Quantum Computing – What are the security implications?
It is often said that security is a tool to delay an event. The greater the delay is commonly associated with the greater degree of security afforded. Quantum Computing poses a direct threat to security infrastructure through reduction of time required for conducting attacks and indeed the capability of the attack.
Encryption standards that would previously have taken thousands of years may be broken by larger quantum computers in days, if not hours. Whilst Quantum Computers are not yet readily available, they will most likely be introduced along with the associated threats prior to the introduction of added security they may offer. One possible measure is Quantum Encryption, holding data in Qubits in a state that, if impacted by a threat agent, would alter the data completely similar to a hash.
We are reminded of the threat and lengths people or organisations will go to for development of such technology by studying documents leaked in 2014 by Edward Snowden. This event saw the leak of information created by the National Crime Agency (NCA) in the USA to develop a Quantum Computing capability to target cryptography used by adversaries, The Penetrating Hard Targets project.
For an organisation to best prepare for the increased threat posed by these advances, it is recommended that they consider the following where applicable:
Vulnerability
Appropriate mitigation
Passwords (susceptible to brute force attack)
Whilst the power of Quantum Computing will enable malicious entities to break passwords faster than ever. Appropriate mitigation to this, available now, is the implementation of multi-factor authentication (MFA), combining something you have with something you know. If this is not possible then strong password selection and management will delay attackers in line with the advice provided in figure 1.
Third Party Providers
For all third-party vendors and Managed Security Service Partners (MSSPs), early engagement and collaboration to understand their security posture is very important. Ensure that they are aware and working towards mitigation where possible for the specific threats posed by this technology.
Data (at rest and in use)
Ensure proactive approach to patch management, enabling early closure of any identified vulnerabilities.
Early investment in Security monitoring solutions such as a Security Operation Centre (SOC) or a sophisticated SIEM (Security Information and Event Management) will enable early identification of malicious activity to an organisations network. As the Quantum threat develops, these services must grow their capability to afford detection and protection where possible.
The time it takes a hacker to brute force your password in 2022
Table provided by Hive Systems (Are Your Passwords in the Green? (hivesystems.io))
References
V. (2022, January 1). Google’s Quantum Computer Is About 158 Million Times Faster Than the World’s Fastest Supercomputer. Medium. https://medium.com/predict/googles-quantum-computer-is-about-158-million-times-faster-than-the-world-s-fastest-supercomputer-36df56747f7f#:%7E:text=In%20200%20seconds%2C%20the%20machine%20performed%20a%20mathematically,million%20times%20faster%20than%20the%20world%E2%80%99s%20fastest%20supercomputer.
GreyB, T. (2022, March 30). Top 10 Quantum Computing Companies Researching in 2022. GreyB. https://www.greyb.com/quantum-computing-companies/
National Quantum Computing Centre. (2021, July 8). UKRI NQCC. https://www.nqcc.ac.uk/
Dickens, R. (2021, August 7). Quantum Computing: The Future of Cryptography | Encryption Consulting. Encryption Consulting | Encryption Consulting. https://encryptionconsulting.com/quantum-computing-the-future-of-cryptography/#:%7E:text=Since%20quantum%20computers%20can%20perform%20four%20calculations%20at,many%20huge%20issues%20for%20our%20modern%20encryption%20systems.