The last decade has seen several science and technology
breakthroughs. From self-driving cars to 3D-printing, clean energy technologies
to artificial intelligence assistants, progress has been swift. While some
technologies take decades to become useful, others disrupt quickly. In 2019,
two major technologies have been making headlines but aren’t being taken very
seriously – #artificial_intelligence
(AI) and quantum
computing (QC). These technologies would change the nature of cyber-attacks.
Artificial intelligence can be used to not only probe but also to specifically
tailor attacks against organizations and other targets. We’ve already seen some
instances of #AI used to copy the voice and mannerisms of a person to create
something that looks and sounds as though the real person said it called “deep
fakes”.
Quantum computing took off in the early 90s and is now emerging
as the next generation of computing. Operations that take hours and days, will
happen in seconds with quantum power. With that #technology, the scaling of
computations goes up dramatically, to the point where the time needed for
breaking traditional encryption would shrink to weeks, or maybe even minutes.
This means breaking some of the foundational encryption we see in use today.
The estimates for when QC will really take off range anywhere from 5 to 20
years. One thing we do know, however, is that QC has the potential to
completely transform the cyber threat landscape.
That said, quantum computing poses risks to some cryptography
algorithms. For instance, public-key cryptographic algorithms, which are based
on the discrete logarithm problem, elliptic curve logarithm problem, and
integer factorization problem (RSA encryption) are susceptible to brute-force
attacks using Shor’s algorithm. Whoever develops the quantum computers first
would be able to break legacy encryption protecting historical information.
Parallel to the development of quantum computing has been that of
“post-quantum” or “quantum-resistant” cryptography to create encryption mechanisms
that are resistant to quantum computing decryption capabilities. It remains to
be seen whether these will achieve widespread adoption prior to quantum
computers’ ability to trivialize existing encryption schemes.
While threat actors may use quantum computing to defeat some
encryption algorithms, we expect that the adoption of quantum key distribution
(QKD) will increase the secrecy of communication networks. The nature of
quantum key generation and distribution guarantees communication systems’ security
because the observation of a quantum-generated key will necessarily degrade or
otherwise alter the key in a detectable fashion. As a result, we predict this
will severely inhibit traffic interception schemes, as recipients would be able
to identify messages that have been viewed prior to their receipt.
As of today, quantum computers exist, and developers can
access them through the cloud. However, current quantum computers have some
limitations, including the instability of quantum computing environments, which
makes their practical use more difficult. Researchers are currently working to
mitigate these inhibitions. It should be noted that quantum computing is still
primarily in the research and development phases; large-scale application
production and rollout has not occurred yet. Companies and countries are
spending millions of dollars to win the race to get there first. U.S. quantum
computing development has achieved good performance in terms of the raw number
of qubits (72-qubit processor); however, China currently has the record on
experimentally demonstrating an 18-qubit entanglement that is the basis of quantum
computation and quantum communication. China may be behind in raw quantum
computing hardware, but they are making good headway on finding applications
for quantum computing once it becomes a reality. While quantum computing is
still years away from becoming a conventional technology, it is a tight arms
race.