data is poised to become obsolete once quantum computing reaches a sufficiently advanced state.
The cryptography systems that provide the safety architecture for a plethora of privacy protocols supporting everything from retail transactions to email communications, have relied on the fact that the computing power required to explore every possible way to decrypt your data was not heretofore available. A quantum computer, however, could attempt every possible decryption option in a matter of hours.
As previously mentioned, all new technological leaps come accompanied with corresponding new threats — and that has created quite the conundrum. While cryptography professionals scramble to gain more time and information with which to secure our data from quantum computers, pursuit of the technology’s numerous potential upsides is not slowing — from drug discoveries to biological engineering to financial modeling.
While other the industries will be drastically changed and will benefit from the introduction of quantum computing, cybersecurity stands poised to be entirely upended. In the past months, we’ve seen the damage hackers can cause using AI and machine learning to carry out various types of malware and, more recently, ransomware attacks to cripple critical infrastructure. Threat actors can leverage the strengths of quantum computing to create novel approaches to breaching current cybersecurity practices.
It's important that the cybersecurity community act now in order to sufficiently defend against the potential threat that comes with quantum computing. While it might strike some as premature to start building a defense against a threat or vulnerability potentially 10+ years away, it actually takes more than 10 years to replace the existing and widely used web standards. It is, therefore, vital to explore and address potential quantum attack vectors now, instead of waiting until the emergence of general-purpose and commercial quantum computers.
If done properly, the quantum computing technological leap can bring about enormous, cross-industry change benefiting the lives of millions. If overlooked or underestimated, the cyber vulnerabilities it brings with it could bring consequences the likes of which have never been seen before. More on these challenges in my next column.