While the world is chattering about the risks of artificial intelligence, another technology threat lurks around the corner, one that is capable of cracking the data vaults that enable today’s digital services.
Quantum computing, which has so far been confined to research labs, is progressing towards practical reality in the next five to 10 years.
It can perform complex calculations faster than a traditional supercomputer, enabling the computation of huge data sets at exponentially high speeds to expedite life-changing discoveries in medicine and materials science.
There is also a chilling reality: its power can be used to shatter secure encryption systems that guard the most sensitive data today.
Action needs to be taken now to create greater awareness in industry, business and governments on quantum computing capabilities and its security ramifications, said Ray Harishankar, an IBM Fellow.
He explained in a virtual media briefing yesterday that until relatively recently, all quantum computers were small, experimental devices primarily used for advancing the study of quantum computing itself.
There is significant concern that the current public key encryption (PKI) and other cryptography/encryption systems, that are the current cornerstones of security today, can be cracked by quantum computers, leaving important digital data vaults open for plunder.
Estimates by IBM and industry researchers are that the quantum computers will be available at the earliest 2029, hence the urgency to create awareness and educate every organisation.
In the virtual briefing, Dr J W Saputro, chairman of the Asean high-performance computing taskforce, said that government representatives from the regional grouping’s 10-member countries will collaborate on the steps to take to ensure quantum-safe computing environment.
They were meeting in Jakarta this week to discuss this issue. A sub-committee is likely to be formed to address quantum-safe solutions.
Dr Lim Hoon Wei, principal director of R&D at NCS group, pointed out that local government agencies in Singapore, such as the Monetary Authority of Singapore and Cyber Security Agency of Singapore, have closely followed the latest global developments in standards for quantum-safe computing and assessing the appropriate guidelines for the Republic.
“NCS is partnering with IBM to support our clients on quantum-safe technologies, helping them test and customise remediation solutions to quantum threats,” he said in the media briefing.
The path forward can be daunting for organisations. Lory Thorpe, who leads IBM’s quantum safe industry team stressed that organisations must first assess their vulnerabilities and prioritise critical data.
“Some data may be vulnerable but it doesn’t mean that the encryption needs to be fixed because the risk is low or the resulting impact of data loss is low,” she noted.
The second step is to re-design the cryptography that secures the data to be quantum safe.
Standards for quantum-safe cryptography, in development for the past several years, are expected to be announced in April this year. Organisations can use these standards to re-design the encryption algorithms.
Thirdly, organisations have to apply the re-designed encryption solutions.
“It’s a question of not when but if the cryptography can be broken,” Thorpe stressed. “We need to evaluate what data is most valuable and how to protect them to prevent them from being compromised.”
Organisations must start on this migration to quantum-safe as it takes about seven to 10 years to get to quantum-safe, she added.
IBM is among a handful of players in developing the quantum computing hardware and software. It is working with industry groupings like GSM Association for mobile network operators and collaborating with universities around the world to develop quantum-safe solutions.
Standards for quantum-resistant encryption algorithms have been in development for the past seven years and is led by the US-based National Institute of Standards and Technology (NIST). It has identified four algorithms designed for different situations. They are expected to be launched this year.
Dr Lim believes that government and industry needs to promote quantum threats similar to how they handled the Y2K crisis, which is the result of a widespread computer programming shortcut that allowed only two digits – 99 instead of 1999.
Back then, organisations panicked as they were uncertain at the turn of the millennium, when the clock moved from “99” to “00”, if their computing systems would continue to function.
“Unlike Y2K, there is no fixed timeline for Y2Q, the year to quantum,” said Dr Lim. “It could materialise sooner than expected, making it harder for organisations to prioritise.”
“Besides, the scale and complexity of of quantum threats far exceed Y2K, so major changes to cryptography protocols in hardware, software and platforms are needed,” he added.
“The risks and impact are profound and can lead to explosion of sensitive data and major disruption of critical infrastructure,” he stressed. “Hence, it is critical for organisations to step up their quantum-safe efforts”.
