While everyone’s gaze has been firmly on AI in the past two years, Google surprised the world yesterday with a quantum computing chip that could bring practical quantum computing closer to reality.
Called Willow, the chip does in minutes what it would take leading supercomputers 10 septillion years – longer than the existence of the universe – to complete. It can accelerate drug discovery, fusion energy and battery design among other areas.
Google has been fast to state that a Willow-based quantum computer is still years away. What’s clear to those who have been watching the development of such breakthroughs is that it’s time to accelerate those quantum-safe efforts.
By quantum-safe, it means creating cybersecurity tools that are safe from the encryption-breaking power of new quantum computers. This encryption that has been protecting private data, from banking details to personal data, as it is transmitted across the Net today is in peril otherwise.
Notably, the first wave of tools to protect networks against cryptographic attacks from quantum computers mark the beginning of a new chapter in cybersecurity. Published as standards in September by the United States National Institute of Standards and Technology (NIST), these tools cover general encryption and protecting digital signatures.
As quantum computing technology advances, the urgency to secure digital communications against potential breaches becomes increasingly critical. Introduced as a series of standards, the tools are not merely a final solution but rather the beginning of a broader journey towards comprehensive cryptographic security.
NIST collaborated with industry and academia on the standards development. IBM’s two algorithms, ML-KEM and ML-DSA, have been formally recognised in NIST’s standards. These algorithms are designed to withstand the anticipated capabilities of future quantum computers.
Lory Thorpe, IBM’s quantum research lead, pointed out during a recent visit to Singapore, that while the new standards provide essential building blocks, they cannot be seen as the sole protection against threats posed by cryptographically relevant quantum computers.
“We need to consider the breadth of applications and requirements in cryptographic capabilities,” she explained, underscoring the diverse ways encryption is used across industries.
Her insights highlight the complexity of implementing these standards. For instance, in telecommunications, where she has two decades of experience, she noted that applying the standards effectively requires a granular understanding of the specific use cases.
In telecom networks, factors such as latency, resource constraints, and compatibility with IoT devices present unique challenges.
This complexity isn’t limited to telcos. Financial services, healthcare, and other sectors face their own hurdles. “It’s not just about cryptography migration,” Thorpe said. “It needs to be embedded into a broader business transformation process, which takes time.”
As organisations begin to think about these new standards, they must also grapple with the concept of a “quantum-safe network”. This term refers to systems designed to be resistant to attacks from quantum computers capable of breaking traditional encryption methods.
Experts predict that such quantum capabilities could emerge within the next decade, leading to concerns about data that is currently protected potentially being compromised in the future through “harvest now, decrypt later” strategies.
While commercial quantum computers are expected around 2030, governments worldwide have begun to take varied approaches to quantum safety. The US has set timelines for organisations to implement quantum-safe measures. Canada has issued detailed guidelines to aid implementation.
Singapore authorities are no laggard here. The Monetary Authority of Singapore has already begun mandating quantum-safe network tests especially for the financial services sector. The Cyber Security Agency of Singapore too will be setting guidelines to prepare for quantum safe systems.
The pressing concern arises from quantum computing’s ability to exponentially increase computational power, enabling it to crack the encryption algorithms that currently safeguard sensitive data and critical systems worldwide.
The path to quantum safety isn’t always straightforward. Many organisations lack the extra capital for extensive testing and upgrades.
A parallel can be drawn to the Y2K crisis – organisations that delayed preparations ended up spending significantly more as the year 2000 loomed. The lesson? Starting early not only saves money but also ensures smoother transition.
Thorpe warned that those who delay adopting quantum-safe measures may find themselves facing more severe consequences down the line.
The ultimate goal is not to create impenetrable networks—an impossible standard—but to build resilience. Quantum-safe standards is not a one-and-done solution.
As Thorpe succinctly pointed out: “I would be thinking more in terms of how resilient networks are to an attack, rather than, is this going to be safe forever?”
IBM, for example, is advocating for automation in discovering and remediating cryptographic implementations within networks. By streamlining this process, organisations can more efficiently adapt their systems without having to build entirely new solutions from scratch.
Automating the discovery of cryptography use within networks and applying remediation patterns efficiently will be critical in scaling adoption. Enterprises need to move beyond viewing standards as a compliance checkbox and embrace them as a foundation for more agile and robust cybersecurity frameworks.
The path forward necessitates collaboration among stakeholders across various sectors to ensure that all networks can work seamlessly within a quantum-safe framework.
Aligning global standards is crucial for interoperability and backward compatibility, issues that will become increasingly complex as hybrid quantum-classical systems emerge.
Ultimately, the key thing is to view quantum-safe standards as an evolving story. The recently published standards in the US represent an important milestone, a critical starting point for a much larger, ongoing effort.
Since it takes a several years for organisations to fully transition to a quantum-safe network, they must start now or face a growing risk of cyber attacks in future.
