Time for some good news in cybersecurity

It's been some time since the global tech outage in July. Such disruptions are never good, and when they affect so many critical infrastructure sectors like transportation and healthcare at once it’s even worse. Systems are being restored and lessons on the importance of operational resilience are being learned. But geez—what a difficult moment for everyone in the security business and the world it was. But now for some good news.

Quantum computers solve the unsolvable faster

You may have been following the rapid advances in science and technology around quantum computers. Ninety-nine years of quantum mechanics in the making, these last ten years have seen absolutely amazing advances in practical quantum information science and quantum computing in particular. From the earliest 2 quantum bit (QuBit) computers a decade ago that lasted only seconds, we now have stable quantum computers in the cloud with over a thousand qubits, with equally rapid advancements in fidelity that allow even greater precision. Unlike a digital bit that can only be on OR off, a qubit can be on, off, AND everything in between all at once.

That means it doesn’t take many qubits to start solving massively important challenges of humanity including creating lifesaving drugs, bringing AI to unprecedented new levels, and exploring the origins of the universe.

The scientific advancements are coming from all points: governments, giant technology companies, major academic institutions, as well as individual scientists, purpose-built companies, and regional ecosystems around the world. The United Nations has named 2025 the Year of Quantum, which is going to be life changing. While quantum computing can have a very positive impact on business, it will also increase cybersecurity threats, for the very same reason that it’s useful: it solves the unsolvable, fast.

One of the massive problems a quantum computer can solve is a factoring problem. Just as we can all multiply 3 times 5 and get 15, factoring is a basic mathematical operation that can reverse that equation and given 15, tells you that the two factors must be 3 and 5. In the 1970s it was reasoned that almost any computer will be able to multiply two numbers together, but that if the numbers were big enough, the world would never make a computer fast enough to factor that result. That mathematical assumption has held true for almost 50 years of computing and is a fundamental basis of the way encryption is used to share information from one device to another.

However, on their current track, quantum computers will also soon be able to break the encryption in use today in every industry, every nation, every home, and every device. This capability will first come to nation states that could wield it to destabilize entire sectors like banking or transportation or communications, then to global organized criminals that can use it to steal, extort, and ransom life-line services such as healthcare, food, and water. Then it will be available to any malware miscreant to cause their own havoc on society. It’s a big deal.

I said this was going to be good news, and I meant it

This new quantum risk did not just sneak up on society. I’ve been focused on it since 2015 when I began working on the beginnings of a National Cyber Moonshot for America, and groups like the National Institute of Standards and Technology lead a globally focused effort even longer to find a solution (or group of solutions) that can work for all. And they have.

The world is presented with a new risk—quantum computers that can soon break our encryption—and a new solution—a set of new standard encryption algorithms that don’t rely on factoring as their secret sauce and thus will stand up against these coming quantum attacks.

So, what are the implications and next steps for businesses?

Here are three key suggestions for organizations to consider:

• First, assess their quantum risk and create a strategic plan to mitigate it. They need to determine what parts of their enterprises are at risk, and create a team, plan and budget to implement a full-scale transition of old, vulnerable encryption to new, quantum resistant encryption. This plan is a critical step toward an efficient transition in terms of time, money and risk.
  
  
• Second, launch a full-scale effort to discover where all of their vulnerable encryption is in their networks, applications, partners, clouds, devices, and more. Since encryption algorithms have often been taken for granted and not focused on, a concerted effort is required to identify them, and put the results into an actionable inventory. The recent advent of purpose-built cryptography discovery tools dramatically improve this process. They add a high degree of automation and artificial intelligence (AI) to make it manageable in terms of time, money, and completeness.
  
  
• Third, create a new cryptographic architecture that not only resists quantum attacks but also manages this vital defensive resource. Doing this prepares organization to better defend against the panoply of today’s attacks including ransomware, theft, and more. New cryptographic methods could include anything from simple old/new substitution for point-to-point systems like VPNs and simple enterprises, to new crypto agility systems that allow orchestrated management of deployed cryptography based on real time risk, performance, and interoperability situations.

They might also incorporate the newest quantum key distribution (QKD) systems that use quantum physics itself to share keys without risk of subversion. A highest level ’defense in depth’ architecture is also now available that integrates the best of each of these at the right levels of a critical complex enterprise.

Our quantum security teams at Accenture have been helping clients around the world in all three phases of their quantum journey. They have developed leading accelerators and architectures for each stage, and integrated emerging technologies that have been developed specifically for this effort. Good news indeed.

Steering towards quantum readiness

Quantum readiness, in a business context, means preparing to counteract quantum threats by understanding potential disruptions and integrating quantum-resistant solutions into existing cybersecurity strategies.

While this NIST quantum security announcement will be new to many, it’s really good news that with significant new cyber risk comes an equally significant new capability to manage it. Organizations just need a strategy, new discovery tools, and a new way to encrypt and manage cryptography with excellence—as well as teams like Accenture that have been focused on this for years.