The Internet of Things is no longer science fiction. If it’s not in your home already, it will be shortly, and IoT will only grow more pervasive in the coming years. Soon, just about every “thing” that exists will be connected to every other “thing.” That concept is incredibly exciting—and incredibly dangerous. Many of us are aware that online threats are pervasive, and result in devastating cyberattacks on governments, businesses and private citizens. What most people still don’t know is that, within the next 10 years, those attacks will become exponentially more difficult to prevent.
The reason: quantum computing. Tech giants, including Google, Microsoft and IBM, and governments around the world are all in a high-stakes race to introduce the first commercial, universal quantum computer. These incredibly powerful computers will introduce dramatic new opportunities in areas such as artificial intelligence, machine learning, materials science, and drug creation. Industry consensus is that a universal commercial quantum computer capable of these advances will arrive by 2026 or sooner. Experimental quantum computers already exist.
The dark side of quantum computers is that they will have the power to subvert the classical encryption widely used to protect data today, creating widespread and potentially catastrophic vulnerabilities. As computing has evolved, encryption has been able to evolve with it, largely hand-in-hand. Both were based on incremental changes in power; computers got faster, and encryption was improved to keep pace. With the advent of quantum computing, that model no longer applies. Incremental changes won’t be adequate as the paradigm shifts from classical to quantum computing.
As a result, much of the cryptographic algorithms commonly used now—RSA, Elliptic Curve, and Diffie Hellman – which power protocols used throughout computing such as PKI, Secure Web Browsing (TLS), secure remote connectivity (VPN), and even the future of finance (Blockchain)—will become obsolete. Data will be exposed when attacked by a quantum computer. Encryption in today’s mobile phones, e-commerce transactions, cloud computing, data networks and software updates will be at risk. Also at risk will be the encryption in tomorrow’s refrigerators, driverless cars, televisions, home security systems, and every other type of connected technology you can imagine, all of which we rely on daily.
There are, thankfully, solutions. The academic world is hard at work on quantum-resistant cryptographic algorithms, and some are ready to be deployed today. These algorithms can successfully protect against attacks launched by a quantum computer, but the solutions are not quick fixes. Migration from classical to quantum-safe encryption is complex and will take time—years, in fact, for the largest institutions—to complete. CIOs need to begin evaluating solutions today so that the integration and implementation work can begin and they can be prepared to protect their investments when quantum computers come online.
When quantum computing arrives, it will cause major disruptions. Networks and connected products without quantum safe security will no longer be able to guarantee the confidentiality of a VPN and the privacy of online communications. Quantum computing will crack the integrity of authentic software updates and untampered transactions, and it will undermine the authentication of digital signatures. Nation States and hackers using a quantum computer will have the tools to wreak havoc on individuals and organizations with secrets to keep.
The coming of quantum computing must motivate CIOs to address the problem today. As the National Institute of Standards & Technology (NIST) said in December 2016, “Regardless of whether we can estimate the exact time of the arrival of the quantum computing era, we must begin now to prepare our information security systems to be able to resist quantum computing.” Any infrastructure work or cybersecurity actions taken today without consideration of the quantum threat is simply a short-term solution, and a costly mistake.