- Home >
- Services >
- Access to Knowledge >
- Trend Monitor >
- Domain of Application >
- Trend snippet: Key transformative technology that will contribute to the changing dynamics of cyberspace: Quantum
Trends in Security Information
The HSD Trendmonitor is designed to provide access to relevant content on various subjects in the safety and security domain, to identify relevant developments and to connect knowledge and organisations. The safety and security domain encompasses a vast number of subjects. Four relevant taxonomies (type of threat or opportunity, victim, source of threat and domain of application) have been constructed in order to visualize all of these subjects. The taxonomies and related category descriptions have been carefully composed according to other taxonomies, European and international standards and our own expertise.
In order to identify safety and security related trends, relevant reports and HSD news articles are continuously scanned, analysed and classified by hand according to the four taxonomies. This results in a wide array of observations, which we call ‘Trend Snippets’. Multiple Trend Snippets combined can provide insights into safety and security trends. The size of the circles shows the relative weight of the topic, the filters can be used to further select the most relevant content for you. If you have an addition, question or remark, drop us a line at info@securitydelta.nl.
visible on larger screens only
Please expand your browser window.
Or enjoy this interactive application on your desktop or laptop.
Key transformative technology that will contribute to the changing dynamics of cyberspace: Quantum
Risks:
Disrupting cryptographic infrastructures:
The principal cybersecurity risk is posed by the impact quantum computing will have on currently widely adopted asymmetric cryptography. A sufficiently powerful and error-corrected quantum computer would solve some of the classical mathematical problems on the intractability of which many of these cryptography methods rely. It would therefore have the potential to break the cryptographic security on which enterprises and the wider digital economy rely.
‘Download now, decrypt later’:
The potential future quantum threat to cryptography is relevant to the risk decisions being made today. There is a “download now, decrypt later” risk for datasets with extended periods of sensitivity: data that exists now could be harvested by adversaries for decryption in the future.
Novel and secondary security risks arising from broader economic and industrial transformation:
As organizations face a need to outsource quantum computations on their most valuable IP to third- party services, they could face risks of adversarial interference. There is also a risk that unintended functionalities arising from quantum algorithms. There are also several shared infrastructures that depend on the collective application of quantum-vulnerable cryptography. This includes the interconnected systems and interdependent business models of the industrial internet of things (IIoT), and the distributed-ledger technologies being rolled out across a range of industrial applications. In many cases, “ownership” of these shared infrastructures is highly distributed, and it is not necessarily clear who is responsible for ensuring that they are made quantum-safe.
Geopolitical risk and equitable access:
The potential concentration of the first sovereign quantum capabilities (technologies and experts) in a small number of advanced nations has geopolitical implications. As with all new technologies that raise the bar in terms of competitiveness, there is a global risk that competition and protectionism will interfere with international collaboration and equitable access. This could act as a major barrier to unlocking the full potential economic and societal benefits of quantum technology to the wider economy, and widen asymmetries in terms of security and industrial capability. If equitable access to the technologies is not ensured, nations that have sovereign quantum capabilities may use them to create a strategic advantage, while other nations fall into “quantum poverty”.
Rapid progress is being made in the development of quantum computers. As this technology matures, it has the potential to drive transformational changes across industry and society. Quantum computing also poses a number of risks that must be addressed to ensure that security concerns do not threaten uptake. There is still time to mitigate these risks before they arise. Individual organizations need to start considering their ability to transition to quantum safety, and many are doing so. There are also distributed risks that require collective action in multiple sectors and jurisdictions. Business leaders and governments need to ensure that they understand the technologies and the risks and are prepared to act quickly if the full transformative value of quantum technologies is to be realized.
Quantum arms race
Quantum computing is one of the most strategically important technologies that will emerge in the next 5–15 years. It may well launch a technological revolution and bring great opportunity. Quantum computers make use of the laws of quantum physics to process information, in principle enabling types of information-processing tasks that cannot feasibly be achieved using classical computers. As quantum computers work alongside classical computers, a set of computational problems could become tractable for the first time.
Currently, there are major engineering challenges to building hardware and software that can realize the theoretical potential of quantum computing. It is generally thought that some applications of quantum computing may become practical at scale in around a decade, although timeline predictions vary. The timeline may be shortened. Significant investments are being made in quantum research and development by major technology corporations, national governments and venture capitalists. A technological arms race is developing that has the potential to unlock trillions of dollars of value within the global economy.
