Quantum hacking is a looming privacy threat. Companies should start worrying now
Now that everyone else has had a turn, quantum hackers are coming for your data.
Well, not quite yet. But they’re working on it.
Quantum computers, which are still in development by players such as Google, IBM, and Microsoft, hold enormous promise to do good as well as harm. The U.S. and Chinese governments are pouring billions into them.
For a primer on this new breed, I turned to Martin Lee, technical lead of security research and EMEA lead at Cisco Talos, the networking giant’s threat intelligence and response group.
Traditional computers operate on binary digits, or bits, that are either one or zero. In a quantum machine, “the bits are one, zero, or everything in between, all at the same time,” Lee says. So it “has the possibility of being able to calculate and consider many different solutions to a problem all at the same time to find the correct answer.”
That’s ideal for calculating the shapes of proteins to discover new drugs, Lee notes, or the thermodynamics of an engine.
It’s also perfect for stealing data.
Because a quantum computer makes calculating the factors of prime numbers much easier, it could swiftly crack many existing encryption algorithms, Lee says.
How soon? Maybe next year, maybe in five years, or maybe never, Lee reckons. But it’s time to start considering the problem so it doesn’t become an emergency, he warns. “Certainly, CIOs and CTOs need to think about 'How do we prepare for a post-quantum world?'”
In response, companies are already developing and deploying quantum security. One is QuSecure, a California startup whose clients include Cisco, Dell, and the U.S. military.
Hackers are harvesting data now for quantum decryption later, says cofounder, chief product officer, and CTO Rebecca Krauthamer. Prime targets include electronic health and financial records, as well as national security data, Krauthamer adds. “All those kinds of things, they have a shelf life, and that’s why for some sectors, it’s a very urgent problem.”
To ward off quantum attacks, you fight fire with fire, right? Actually, no.
QuSecure’s software sits atop a client’s existing encryption, explains Skip Sanzeri, cofounder, chair, and COO. Besides some optional quantum random number generation, it uses classical algorithms. “That’s why we can deploy now,” Sanzeri says. “We’re not dependent upon quantum computers to be able to add this cryptography.”
When it comes to quantum security, there’s a wide range of awareness and preparation among businesses, Lee says. In the U.S., the National Institute of Standards and Technology is deciding which encryption algorithms get its post-quantum seal of approval.
“We already know that some of the algorithms that we currently use in cryptography are going to be quantum-secure,” Lee says. “So there are organizations that are taking this very, very seriously and clearly showing the way.”
Then there are the others.
Some companies still use obsolete cryptography that even today’s computers can crack, Lee says. He sees a chance for businesses to take stock of whether their defenses meet current standards—and to switch out dodgy algorithms for quantum-secure ones.
Lee also offers a prediction about quantum: “It’s almost certainly going to be a nation-state that develops one of these computers first.” Don’t expect it to advertise the fact that it can crack current cryptography.
“So we need to be aware of what this means for the privacy of our data,” Lee says of that code-breaker in the wings. “And we need to take the steps now because no doubt it will be used when it becomes available.”
That’s a simple enough calculation.
Nick Rockel
nick.rockel@consultant.fortune.com
This story was originally featured on Fortune.com
