Quantum computing has the potential to disrupt many industries with its, until now, unimaginable speed and ability to parse and interpret data. This gradual proliferation of quantum computing will not only result in unprecedented efficiencies, but also create both opportunity and challenges for MSPs and verticals of every stripe.
CISA warning highlights forthcoming risk
“Quantum computing will revolutionize virtually everything, yet the problem is that for most systems, cybersecurity is built around legacy and conventional models. Quantum, for all its promise, is a new model and new cybersecurity considerations will need to be adopted,” advises Henry Collins, an independent cybersecurity consultant in Austin.
Collins has studied the arrival and emergence of quantum, “Here’s the real threat: if businesses and cybersecurity companies will be adopting quantum, guess who will also?” he asks.
“You guessed it: the cyber criminals.”
In a recently published paper alerting MSPs and CISOs about the cybersecurity risks that quantum will bring, CISA predicts that there will be a day not so distant in the future when cybercriminals will harness the power of quantum to break into systems.
The CISA alert, published in August 2022, warns:
“While quantum computing technology capable of breaking public key encryption algorithms in the current standards does not yet exist, government and critical infrastructure entities—including both public and private organizations—must work together to prepare for a new post-quantum cryptographic standard to defend against future threats.”
Even data encryption will be vulnerable
As quantum computing reaches higher and higher speeds, the fear is that data encryption, which underpins the security of healthcare, banking, education, and almost every other vertical, will become vulnerable.
The CISA memorandum warns:
When quantum computers reach higher levels of computing power and speed, they will be capable of breaking public key cryptography, threatening the security of business transactions, secure communications, digital signatures, and customer information.
“This is ominous because hackers will have access to the same technology everyone else has and can use it to break into valuable verticals,” Collins advises. “The good news is that this moment hasn’t arrived, and there is still time to prepare.”
The danger of complacency is real
It is anticipated that there could be 2,000 to 5,000 quantum computers worldwide by 2030. However, it could be 2035 before these tools are in place to tackle business issues because of the numerous pieces of hardware and software required, and the finance industry is expected to benefit most from quantum computing.
“It may sound reassuring to know that we don’t have to deal with this now, and that quantum computing is still a decade away,” Collins says. “But taking this viewpoint would be a mistake. He adds that new technologies could speed up the arrival and that preparation takes time.
Opportunity abounds for MSPs
“Because of the complex network of new hardware and software upgrades that will be needed for the arrival of quantum, many businesses will have to adjust their budgets; some may not be able to put in the funds for several more years,” notes Collins. “You need to get preparations on the calendar now.”
This includes hiring talent. Collins’s advice, “You need to h an eye on the future, that new hires will have the skills, training, and budgets to embrace quantum computing. In addition to budgeting for infrastructure updates, businesses will have to spend money retraining some staff, and this is where MSPs can offer a lot of value as they can keep MSP engineers ahead of the curve on quantum, it’ll be a new service to offer.”
Don’t wait to get up to speed
The National Institute of Standards and Technology (NIST) will publish new guidance in 2024, but CISA is warning companies that they shouldn’t wait for the guidance to start preparing to make the quantum leap. Per the newest CIA bulletin:
Government and critical infrastructure organizations must take coordinated preparatory actions now to ensure a fluid migration to the new post-quantum cryptographic standard.
In a separate statement, NIST delivered a more firm warning:
“NIST constantly looks to the future to anticipate the needs of U.S. industry and society as a whole, and when they are built, quantum computers powerful enough to break present-day encryption will pose a serious threat to our information systems,” explains Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio.
Other ways that Collins recommends businesses prepare for the cybersecurity implications of approaching quantum computing include:
- Engage with Standards Organizations: Subscribe to updates from CISA, NIST, and other government agencies working to develop new standards, and respond when they solicit feedback.
- Inventory and Audit Critical Data: Knowing which data your clients hold now that will be vulnerable will help you and your clients plan for future analysis as it becomes clear which data could be most at risk in a post-quantum environment.
- Audit Cryptographic Technologies in MSP Portfolios: Understand which systems rely on cryptography to function, so you can uncover potential impacts and address them.
“Quantum computing will be a game–changer and while there’s not a lot that can be done on the implementation side today, starting planning today will put MSPs ahead of the pack in harnessing the new quantum technology,” Collins says.
Photo: Bartlomiej K. Wroblewski / Shutterstock