Dan Flemming, Principal Solutions Architect, highlights the top risks, identified our Cyber Security for the Quantum Computing Age report, that will need to be solved before 2030 – or whenever quantum computers can be used reliably in practice.

Some experts predict that quantum computing is just five years away, known as ‘Years to Quantum (Y2Q)’. As we recently covered in this article, quantum computing will bring huge benefits to certain industries and mankind because it should be able to solve problems significantly faster than today’s supercomputer.

The bad news is that it will also undoubtedly come with enormous risks because the technology has the power to break through today’s encryption technology and potentially render cyber security as we know it useless. These risks will need to be mitigated before Y2Q is up.

With Y2Q top of mind, here are the key risks that will need to be solved:

Breaking classical cryptography and future decryption

The most recognised risk of quantum computing is its potential to compromise many widely used cryptographic systems, significantly affecting data security and communications. Encryption methods used in online banking, email, e-commerce, and government communications could be vulnerable to attackers with quantum computers. Shor’s algorithm enables quantum computers to break Rivest-Shamir-Adleman (RSA) and Elliptic Curve Cryptography (ECC), two prevalent cryptographic algorithms essential for secure data transmission, digital signatures, and other applications.

1.Data harvesting

Quantum computers pose a threat to encrypted data through “harvest now, decrypt later” attacks, where adversaries gather encrypted data now and plan to decrypt it with quantum computers in the future. Data that remains important from the time of theft until decryption will be vulnerable. This includes government communications, financial transactions, intellectual property, medical records, and other sensitive personal information.

2. Undermining blockchain technology

Blockchain technologies, which rely on public-key cryptography for securing transactions and ensuring integrity, are also vulnerable to attacks by quantum computers. These systems, essential for securing cryptocurrencies, often use the Elliptic Curve Digital Signature Algorithm (ECDSA) for digital signatures. However, quantum computers could exploit Shor’s algorithm to break ECDSA, enabling criminals to alter blockchain transactions, forge identities in cryptocurrency networks, and disrupt decentralised systems.

 3. Disruption of critical national infrastructure

Critical national infrastructure (CNI), such as the energy, healthcare, and transportation sectors, depends on secure communications and encryption. Risks include breaches in secure communication channels, disruption of supervisory control and data acquisition (SCADA) systems in utilities, and interference with defence or aviation systems.

4. Quantum-enhanced cyber-attacks

• Quantum computing could also be used to bolster the type of cyber-attacks we observe today, in two ways:
• Enhanced machine learning models could make automated attacks more effective, such as password cracking or evading network intrusion detection
• Faster computations might result in more advanced malware design or targeting.

5. Quantum espionage

• State-sponsored actors with access to quantum computing could leverage it to:
• Break military and diplomatic encryption
• Access trade secrets or classified information
• Compromise global financial systems.

6. Insufficient Post-Quantum Cryptographic Transition Planning

Transitioning to post-quantum cryptography (PQC) is a significant undertaking that carries potential risks if not managed properly:

• Organisations that don’t transition promptly may expose their systems to quantum attacks
• Adopting new cryptographic standards might create compatibility issues with legacy systems
• Incorrect implementation of quantum-resistant algorithms could lead to new vulnerabilities.

7. Quantum supply-chain risks

As quantum technologies develop, risks may also emerge from vulnerabilities in the supply chain, such as:

• Compromised quantum hardware or software
• Malicious actors embedding exploits in quantum devices.

8. Talent shortage

There’s already a shortage of cyber security professionals worldwide, and a lack of quantum computing skills will exacerbate this problem. However, the exact skills gap isn’t known due to several factors, including the rapid industry growth rate.

It’s time to start planning for the age of quantum computing today

While five years is a long time in the realms of business and cyber security, the UK’s National Cyber Security Centre (NCSC), part of GCHQ, and the US’s Cybersecurity & Infrastructure Security Agency (CISA) both advise organisations to start planning now.

To find out more about quantum computing, the threats it will bring for your cyber security, and learn how to get your organisation ready for Y2Q, download our free guide, ‘Cyber Security for the Quantum Computing Age’.