The onset of Y2Q
Does anyone remember Y2K, when our calendars flipped to the year 2000? When the turn of the millennium happened, widespread concerns arose over computing systems that had not considered the 00 rollover in the two-digit calendar date format, a lapse that was expected to result in global system failures.
Now fast forward three decades later, the human population is headed for an even bigger crisis and conundrum, an era that is none other than Y2Q, or Year-to-Quantum, otherwise dubbed the new Y2K. Sometimes referred to as Q-day or Quantum Apocalypse, Y2Q can be described in layman’s analogy as the unlocking of a steel vault; in this case, the steel vault refers to encryption, while Y2Q is the universal master key that unlocks the vault, or essentially, the encryption.
The meteoric rise of quantum in a less-than-distant future of global digital infrastructure has looped it into conversations among CIOs, CISOs, and CTOs today. Spoken mostly in terms of quantum computing and quantum networks, the crux with quantum computing is that it will surpass the ability of classical supercomputers in providing high-speed solutions to complex problems, while quantum networks pave the way for ultra-secure data transmission that is resistant to current and future cyberthreats, including those posed by quantum-empowered adversaries.
The real problems ahead
As quantum is the next revolution, the question is no longer when it will change the world, but a matter of how ready we are when it disrupts. With its ability to process complex algorithms and break codes quickly and effortlessly, quantum has the potential to solve complex problems such as predicting climate change. And so, the future reality is shaped by the fact that what once took millions of years to break could soon be cracked in minutes.
But with the emergence of every good use case comes the risk of bad actors misusing the technology, and in this case quantum, to break asymmetric encryptions and pose a major threat to cryptographic methods used in cybersecurity. This means that what is currently deemed secure will not remain so, especially as the term “store now, decrypt later (SNDL)” points to the scenario in which bad actors acquire currently unreadable encrypted data and wait for the time when quantum computing can decrypt them.
Stay concerned, but prepared
While quantum is set to disrupt the way we operate, it presents an opportunity to strategise our systems to be cyber-protected. With every risk, there is an opportunity to leverage. The power of quantum computing may give it the potential to decrypt the RSA public-key algorithm, but quantum tech can generate high-level encryption, making it almost unbreakable. RSA is a well-known public-key cryptosystem used for secure data transmission. Breaking RSA-2048 encryption with today’s supercomputers could take an estimated 300 trillion years. However, a quantum computer could theoretically accomplish it in under 24 hours, creating havoc in today’s security infrastructure.
According to Gartner, inquiries about demystifying quantum computing have doubled in the past couple of years, with 20% coming directly from CIOs, which can be viewed positively as quantum computing is already on the radar of organisations. Now that organisations may have some sense of what is coming, it isn’t a time to panic but to prepare. Quantum is something that everyone should be concerned about and not limited to certain stakeholders. With the right mindset and understanding, businesses owe it to themselves to move beyond traditional cybersecurity measures and protect critical assets with quantum-safe approaches.
PQC and emerging defences
Some of you may have heard about post-quantum cryptography (PQC), but for those who have not, it is a new algorithm that aims to resist quantum attacks from even the most powerful quantum machines. Devised using mathematical algorithms, PQC is available today. It is tied to a migration deadline of 2035, which experts associate with the anticipated arrival of Q-day, when quantum computers may be powerful enough to break most encryptions. Global standards for PQC are being developed by the United States National Institute of Standards and Technology (NIST), known as the Federal Information Processing Standards: FIPS 203, FIPS 204, and FIPS 205. Each standard has its own attributes and use cases.
Besides PQC, another threat-resisting method that has been developed is quantum key distribution (QKD), which, unlike the former, is based on physical properties and allows parties to securely exchange encryption keys using particles of light.
Currently, there are telco operators and technology providers exploring and running experiments into quantum capabilities while deploying PQC in their networks to define cryptographic methods that can withstand quantum computing power, particularly when combined with QKD for future-safe 5G telecom infrastructure. These experiments are expected to support the development of more robust security mechanisms to protect systems and infrastructure against foreseeable quantum threats.
What organisations and employees can do
For organisations, moving towards a quantum-safe journey entails:
- Clear leadership, in ensuring timely and coordinated action for early preparation and investment.
- Collaboration, through in-depth sessions with technical and security teams.
- Strategic consultation, such as seeking guidance from relevant experts on awareness, strategy, and migration.
- Exploring PQC and QKD through hands-on evaluation.
Taking a gradual approach to quantum technologies can help enterprises adjust their protection as needed while supporting their existing infrastructure. Additionally, it is crucial for companies to know how to protect themselves against SNDL attacks, as in addition to decrypting, criminals can also disrupt (through fraudulent identification) and manipulate (by forging digital signatures).
Employees can also become crypto-agile and crypto-ready to contribute to an organisation’s quantum readiness by:
- Upskilling by learning cryptography and quantum basics.
- Sharing knowledge by reading up on PQC, NIST standards, and the main developments in the field.
- Maintaining a zero-trust mindset by assuming encryption may fail in future or possibly sooner.
- Being aware of what is coming.
- Asking your vendors how they are approaching quantum computing and quantum networks today.
Together, we can navigate the quantum transition more consciously and securely by encouraging secure design principles, especially as quantum is set to reshape our landscape with cybersecurity, national defence, intelligence gathering, economic competitiveness, and critical infrastructure resilience.
