Americas

  • United States

Asia

Oceania

Contributor

How quantum computing increases cybersecurity risks

Opinion
May 23, 20174 mins
Endpoint ProtectionInternet SecurityMobile Security

5 ways your information and property will be compromised when quantum computers arrive

Imagine you wake up one morning, assuming everything is as you left it the night before. But overnight, attackers with a quantum computer capable of breaking current cryptography standards have targeted millions of people and stolen their personal data.

Experts have estimated that a commercial quantum computer capable of breaking the cryptography we rely on today will be available by 2026. In fact, IEEE Spectrum reported last year that a quantum computer is close to cracking RSA encryption.

+ Also on Network World: IBM’s quantum processor comes out of hiding +

To many people, a nine-year timeline doesn’t sound alarming, and the consequences of not updating our security technology with quantum-safe solutions may not be clear. Here’s why the work to upgrade to quantum-safe security needs to start now to keep our data safe once quantum computers arrive.

Everyday things quantum computers will be able to hack

On any given day, you might engage in any of the following common activities as a typical technology user, and if attackers with a quantum computer break the cryptography these transactions rely on, your sensitive data could be leaked, leading to serious consequences for you and the institutions responsible for safeguarding that data:

1. Sending email: You log in to your laptop and send a few personal emails. Your messages can now be read by the attackers and posted publicly for anyone to read.

2. Checking an online bank account: You log in to your bank account and transfer money. Your financial data is now accessible by the attackers who can use it to drain your accounts.

3. Updating your social media accounts: You log in to Facebook and post a personal update about your upcoming vacation and some pictures of your family, assuming you are sharing only with your friends. All photos and personal information are now publicly visible and can be modified by people other than you.

4. Updating software on a smartphone: You get a software update to your smartphone and accept it, not realizing that the authentication process that assures the update comes from a trusted source (i.e. Google or Apple) is now broken. Malware can now be pushed to your smartphone in the guise of a trusted update, giving the attackers further access to any login credentials for apps you have stored, as well as your data.

5. Driving your connected car: You get into your car to drive to work. Your car’s computer accepts software updates automatically. Those updates could now come from the attackers, without your knowledge, allowing a third party to take control of the embedded systems in your car and override your navigation, cut power to your vehicle, and more.

Many other daily transactions we take for granted could immediately become vulnerable. For example, using a formerly secure IoT-connected device, such as a thermostat, home security system, or baby monitor; transferring funds to a pre-loaded payment for a public transportation system; or using a VPN to log in to a corporate network. Many public safety risks that are also introduced when public transport vehicles, safety systems, and physical access systems can be compromised.

We already see rapidly increasing numbers of data breaches as more connected devices make more attack surfaces available. As companies and governments work continually to protect against cybersecurity attacks through advances in technology, the advent of quantum computing could create a free for all for cybercriminals.

But there is a solution in the form of quantum-safe cryptography. The key will be updating quantum-vulnerable solutions in time, and that means understanding now which systems will be affected by quantum risk and planning a migration to potential quantum-safe security solutions that includes appropriate testing and piloting.

The transition can begin with hybrid solutions that allow for agile cryptography implementations designed to augment the classical cryptography we use today.

Contributor

Scott Totzke is the CEO of ISARA Corporation, the largest organization in the world focused solely on developing quantum-safe cryptographic solutions for integration into commercial products to protect against emerging security threats. As an expert in cybersecurity and emerging cyber threats, Scott is focused on shaping the security standards of tomorrow, developing world-class security solutions, assisting organizations and governments for the migration to next-generation security solutions and bringing awareness to new quantum threats.

Prior to co-founding ISARA, Scott was Senior Vice President of Enterprise and Security at Huawei where he was responsible for launching Huawei’s R&D office in Waterloo. He drove their global strategy for delivering industry leading mobility solutions designed to meet the most stringent security requirements demanded by enterprise and government customers.

Scott was also a Senior Vice President at BlackBerry, where his organization was responsible for the security of BlackBerry products and services. Scott helped shape BlackBerry’s security, regulatory compliance, lawful access and privacy strategies on a global scale. His organization included accountability for full security life cycle management ranging from design and implementation to in-life response to customer issues and concerns. Under Scott’s leadership, security became BlackBerry’s single biggest differentiator in government, enterprise and consumer markets.

Prior to joining BlackBerry in 2001, Scott was senior consultant with EDS, and built technical expertise and leadership experience in network security, architecture and database design roles. He also spent more than a decade as a system developer and network architect.

The opinions expressed in this blog are those of Scott Totzke and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.