When it comes to the imminent and tremendous advances in quantum computing, do you wonder what position the world will be in, in just a few years' time? Do you wonder what government, industry and our adversaries are doing, and what you should be doing?

The truth is that no one knows exactly what the state of quantum computing will be in the future, but there are already great strides being made by governments, academics and industry around the world in the race for 'quantum advantage.' When quantum advantage is achieved, bad actors won't need a sub-zero lab of their own, but will most probably be accessing it via a cloud service, much like the advanced technology of ransomware that has been made available to every crook with a computer and a credit card today.

Defensively, key components of quantum resistance and encryption are now a reality, while quantum communication is underway and quantum clouds are beginning to become available for sensitive operations. The time for governments and companies to get ready is now. Our adversaries already are.

The threat to governments, critical infrastructure and businesses, large and small, is most certainly real…it's just maths at this point. And these threats have already begun, with a new era of adversarial behaviour called 'steal now, decrypt later.' In these SNDL scenarios, adversaries are stealing large volumes of critical encrypted data that they cannot yet decrypt, but are confident that their coming quantum computers will soon be able to. We also know that quantum computer supported encryption hacking will come online years before the more mature quantum systems evolve; again highlighting that the most valuable information be protected now.

PRESIDENT STEPS IN
This matter is so significant, the President of the United States issued a National Security Memorandum and an Executive Order (EO) on 4 May 2022 aimed at securing the nation's competitive advantage in quantum information science (QIS), while mitigating the risks of quantum computers to the nation's cyber, economic and national security. This is the fourth such action just this year.

Current public key encryption schemes rely on the outdated premise that it would take the fastest computers too many millions of years to be able to factor large prime numbers. So, as computers got incrementally faster, we just added extra bits to the key length to keep that premise alive. As the rapid advances of quantum computers over this past decade have gone from science fiction to science fact, we are getting closer and closer to 'Y2Q', when a quantum computer can run Shor's algorithm and read everything we've ever encrypted, regardless of key length. We need to not only have come up with better encryption by then, but we will need to have it be adopted, distributed, installed and maintained worldwide in advance. That takes years, so the time to begin that process is now.

Norman Willox.
A bipartisan bill, the Quantum Computing Cyber Preparedness Act, was introduced into the House of Representatives in April, which seeks to speed, strengthen and provide regulation of quantum cyber security. The authors of this article both support this bill. While the bill helps to highlight the tremendous risks that are associated with the adversarial use of a quantum computer to decrypt government files and communications, it does not address the same need in the 16 critical infrastructure areas of our private sector. While this bill is a welcome step, Congress could go even further in protecting private corporations and business from this emerging and potentially imminent threat.

The private sector owns approximately 85% of our critical infrastructure. Imagine if all our health records were laid bare, our banking information zeroed out, our transportation shut down or our energy turned off. All these critical infrastructure sectors rely on trusted encryption to provide even the most basic of operations. Additionally, the Federal Government is supported by a very large defence and security industrial base that has extensive sensitive government and industry information. Protecting these critical supply chains is as important as protecting the agencies themselves.

FOUR-STEP PROCESS
In order to protect against bad actors using quantum computing in criminal, terroristic or intelligence activities, we believe that every component of government and the critical infrastructure sectors should be implementing a four-step process immediately:
Tom Patterson.

• Conduct a complete inventory of where your organisation uses encryption; document the specific encryption details including algorithm, key distribution, provider, and partner(s)
• Begin to make your encryption 'agile' in a way that will allow for easier changes in the future
• Leverage the latest encryption available today, like the Messaging Layer Security (MLS) that is already designed to resist aggressive collection methods for communications and collaboration, and quantum-generated shared keys for symmetric algorithms
• Research and test the NIST candidate 'quantum resistance' algorithms (available via the providers you've just inventoried) AND the newer 'quantum encryption' systems that rely on currently available use of quantum physics with random numbers, keys and more to provide provably secure encryption today with some existing algorithms.

KEY TO SUCCESS
We believe the above four steps are the key to success for today and tomorrow. A quantum-proofing strategy today is both needed and required. Finding the right talent, experts, partners, products, and tools to do such and keep on delivering it into the future will be paramount. There is an understand-able misconception that the threat of adversarial use of quantum computing is just for governments to worry about. But it has the potential to affect everyone and every business. Everyone has secrets, intellectual property and sensitive information that is the cornerstone of their business or life, and everyone is vulnerable when it gets out.

Today's ransomware has shown that the most sophisticated of cyber weapons quickly finds its way into criminal hands. So, what secret data do you have that you rely on systems to keep safe? Will you favour a product that can protect your information into the future or doesn't it matter to you?

AND DON'T FORGET ALL THE VIRTUES!
While we are sounding the warning bells to get ready for quantum computing, we certainly can't end this piece by not also extolling all the virtues it will bring. Quantum computing promises not just faster computing, but computing in completely new ways. Entirely new problems can be crafted and addressed, communications can become instantons, universal and secure, remote sensing will be a reality, and so very much more. Beyond code-breaking, sectors including fintech, pharma, logistics, communications, space, climate and data analytics are all actively working to leverage the quantum computing on the horizon.

In the 1960s, Albert Einstein famously called quantum computing 'spooky.' Today, with everything we now know, we find quantum computing exhilarating!

It will take us to intellectual places we have never even imagined and solve problems we never thought solvable.