A quantum of solace

A digital weapon of mass destruction is just over the horizon. If corporate and government leaders were caught off guard during the recent ransomware attacks, this will truly terrify them.

quantum computing KryptAll
KryptAll

Ian Fleming’s creative liberties

When he published a series of James Bond novellas in 1960, Ian Fleming took a few linguistic liberties with the title of ‘A Quantum of Solace’. The word quantum means ‘minimum’, and the overall phrase refers to how two people must provide each other a minimum of solace (comfort or consolation) during times of great stress to prevent the relationship from breaking down.

The technology world is entering just such a period.  Our relationship with security is entering a period of stress that has only just started. 

Quantum computing applies theories from theoretical physics to perform extremely complicated computations.  Simply said, what is normally a binary process – bits of data being either a one or a zero – are re-examined at a base level.  Instead of being an either/or question, quantum computing bases its calculations on being both at the same time. 

These calculations rely on the use of so-called quantum bits, which exist in a two-state permutation.  In physics, they could be construed as being in a horizontal and a vertical axis simultaneously.  In computing, they would be said to be in a superposition of both 1 and 0 simultaneously.  So while we physically cannot be in two places at once, it is at least theoretically possible.  Now, that theory is quickly becoming a reality in the digital space.

The secret of our success

This year has witnessed remarkable advances in quantum computing.  It began in the universities of course.  But what began with an innovation trickle has quickly become an investment flood. 

Microsoft teamed up with the University of Sydney.  Google is investing in a big way.  So is IBM.  But it’s not just Silicon Valley.  The U.S. government is investing in quantum computing research.  Britain too.  And France

Britain wants to improve weather forecasting, and NASA is using it to develop better space travel options.  Quantum computing will speed up new drug discovery by doing virtual clinical trials.  With autonomous vehicles looming ever closer, quantum computing could optimize traffic controls

It’s not just the big players either.  Startups like Rigetti Computing, IonQ, and QxBranch are quickly attracting venture capital dollars on the promise of big payouts sooner rather than the ‘later’ projected a couple of years ago.

So, why should anyone be interested, much less concerned, about this?  Well, it’s not that quantum computing will radically speed up computer calculations (it will), or that it will make predictive models far more accurate and useful (that too).  The big reason for all of the media brouhaha is that it will soon render all current encryption obsolete.

Enter 1984 in 2017

All of it.  Your secure https webpage?  Cracked.  That RSA token that allows you into an office building?  Cracked.  The tokens used by Apple Pay?  Cracked. The key fob for your expensive new Mercedes (as well as your older, efficient Toyota)? Cracked!  All of the cost & time savings promised by the ‘Internet of Things’? Cracked!  Seeing the pattern here?

All of the recent hand-wringing about end-to-end encryption on smartphone messaging apps (yes, I’m guilty too), means not just government agencies could get into your private files.  It means anyone with quantum computing access will be able to do the same.  Anyone.

Cybersecurity analysts have confirmed that foreign actors – some friendly, some not so much – are downloading U.S. data files and storing them. To be specific, China, Russia, and Iran are making good headway in quantum computing. 

Storage is cheap, remember?  Well foreign actors (nation states, terrorist groups and criminal elements) are archiving as much encrypted data as they can – so they can decrypt it at a future date and unveil secrets the U.S. has been protecting for years.  This will make our recent ransomware attacks seem like schoolyard hair-pulling by comparison.

But it’s not just government secrets at risk.  It is all data – yours and mine – as well.  Confidential corporate deals.  Law firm files.  Technology trade secrets.  Personal medical histories.  It’s all about to be up for grabs to anyone willing to pay for the access.  It will be as destabilizing to cyberwarfare as atomic science was to the Cold War.

A quantum of solace

Where & how this digital weapon-of-mass-destruction plays out is still unknown. Our government, corporate, and social leaders are going to have to address this issue with their constituents, customers, and voters. And, as with all battles, there are lessons to be learned from prior conflicts. 

After a punishing first few years in World War II, Britain finally achieved a pivotal battlefield victory. Winston Churchill searched for the words to provide solace to his nation without understating the long, painful road still ahead.  He wrote: “This is not the end.  It is not the beginning of the end.  But it is, perhaps, the end of the beginning.” 

New encryption will be developed.  But until it is economically and socially available to the masses, leaders will have to heavily invest in the systems, infrastructure, and personnel to keep our systems operating during some potentially dark days ahead.  We will all be looking for a bit of solace during that time.

This article is published as part of the IDG Contributor Network. Want to Join?

NEW! Download the Fall 2018 issue of Security Smart