The dawn of the quantum computing era — with leading companies like Google, IBM and now Honeywell making major strides toward quantum supremacy — has created significant buzz throughout the industry in the past year. These announcements took the computing world by storm, and indicate that a quantum computer with commercial applications may come faster than previously anticipated — perhaps as soon as three to five years. This development would be welcome in the scientific world, potentially advancing key scientific research and allow us to solve extremely complex problems that would have taken classical computers years to do.
There is also a dark side to reaching quantum supremacy and once these computers arrive they can be used to easily break today’s strongest encryption algorithms, exposing the intellectual property, financial data, and critical national security information of our government and leading companies.
Quantum Xchange was on the ground at the 2020 RSA Conference in San Francisco, where we surveyed nearly 125 security professionals from around the world to understand their perceptions about the potential impact of quantum computing on existing encryption methods and the urgency of safeguarding systems from the looming quantum threat.
Here’s what we found:
54% of respondents believe nation-states will leverage quantum computing for attacks in the next two years
Security professionals generally understand that quantum computing will fundamentally alter the security landscape, but their organizations aren’t necessarily responding with urgency. That’s understandable, given how difficult it can be to mobilize an organization, but when we look into the consequences of ignoring this threat, the reasons for action become more compelling.
One dire consequence of a quantum attack involves national security. More than half of respondents realized the most significant risk that quantum computers pose — that they could be used to crack today’s strongest crypto and allow nation-states to steal critical U.S. data. This sentiment is well-founded, given that cybercrime costs the U.S. economy $100 billion and the global economy $450 billion annually, and one in five companies have had their intellectual property stolen by China within the past year.
Three-quarters of security professionals at RSA said that quantum computers are already a threat to their organization or will be within 5 years, but most are not taking steps to protect their data.
While there is some disagreement as to exactly how many years away quantum computers will be a threat to specific organizations, nearly three-quarters of respondents believe that timeline to be five years or less — and 1 in 5 say quantum computers already are a threat today.
Despite the fact that a majority of respondents understand the threat of quantum computers and the need to prepare before an attack, 60% are not currently taking steps to protect their data. Fortunately, 32% of respondents recognized the need for investment in a quantum-safe ecosystem, indicating that their organizations were planning to spend the same or more on quantum-safe technology than they did last year.
This is certainly a step in the right direction, and fortunately, security leaders are coming to grips with the threat — 40% are either deploying or exploring quantum-safe strategies, or planning to do so, within the next 12 months.
Despite the looming threat, only 32% of respondents’ organizations are investing the same amount or more than last year in quantum-safe technology.
Ultimately, organizations that ignore quantum-safe solutions or simply attempt to bolster their traditional encryption methods (for example, increasing the length of public encryption keys) are taking their chances. But the view of security professionals at one of the world’s leading security conferences was clear: the option of doing nothing is quickly fading away.
Fortunately, there are viable, affordable options available for organizations looking to prepare now for the impending quantum threat. From hybrid solutions that combine classical and post-quantum cryptography, to ultra-secure, unbreakable Quantum Key Distribution (QKD), organizations can today extend the life of their existing encryption investments by making them quantum-safe now, and layer in QKD to their network when needed.
Seventy-two percent believe a crypto-agile infrastructure (the ability to layer-on additional quantum-safe crypto technologies without changing existing infrastructure) is needed to prepare for the quantum age.
Our adversaries and competitors are sitting on stockpiles of critical data and collecting more all the time. An ounce of prevention is worth a pound of cure, and for enterprises and governments, there’s simply too much at stake to fail to prepare for the quantum computing era.