Data Protection

How Quantum Computing Will Impact Cybersecurity

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.

Quantum computers live in research universities, government offices, and leading scientific companies and, except in rare circumstances, find themselves out of reach of bad actors. That may not always be the case, though.

As research on quantum computers continues to move the technology forward, there is a growing concern that these computers might soon break modern cryptography. That would make all current data encryption methods obsolete and require new cryptography methods to protect against these powerful machines.

While the concept of quantum computers is not new, the discourse around them has increased in recent months thanks to continued federal action.

In May of 2022, President Biden released a national security memorandum that outlined government efforts to get ahead of quantum computing security concerns. In June, the U.S. House of Representatives passed the Quantum Computing Cybersecurity Preparedness Act requiring federal agencies to migrate information technology systems to post-quantum cryptography.

This legislation (PDF), which still requires passage in the U.S. Senate, builds off the continued efforts of the National Institutes of Standards and Technology (NIST) to create post-quantum cryptography standards. For its part, NIST released its first four quantum-proof algorithms in July 2022. Not long after, the CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST had been broken using AI combined with side channel attacks.

The Power of Quantum Computing

Even the fastest computers today struggle to break security keys thanks to complexity. It would take years for a system to break down the standard keys, even in the best-case scenarios. This is what makes encryption such a valuable security defense.

Quantum computing looks to dramatically change this time from years to a few hours. While it can quickly get complicated, experts believe many public-key encryption methods popular today, such as RSA, Diffie-Hellman, and elliptic curve could one day be relatively simple for quantum computers to solve.

Advertisement. Scroll to continue reading.

The good news in this scenario is that commercial quantum computing remains in the distance. A study from the National Academies believes future code-breaking quantum computers would need 100,000 times more processing power and an error rate of 100 times better. These improvements could be more than a decade away, but they are something security leaders need to consider now.

It will be too late if we wait until those powerful quantum computers start breaking our encryption.

Leveraging Defense In-Depth

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works. Best practices include things like segmenting networks, leveraging 5G private networks, and leveraging Zero Trust architectures.

Organizations must also secure data at rest. Many databases feature encryption that could become moot in the future. Organizations may need to store certain data offline or have a practice of re-encrypting old files once newer encryption technologies become available.

Right now, everything from browser cache, to password managers, to local Outlook email files is encrypted. If that encryption becomes breakable, organizations may need to reduce the distribution overall to limit risk, at least until better quantum encryption is created.

The Road Forward

The growing concern of a quantum-related cyberattack is not imminent but also not unfounded. Cyber security professionals must remain agile in the face of new threats and changes in thinking. While we move forward to this next challenge, let’s remember to keep a strong foundation.

We are moving toward a future with quantum computing, so prepare your organization now for this emerging threat along with handling the other threats that impact your enterprise today. A defense-in-depth approach acts as a hedge against differing attack vectors. It provides organizations with blanket coverage and a robust defense against various attacks.

Related: Cyber Insights 2023 | Quantum Computing and the Coming Cryptopocalypse

RelatedQuantum Computing’s Threat to Public-key Cryptosystems

RelatedQuantum Computing Is for Tomorrow, But Quantum-Related Risk Is Here Today

RelatedSolving the Quantum Decryption ‘Harvest Now, Decrypt Later’ Problem

RelatedIs OTP a Viable Alternative to NIST’s Post-Quantum Algorithms?

Related Content

Data Protection

By implementing strong security practices,, organizations can significantly reduce the risks associated with lost and stolen computers and safeguard their sensitive information.

Data Protection

The feared ‘cryptopocalypse’ (the death of current encryption) might be sooner than expected – caused by in-memory computing ASICs rather than quantum computers.

Malware & Threats

Privacy-focused messaging firm Signal is pouring cold water on widespread rumors of a zero-day exploit in its popular encrypted chat app.


Britain's interior minister warned Meta that out end-to-end encryption on its platforms must "not to come at a cost to our children's safety".

Identity & Access

Google has released the first quantum-resilient FIDO2 security key implementation as part of its OpenSK project.

Application Security

Cybersecurity news that you may have missed this week: AI regulation, layoffs, US aerospace malware attacks, and post-quantum encryption.

Data Protection

Twitter launched encrypted messaging, offering select users the ability to communicate more securely. But its new service is much more of a baby step...

Data Protection

IBM's Quantum Safe Roadmap was designed to help federal agencies and business meet the requirements and the deadlines for quantum safe cryptography.

Copyright © 2023 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version