Time to dispel with a myth: quantum computing is still just a theory. It’s not. If you don’t believe us, read here. And because it’s past the theoretical stage, commercialization is not far away, even as there is also an open source push for the technology. Over 100 applications can run on quantum computers. and they are being used to simulate weather patterns, optimize advertisement displays and solve complex computer network problems.
Even IBM is in on the game, rolling out cloud-based quantum computing called IBM Q for commercial use. Sure, there may be some horsepower limitations right now, but that won’t last forever. And once these technical challenges are overcome, you’re going to see some game-changing computational power for the clients who employ quantum computing. Those interested in this technology include Microsoft, Alphabet, JPMorgan Chase, Samsung, Barclays, Daimler AG and Oak Ridge National Lab.
With players like that interested, there is something real here.
Note: we haven’t even mentioned nations who want this technology. China has stated it wants quantum computing capability that has “a million times the computing power of all others presently in the world.”
You see? The myth should be dispelled about quantum computers: they’re real and are no longer limited to the provinces of universities, national labs and federal governments. And they’re going to change how we conduct business and daily affairs.
Now, whether that is a good or bad thing is still to be seen.
Here’s the key about quantum computing: its computational powers will allow us to solve mathematical problems that were once thought unsolvable, at least within our lifetimes. It is the ability to crunch so much data so fast that gives us game-changing possibilities. That means changes for drug therapies, building materials, artificial intelligence, weather forecasting, war fighting capabilities – just to name a few – and of course data protection methods, as well.
One area of data protection that will be affected by quantum computing capabilities is encryption. You see, quantum computing will make current day encryption practices obsolete. The traditional Public Key Infrastructure (PKI) system used can easily come crashing down when public keys become vulnerable to attack by quantum machines. Instead of years to decipher codes, we could be down to minutes or even instantly.
That changes life pretty darn dramatically. Just imagine all those security certificates issued for websites, emails and digital signatures to validate authentication becoming obsolete in a matter of minutes. We can already sense the drool from cyber criminals and adversarial nations.
Here comes the “the sky is falling” talk, so here’s the disclaimer: we don’t expect this encryption calamity to happen tomorrow, but we do expect it to happen within our lifetime. It’s not unreasonable to think within a decade or so. The 10-15 year mark isn’t all too unreasonable, especially if you start taking into consideration study and standardization. But that’s the problem with any new technology: timing.
So with that said, are you going to wait and see what happens or – if your resources permit – be an early adopter? Here are some thoughts that may help you decide.
If you’re not a data-dependent company, you’ll be pretty safe for the next few years while you play the “wait and see” card. By the time you are worried about quantum computing, you’ll probably have suffered other obstacles that impact you more directly.
But if you are a data-dependent company – like a bank, financial institution or organization that holds and uses plenty of personal identifiable information – you may want to be one of those first ticket holders for the first quantum trains. Note: in case you haven’t been following, a couple of trains have already pulled out of station.
One of those quantum trains specifically related to encryption is Quantum Key Distribution (QKD). It’s an interesting concept because the process does not necessarily rely on a quantum computer but rather uses quantum physics to build the key instead of hard mathematics. Read the article for more details on how photons are used to create the key and how a disturbance to the photon protects the data.
It’s not quantum computing exactly, but it’s kind of cool that you’re using quantum physics to help prevent against a potential future quantum computing attack. And we understand there are limitations to using photons, such as speed and distance, but some of us still remember that a 9,600 bit/s modem was a technological breakthrough, and as recently as 20 years ago, if you had a 56.6 kbit/s in your home computer, you were a total rock star.
Keep perspective: 20 years ago wasn’t that long ago. Everything has a beginning. The first trials of online banking started in the early 1980s, and in 2001, Bank of America had nearly three million people banking online. In other words, change comes fast.
So while we are still very much in the “zone of the unknown” a word of advice: if you’re a data-heavy organization and you plan to use and keep that data for years to come, you need to start thinking about new and alternate forms of encryption today.
About the Authors:
Paul Ferrillo Paul Ferrillo is partner and shareholder in Greenberg Traurig’s (“GT”) Litigation department, where he focuses on complex securities, shareholder and business litigation, and internal investigations. He also is part of GT’s Cybersecurity group, where he focuses primarily on cybersecurity corporate governance issues, and assists clients and boards of directors with governance, disclosures (both regulatory and post-breach crisis management), and regulatory matters relating to their cybersecurity postures and the regulatory requirements which govern them (e.g. SEC OCIE, FINRA, OCC, FFIEC and NY DFS).
George Platsis has worked in the United States, Canada, Asia, and Europe, as a consultant and an educator and is a current member of the SDI Cyber Team (www.sdicyber.com). For over 15 years, he has worked with the private, public, and non-profit sectors to address their strategic, operational, and training needs, in the fields of: business development, risk/crisis management, and cultural relations. His current professional efforts focus on human factor vulnerabilities related to cybersecurity, information security, and data security by separating the network and information risk areas.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.