When Quantum Cyber Crime meets Encryption

Quantum technology is advancing quickly and will revolutionise computing. As we enter the quantum age, we can expect our current supercomputers to be overtaken and quantum technology to become widespread.

In many industries such as pharmaceuticals, drug discovery, logistics, climate change preparedness, financial modelling and smart city operations, quantum computing is expected to bring about drastic, positive change. Conversely, quantum technology will also have some negative impacts, including advancing the complexity and sophistication of cyber-attacks in unprecedented ways.

The European Union has realized the great potential of quantum technology, but also related cybersecurity risks. In its 2021 communication ‘2030 Digital Compass: the European way for the Digital Decade’, EU policymakers state the need for “developing new European standards or revision of existing ones on safety, privacy and cybersecurity of quantum computing and communication technology.” Such standards on quantum cybersecurity have been listed as one of eight priorities for 2024.

The Status Quo

As personal and business users, we’ve rapidly moved to an understanding of digital services as secure-by-design. In some cases that means information we’re sharing is encrypted. However, quantum computers will soon break traditional cryptography algorithms, meaning services designed to be encrypted will no longer be so. Coupled with powerful AI, quantum technologies will have computation capabilities which can break even some of the strongest cryptography algorithms widely used today.

For businesses, this means that becoming quantum ready should be a digital priority now, or risk facing critical future security threats as organisations scramble to adjust to a new world of quantum cybercrime.

Quantum readiness comes in stages

Becoming quantum ready does not happen overnight, which places further importance on starting early. Prior to even starting any digital transformations, organisations should be looking to conduct risk assessments based on comprehensive cryptography inventories.

Quantum algorithms, such as Grover and Shor, have already been shown to be capable of breaking some the most widely used cryptographic algorithms amongst organisations. Taking inventory allows businesses to take a targeted approach to their transformation, prioritising the weakest, higher risk applications or systems before moving on to others.

Once a risk assessment has been conducted, the next step towards protecting a business from attack is to start replacing potentially vulnerable algorithms with quantum-safe ones by, firstly, becoming cryptography-agile. A cryptography-agile application can support multiple cryptographic algorithms and, additionally, enables faster migration to new cryptographic algorithms.

Cryptography agility also means that organisations can use both traditional and quantum-safe algorithms, the purpose of this being that, should vulnerability be identified in a quantum-safe algorithm, organisations can still run alternative algorithms.

Organisations can also start preparing for a post-quantum world immediately by de-coupling crypto logic from business logic in applications to improve security for key business operations and, where possible, should begin automating cryptographic keys and digital certificate management.

Cloud services can help

Migrating to the cloud and working with cloud providers is also an effective step that organisations can take towards being quantum ready. Many cloud providers and service providers like Tata Consultancy Services (TCS) are already working to implement post-quantum cryptography (PQC) algorithms which secure cloud services they offer.

These providers can partner with organisations globally to develop business solutions which can leverage the power of quantum and can help organisations transition to a hybrid approach between quantum and classical cyber suites. Additionally, post quantum cryptography libraries are already available from certain cloud providers, providing a suite of quantum-safe algorithms that cloud-enabled businesses can experiment with, and even integrate into their systems.

Moreover, it is worth noting that many cloud providers are also conducting trials for quantum key distribution (QKD). QKD is a method of communication which uses a protocol based on quantum mechanics to securely transfer cryptography keys. In a post-quantum world, this could be used to secure critical communications.

By engaging with cloud providers in the process of testing these methods, organisations can gain readiness from these experiments and will be able to benefit immediately from them as quantum computing matures.

Starting early pays off

It can be difficult to know where to start but prioritising adaptability pays off. Becoming cryptography-agile is an essential next step after taking inventory, which can be taken now and can act as the first line of defence against quantum threats.

Quantum-safe algorithms have not yet been standardised, but organisations can take first steps towards crypto-agility by engaging with quantum safe libraries currently available – either open source, or from industry pioneers – to be prepared for implementation once they are standardised. Moreover, businesses can already now start putting together focused post-quantum migration programs internally so that both IT infrastructures and the teams involved are ready to migrate.

Much of resilience can be found in preparedness, and the more forward-looking European organisations are, the better they will be protected from cybercrime.

About Tata Consultancy Services (TCS)

Tata Consultancy Services is an IT services, consulting and business solutions organization that has been partnering with many of the world’s largest businesses in their transformation journeys for over 50 years. Operating in Ireland since 2001, TCS services over 28 global and local clients from its Dublin headquarters and Global Delivery Centre based in Letterkenny, Co. Donegal. For more information, visit www.tcs.com

Guest Post By Ganesh Subramanya, Global Head, Data Security and OT & IoT Security Practice, TCS