Unwelcome disruption or transformational opportunity
Just as we’re slowly getting a handle on what kind of quantum computing works and what doesn’t, we're also beginning to get a sense of the advantages and disadvantages of different technologies. “It's becoming very clear that a range of these quantum information technologies that we'll be developing will be useful in different contexts,” says Bremner, who also leads the Architecture and algorithms" theme in the ARC Centre for Quantum Computation and Communication Technology, “But the specifics of the problem matter and for those of us analysing problems that quantum computers can help with, we’re trying to develop mathematical tools that will make that job easier.”
The list of everyday applications that could be insecure in a quantum world today ranges from internet banking systems reliant on asymmetric cryptography and encrypted messaging applications to IoT (internet of things) devices and remote working VPNs. Of course, there are also many opportunities that quantum computing opens up. This includes brute-force traffic or medical trial optimisation problems, testing of large-scale systems from new-age aircraft, and smart energy grids to materials improvements and pharmaceutical development.
What we do know is that when quantum computing arrives, the effects will be profound. Some experts have described quantum computing as transitioning from scientific curiosity to technical reality. Think about a bank or government agency losing an encrypted file containing personal information—quantum decoding tools would make it very easy for someone to access that information. The upshot? Data that needs to remain secure over the long-term, needs to become quantum resilient now.
“It’s really important to understand that you can store attacks,” says Michael Bremner. “If you're using public cryptography systems to secure and send information that could be sensitive on a 20-year timeframe, you should probably be thinking about stopping doing that stuff today.”
The ability to store attacks has introduced key questions for many organisations and their IT security teams: are we going to have to change the way we do our internet security? And do we have teams that are capable of making these assessments? How will the systems impact user experience? What is the complexity of change? How will program-level changes effect system-wide security?
Over the past decade, many large companies, especially financial institutions, have answered these questions around cyber security infrastructure on a trade-off basis. At one end of the spectrum, pursuing infinite security at infinite cost is not an option. Similarly, merely pursuing reasonable security at reasonable cost comes with the potential for breaches to significantly impact an organisation’s ability to do business. Rather than optimising the systems for one or a handful of security variables, IT teams have tried to strike a balance.
To deal with critical, present-day threats rather than looming threats, such a quantum computers, savvy IT teams are beginning to preload their teams with as much context as possible.
“Quantum computing isn’t a problem until it’s a problem,” says the IT Manager for a large Australian bank, “as opposed to something like ransomware, which tends to grow linearly. And so, we've got a small collection of those kinds of potential step-change risks that we keep an eye on. And quantum computing is one of those.”