The Quantum Threat
Quantum computers will soon be commercially available, and code-breaking versions are close behind. Unexpectedly rapid progress in their development means they are now a business risk, one requiring mitigation strategies today.
Countdown to Quantum
In 2014 the National Institute of Standards and Technology (NIST) suggested that a quantum computer capable of breaking 2000-bit RSA would be built by 2030. Since then, large tech companies including Google, IBM, Microsoft, and Intel have committed tens of millions of dollars to the race lead in the quantum space. Alongside this, VCs have invested over a hundred million dollars in quantum computing start-ups. The private sector is showing confidence in the field.
Compounding this commercial activity, the National Security Agency (NSA) warned in 2015 that progress in quantum computing had reached a point that organisations should deploy encryption algorithms that are thought to withstand attacks from such machines.
We expect an organisation to announce quantum supremacy – the point at which a quantum computer’s capabilities exceed those of classical computers, predicted to be around 50 qubits – in the next few years.
These developments have implications for data encrypted today for security. Today, there is some comfort for businesses in knowing that sensitive data, if encrypted, is safe even if it is stolen. The prospect of code-breaking quantum computers changes this risk profile: encrypted data lost in a breach this year could be accessed in the future. We know that some data is stolen today with precisely this in mind.
Sensitive or confidential business data may have a lifespan of 5, 10, even 20 years. Certain data remains of value to a competitor many years after its creation, whether it covers R&D in a pharmaceutical business, geological surveys in the energy industry, trading data in financial services, or budgeting, strategic plans, and personal information in professional services.
Similarly, the lifetime of certain equipment and devices (especially those part of the Industrial Internet of Things), as well as (autonomous) automobiles and logistics vehicles means that particular consideration of the quantum computing threat is needed. All communication with these, whether for gathering data or updating software remotely, must be protected from code-breaking quantum computers, since they will continue to be in operation years beyond even conservative estimates for quantum’s emergence.
We help organisations meet these challenges, with quantum-resistant encryption that can be deployed in today’s networks and commercial products, replacing or complementing existing systems.