Cybersecurity is a cat-and-mouse game. The latest card that security experts are playing is Artificial Intelligence (AI). With organizations moving beyond the traditional perimeters of their businesses, they need AI to back up their firewalls. Mobile end points, the Internet of Things (IoT), and complex compute environments are opening new and as yet unknown vulnerabilities. AI is the new savior. AI is providing the means to identify threats that even the most experienced experts may not notice or didn’t know exists. This is why AI in cyber security is forecasted to generate revenues of $101.8 billion by 2030 (from $8.6 billion in 2019, at a 25.7% CAGR for 2020–2030)[i]. But AI is programmed by humans. It doesn’t take long for a resolute and intelligent human to defeat another. $101.8 billion is going to be insufficient. Because a new era in cybersecurity is on the way as quantum computing becomes a reality.
Quantum computing will provide businesses newer and faster ways to detect and pushback threats to their digital systems. But technology works both ways. Hackers and dark actors, black hats and script kiddies, will also have access to quantum computing. The result could be that cybersecurity will become a game like blitz chess and bullet chess.
Consider RSA encryption. It is based on the difficulty of factoring large integers and is among the most widely used encryption algorithms. Although it would require a massively powerful quantum computer to break an RSA encryption (to break it requires compute resources to factor 2048-bit numbers), technology is getting to that machine faster than we expect. But relax, it isn’t happening overnight — the machine that breaks RSA encryption is still perhaps a decade away.[ii]
But the world of quantum computing is blasting its way to new and unimaginable frontiers every day, so keep a watchful eye on the technology. In December 2020, the University of Science and Technology of China announced that Jiuzhang, a boson sampling device that is a type of quantum computer, did in 200 seconds what the Japanese Fugaku supercomputer, the world’s most powerful, would take 600 million years.[iii] Monstrous machines like these will turn RSA encryption into history. What the world needs is quantum-resistant cryptography.
As it turns out, the U.S. National Institute of Standards and Technology (NIST) is in the process of assessing 69 new methods of post-quantum cryptography (PQC) and wants to establish new cryptographic standards by 2022.[iv] Before we turn the calendar on 2022, be sure that terms like “crypto agility” and “quantum keys” will dominate technology conversations.
Today, while the world is focused on AI, it is quantum computing that is silently laying the blueprint for tomorrows world. Of course, the wise, seasoned and pragmatic security expert already knows that quantum-resistant cryptography is a very tiny piece of the security puzzle. It can do amazing things for enterprise security (mostly it will begin by confusing the daylights out of CXOs). But fancy quantum-resistant cryptography still won’t prevent privilege abuse; or be able to stop an employee from opening a mail attachment that is malicious and sets off trojans and worms; or prevent a business from confusing compliance with a security policy. These will still require a well-established and age-old intervention. We’ll have to continue to invest in educating users — they will always be the last line of defense.
Founder, Chairman and Managing Director, Microland Ltd