Now that quantum computers are moving from theory into the realm of experimental, many cybersecurity professionals are starting to appreciate a simple fact: Computers capable of cracking the most sophisticated encryption algorithms are on the horizon.
A survey of IT leaders from 400 organizations conducted by ReRez Research on behalf of DigiCert, a provider of encryption tools, finds 71% view the emergence of quantum computers as a threat to cybersecurity. The majority of those respondents expect quantum computers will be employed to crack encryption codes within the next three years.
A full 95% of respondents said they are already discussing at least one tactic to prepare for post-quantum cryptography. One-third said they have already established a post-quantum cryptography budget, while 56% said they are working toward establishing one.
However, 40% expect difficulties in rising to the quantum computer challenge due to cost, lack of staff knowledge and concerns that providers of encryption tools won’t be able to upgrade certificates in time.
Earlier this week, a team of researchers from Google, NASA and the Oak Ridge National Laboratory made a controversial claim to have achieved a technical milestone known as “quantum supremacy”—they’ve shown that a quantum computer processing qubits can accomplish tasks significantly faster than conventional computers. While there’s a lot of debate over just how much faster a quantum computer is than a traditional computer, the research confirms there is an economic case for building quantum computers.
Of course, it’s not likely cybercriminals will have the resources to build their own quantum computers. However, Timothy Hollebeek, industry and standards technical strategist for DigiCert, noted quantum computers one day will be available in the cloud as another infrastructure-as-a-service (IaaS) platform. Cloud service providers typically don’t ask why customers may want to run a workload on their platforms, so quantum computers may become a bigger issue sooner than most IT organizations appreciate, he said.
At the same time, nation-states are investing in quantum computers, which undoubtedly will be employed to crack encryption algorithms as part of ongoing cyber-espionage activities.
Hollebeek said many organizations underestimate the time and effort that will be required to replace the encryption algorithms currently employed in existing applications. If organizations anticipate those algorithms will be cracked within the next three years, the time to start replacing those algorithms is now, said Hollebeek. In addition, any new encryption algorithms should be implemented in a way that makes them easier to upgrade in the future, added Hollebeek.
It’s not clear how soon theoretical research into quantum computing will result in actual systems that can be used to process data at exponential rates. However, once quantum computing becomes practical, one of the first use cases for these systems will be to make cybersecurity teams’ jobs even more difficult than they are currently.