While artificial intelligence (AI) has been sucking all the oxygen out of the room when it comes to IT discussion and hype, another change is on the horizon. It may be just as consequential, and managed service providers (MSPs) would do well to start preparing now. That change is quantum computing.
For more on this emerging trend, SmarterMSP checked in with Tim Hollebeek, Industry Technology Strategist at DigiCert.
Hollebeek points out that quantum computers are not general-purpose computers. Instead, “Yet, once (the computers) are sufficiently powerful, they certainly will be able to break public key encryption,” Hollebeek states, adding that this has been known since the 1990s.
Up until now, however, it has been a theoretical concern since no one knew how to build a quantum computer. “Now that quantum computers are becoming a reality, it is only a matter of time before they become powerful enough to compromise the asymmetric encryption algorithms currently in use,” adds Hollebeek. A Cryptographically Relevant Quantum Computer (CRQC), which researchers have yet to develop, is the term for such a quantum computer.
“Existing quantum computers only have between hundreds to one thousand noisy qubits being used to create a handful of stable, error-corrected ones,” explains Hollebeek. He adds that a CRQC needs to have thousands of stable qubits, which probably requires millions of noisy ones to implement. “So, while the capabilities of quantum computers are rapidly advancing, they aren’t quite to the point where they threaten classical encryption, but probably will get there in the next 5-10 years or possibly sooner,” he projects.
MSPs must prepare for a safe post-quantum computing future
Hollebeek notes that we need to revise the comparison between quantum computers and the popular AI language models running on the most advanced data center-edge infrastructures, instead of comparing them passively.
“It’s apples and oranges. Quantum computers are not general-purpose, so their advantage over traditional computers depends on the task. Unfortunately, factoring large numbers just happens to be one of the things they are best at,” Hollebeek shares, adding that on other tasks, they may not have any advantage at all. “So, it is impossible to directly compare them, in general.”
Some cybercriminals may be harvesting data now to decrypt later when the computers become more powerful. Hollebeek says this is a real concern. “The threat is real, and organizations need to prepare now for a safe post-quantum computing future,” Hollebeek says. Digicert and Ponemon partnered to produce a report on how to prepare, you can view it here.
Hollebeek says the National Security Agency (NSA) has called on organizations of all sizes to move to as much quantum-safe encryption as possible by 2035. “Systems and data that need to be secure for a long time into the future are the most important. This includes things like firmware signing, signatures that need to be trusted for years, and stored data and network transmissions that need to be secret for a decade or more,” he explains.
Hollebeek adds it is reasonable to speculate that once sufficiently powerful quantum computers exist and are available in a cloud-hosted environment, bad actors will likely be early adopters. “We’re also getting close to the time when a secret project by a nation-state is not outside of the realm of possibility.”
Preparing for the new era
As far as preparing goes, moving to quantum-safe encryption algorithms is the simplest and fastest protection against threats posed by CRQCs. “These algorithms are in the final stages of standardization and organizations should start rapidly adopting them throughout 2024. Quantum key distribution is another possible solution. However, it requires custom hardware and fiber-optic connections. It is not compatible with widespread use and is limited to very high-security use cases,” notes Hollebeek.
Other experts agree that quantum doesn’t pose a threat yet but that it bears watching.
“The threat of using quantum computers for cyberattacks is not very real at the moment. We are in the early stages of quantum computing and have significant technical challenges to overcome before they become a real threat,” Alex Sheplyakov, CTO at Wiserbrand, voiced. “This decade will likely determine whether quantum computing even has a future, or whether breakthroughs in high-temperature superconductors or quantum theory are necessary to make it a reality.”
Sheplyakov says MSPs will be in a strong position if quantum becomes a reality. “MSPs, in particular, are in a great position to serve as comprehensive security partners for small and medium-sized businesses (SMBs), offering robust first and second lines of defense that are adaptable to the evolving technological landscape.”
Photo: Bartlomiej K. Wroblewski / Shutterstock