Securing the future: cyber defence in the age of quantum computing

Quantum computing, with its unparalleled processing power, promises transformative advancements across industries, from healthcare to logistics. However, it also poses a significant threat to current cryptographic systems, which underpin modern cybersecurity. The arrival of quantum computers capable of breaking widely used encryption methods could render sensitive data vulnerable and disrupt global systems. This article explores the implications of quantum computing for cybersecurity, highlights the measures being taken to mitigate risks, and outlines a roadmap for securing the future.

1. Breaking classical encryption
   Most encryption methods today, such as RSA and ECC, rely on the computational difficulty of factoring large numbers or solving discrete logarithms. Quantum algorithms like Shor’s algorithm can solve these problems exponentially faster than classical computers, effectively breaking these cryptographic systems.
2. Impact on data security
   
   Quantum computers could compromise:
   • Financial transactions secured by encrypted communications.
   • Sensitive government and military data.
   • Public key infrastructure (PKI) used for secure websites, emails, and digital signatures.
3. Data harvesting threat
   Even before quantum computers are fully operational, adversaries are believed to be “harvesting now, decrypting later,” storing encrypted data with the intent to decrypt it using quantum technology in the future. This is particularly concerning for long-term sensitive data, such as healthcare records and classified government communications.

1. Post-quantum algorithms
   Researchers are developing cryptographic methods resistant to quantum attacks, known as post-quantum cryptography (PQC). These algorithms are based on mathematical problems that are difficult for both classical and quantum computers to solve, such as lattice-based cryptography.
2. NIST standardisation effort
   The US National Institute of Standards and Technology (NIST) is leading an international effort to standardise post-quantum cryptographic algorithms. In 2022, NIST announced the first four algorithms selected for standardisation, including CRYSTALS-Kyber and CRYSTALS-Dilithium, which are promising candidates for encryption and digital signatures, respectively.
3. Hybrid cryptography
   As organisations transition to quantum-resistant systems, hybrid cryptography—combining classical and post-quantum methods—offers an interim solution, ensuring robust security during the transition.

1. Quantum Key Distribution (QKD)
   QKD leverages quantum mechanics to create encryption keys that are theoretically unbreakable. Any attempt to intercept the keys disrupts the quantum state, alerting the parties involved. The UK’s Quantum Communications Hub is leading advancements in QKD, with trials demonstrating secure data transmission over fibre networks.
2. Secure multi-party computation
   This approach allows parties to compute a function jointly without revealing their private inputs, providing a robust method for secure collaboration in a quantum-enabled future.
3. Quantum-safe networks
   Developing quantum-safe networks involves integrating QKD and post-quantum cryptography into existing infrastructure. Projects like BT’s Quantum-Safe Testbed in the UK are piloting these technologies to protect critical communications.

1. UK’s National Quantum Strategy (2023)
   The UK government’s National Quantum Strategy outlines a £2.5 billion investment in quantum research over 10 years. This includes a focus on quantum-safe cybersecurity, fostering collaboration between academia, industry, and government.
2. EU’s Quantum Flagship Programme
   The European Union has invested heavily in quantum technologies through its Quantum Flagship Programme, with initiatives aimed at developing quantum-secure communication networks.
3. US Quantum Initiative Act
   The US has prioritised quantum research with significant funding for cybersecurity applications. Agencies like the NSA are working to identify vulnerabilities in cryptographic systems and develop quantum-resistant solutions.
4. China’s quantum leap
   China is making rapid advancements in quantum communications, including launching the world’s first quantum satellite, Micius, and building a quantum-encrypted communications backbone between Beijing and Shanghai.

1. Cost and complexity
   Transitioning to quantum-resistant cryptography requires significant investment in hardware upgrades, software development, and workforce training.
2. Interoperability issues
   Ensuring that quantum-safe systems work seamlessly with existing infrastructure is a complex challenge, particularly in legacy systems.
3. Global standards alignment
   The lack of uniform global standards for quantum cybersecurity could hinder collaboration and leave systems vulnerable to attacks in jurisdictions with weaker safeguards.
4. Public awareness and trust
   Educating stakeholders about the risks and the need for quantum cybersecurity is essential to garner support for investments and adoption.

1. BT’s Quantum-Safe Testbed (UK)
   BT’s testbed project integrates QKD with post-quantum cryptography to secure communications for critical national infrastructure. Initial trials have demonstrated successful data protection over long distances.
2. Chinese quantum networks
   China’s quantum satellite, Micius, has facilitated long-distance quantum-encrypted communication, showcasing the feasibility of global quantum networks.
3. DigiCert and post-quantum cryptography
   DigiCert, a leader in digital certification, has been actively testing post-quantum cryptographic algorithms to ensure the future security of digital certificates.

1. Adopt post-quantum standards early
   Organisations should begin integrating NIST-recommended post-quantum algorithms into their systems to stay ahead of quantum threats.
2. Expand quantum research and collaboration
   Governments, academia, and industry must work together to advance quantum-safe technologies and share knowledge across borders.
3. Develop quantum cybersecurity frameworks
   Establishing regulatory frameworks and guidelines for quantum-safe practices will ensure a consistent and secure approach across sectors.
4. Invest in workforce development
   Building a skilled workforce in quantum and cybersecurity is essential to meet the demands of the quantum era. Educational initiatives and training programmes should prioritise these areas.

Quantum computing presents both opportunities and risks. While its potential to revolutionise industries is immense, its capacity to undermine current cybersecurity systems demands urgent action. By investing in post-quantum cryptography, quantum-safe networks, and international collaboration, governments and organisations can build resilient systems that safeguard data and critical infrastructure in the quantum era. The race to secure the future is on, and proactive measures today will determine the security landscape of tomorrow.