In our Work AHEAD framework, we speak about discovering and inventing new markets, products and processes to succeed in the fourth industrial revolution. Likewise in cybersecurity, R&D, innovation and blue sky thinking are key to remaining one step ahead of potential threats. For organizations right now quantum computing, which is set to completely redefine how IT work is conducted, will prove to be our next generations defining security concern and grace.
With the arrival of quantum computing, the table stakes will change, and a winner takes all race will emerge.
The impeding exponential leap in processing power that quantum computing will usher in will make current encryption methods obsolete. Today most encryption in the cyber realm uses a technology developed in the 1970’s called public-key cryptography. This type of cryptography is largely secure against computing power available today, but with quantum computing which has the capability to calculate at an exponentially faster rate using quantum bits, than binary (our computers today) processors, this encryption suddenly accounts for very little. For example, the fastest binary computers we have today would take 10,000 years to decrypt some of the longest keys available today but with quantum computing, using Shor’s algorithm, this would take as little as 10 hours . Therefore any hacker armed with this technology would be able to wreak havoc on both national and organizational security with impunity.
But when is the shift to quantum computing going to happen? Some say quantum computers will be commercially available to the public by 2040 but as Bill Gates said in his 1994 book, The Road Ahead "We always overestimate the change that will occur in the next two years and underestimate the change that will occur in the next ten.” And this has largely held true. For example, the general consensus was that an AI system would not be able to beat a human in a game of extreme logic like Go for at least another 10-20 years. But in 2016 we saw Google’s AlphaGo do just that. So it’s highly likely that we’ll see quantum computers available to the public well before 2040. But even today we are seeing the first quantum computers being used in commercial applications, in support of cybersecurity no less. In January 2017 D-Wave unveiled its D-Wave 2000Q machine and at the same time announced its first customer, cybersecurity firm Temporal Defense Systems. So these machines are appearing, and while the technology is still in its infancy, the signs of what it will usher in are already here.
But with quantum computing, the opportunity to develop new encryption methods becomes a reality. And with the early stage prohibitive cost of these machines ($15 million ) it’s more than likely that organizations will have them before hackers. For example, Microsoft is working extensively on Quantum computing based cyber security in conjunction with Station Q . Also, new forms of encryption are currently under development in a field of study called Post-Quantum Cryptography which aims to use a beefed-up version of our current public-key algorithms to beat the quantum computers. In addition, security methodologies that completely remove “keys” from networks are developed as a way to defend against quantum computing attacks.
It’s clear this is a subject of great interest for some and great consternation for others, and it wouldn’t be too much of a stretch to dedicate an entire field of study to this area of cybersecurity. What is important to take away is that this is an area organizations need to be keeping a close eye on, as wide-scale adoption of the technology will be a reality within our careers.