Quantum algorithms have the potential to bring about major advances and transformative benefits in a range of use cases across industry. For example, quantum could be applied to molecular simulation, accelerating drug discovery and materials science, could solve complex optimization problems in financial services and aerospace, and could improve AI capabilities. Early versions of quantum-computing services are already being offered by a small pool of companies that are beginning to engage clients to collaborate on creating the algorithms needed to realize the niche benefits that are already achievable or are likely to be so in the near future. The full extent of the transformations that may be achievable as quantum computing matures is not yet understood, but it is clear that this technology has the potential to create great shifts in value creation. Nations, sectors and organizations that are not able to reap its benefits risk falling behind the progress made by others.
Broken cryptography and broader risks
The most significant implications of the quantum arms race are already being felt by the global cybersecurity community.
Disrupting cryptographic infrastructures
The principal cybersecurity risk is posed by the impact quantum computing will have on currently widely adopted asymmetric cryptography. A sufficiently powerful and error-corrected quantum computer would solve some of the classical mathematical problems on the intractability of which many of these cryptography methods rely. It would therefore have the potential to break the cryptographic security on which enterprises and the wider digital economy rely.
Both classical and quantum cryptographic solutions that are resistant to this threat (“quantum-safe”) are emerging, e.g. through the standardization process for post-quantum cryptography run by the US National Institute of Standards and Technology (NIST). A number of implementation challenges are yet to be resolved, however. It is not yet fully understood how quantum cryptography will affect the balance between attackers and defenders, nor how this will play out commercially or politically.
If quantum computers were to become capable of breaking asymmetric cryptography before the digital ecosystem had achieved the necessary transition to quantum safety, it would create significant cybersecurity risks for individual organizations. Businesses and governments could be left unable to ensure the confidentiality, integrity and availability of the transactions and data on which they rely, if they or the organizations and suppliers that they depend on were not prepared.136 137 There are also several shared infrastructures
that depend on the collective application of quantum-vulnerable cryptography. This includes the interconnected systems and interdependent business models of the industrial internet of things (IIoT), and the distributed-ledger technologies being rolled out across a range of industrial applications. In many cases, “ownership” of these shared infrastructures is highly distributed, and it is not necessarily clear who is responsible for ensuring that they are made quantum-safe.
‘Download now, decrypt later’
The potential future quantum threat to cryptography is relevant to the risk decisions being made today. There is a “download now, decrypt later” risk for datasets with extended periods of sensitivity: data that exists now could be harvested by adversaries for decryption in the future. Similarly, there is a risk to systems being rolled out today with long lifespans (e.g. satellites, transport and industrial control systems), which could be in operation for decades.
Novel and secondary security risks arising from broader economic and industrial transformation
As industry use cases for quantum computing emerge, organizations will need to consider how they start to adopt quantum into their business models in order to retain competitive advantage. Adoption is likely to create new security dilemmas, however.
As organizations face a need to outsource quantum computations on their most valuable IP to third- party services, they could face risks of adversarial interference. There is also a risk that unintended functionalities arising from quantum algorithms that are inherently biased, or that have been manipulated by adversaries, could go undetected by the organizations liable for them. This could be due to a lack of personnel with quantum expertise. It could also be due to technical explainability and verification challenges for complex, non- deterministic quantum algorithms (a subject of ongoing research). While verifying the results of many quantum algorithms will be straightforward, there may be cases where the reverse operation for verification is difficult.
Wider security issues will emerge. It is likely that quantum computing will be misused for malicious purposes. Criminals will seek to access quantum services, exploiting their computational power to advance cyberattack capability. There are also potential parallels with dual-purpose technology in the context of the proliferation of weapons of mass destruction, e.g. through the use of quantum computing to develop weaponized pathogens.
It is not only activity with malicious intent that will be a concern. As with all new technologies, there will be disruptive applications found for quantum computing to create new economic advantages for particular parties
(for example, optimizing financial-trading strategy, which could be disruptive to markets and economic processes).
Geopolitical risk and equitable access
Quantum technology has the potential to be game-changing for national security. Currently, some national governments are putting significant investment into the development of sovereign quantum technologies and skills, and several countries are placing quantum technologies on their lists of controlled goods. The potential concentration of the first sovereign quantum capabilities (technologies and experts) in a small number of advanced nations has geopolitical implications.
As with all new technologies that raise the bar in terms of competitiveness, there is a global risk that competition and protectionism will interfere with international collaboration and equitable access. This could act as a major barrier to unlocking the full potential economic and societal benefits of quantum technology to the wider economy, and widen asymmetries in terms of security and industrial capability. If equitable access to the technologies is not ensured, nations that have sovereign quantum capabilities may use them to create a strategic advantage, while other nations fall into “quantum poverty”.