The following op-ed first appeared in the Ottawa Citizen on October 4, 2023.
Within the next five to 25 years, quantum computing will be commercially available. All the big tech players, from Google and Microsoft to IBM and Amazon, are currently developing their own quantum technologies to prepare for this impending quantum boom. Canadian businesses will adopt this technology, but, as we see with cybersecurity and AI, society may not be prepared for the consequences.
Quantum computing delivers exponentially more computational power than traditional computers. These computers process at the molecular level, with a vast working space for simultaneous exploration of numerous directions.
Quite simply: quantum computers process information much, much faster.
Complex computational problems, which would take millennia for regular computers to solve, can now be accomplished in seconds, as was notably highlighted by Google’s 2019 quantum breakthrough.
Quantum capability could solve some of society’s most pressing problems, from reducing the impacts of climate change, to streamlining complex transportation issues, to increasing innovative capacity for tackling health-care challenges.
By utilizing this additional computing power, many businesses will be able to introduce new products and services — such as finance, manufacturing and biotechnology — and vastly improve quality of life as we know it.
There is, however, a dark side to quantum computing, something known as the quantum threat.
While there are many ways that criminals could leverage quantum computing, the primary threat is where computational power is used to break or weaken commonly used encryption.
Traditional computers cannot do this.
Asymmetric encryption employs an algorithm or public key that protects data using a hard mathematical problem, then another private key to unlock it. Current computers cannot solve that difficult mathematical problem.
Quantum computers, however, allow for multiple, simultaneous calculations that can readily solve complex mathematical problems, thereby allowing the decryption of the public key. This presents a pressing problem for Canada.
The average Canadian uses encryption to protect personal and health information, private online communications and financial transactions. For organizations, encryption is used to protect sensitive company information, finances, trade secrets, source code, intellectual property and transactions.
In short, unless we act, the quantum threat could create chaos across our personal and business lives.
In Canada, we are fortunate to have some of the best talent in the world dedicated to creating quantum-safe or quantum-resistant standards and technologies.
Technology alone won’t shield us from cyber threats, especially those exploiting quantum power. We require not only quantum-safe tech but also the right processes and knowledgeable individuals in place to ensure we are quantum-safe.
But will we have these? Our experiences in cybersecurity would suggest no.
Cybersecurity is predominantly viewed as a technical concern with a focus on digital solutions such as security systems and software. These are important, but they are not enough.
Effective cybersecurity relies on investments in people and processes, including educating employees and the public on cyber risks, implementing preventive practices, and training cybersecurity experts. Investing in people and processes is often more cost-effective than technical solutions.
Unfortunately, as we’ve seen elsewhere, we often adopt technology before we fully understand the consequences of its use. The implementation of AI currently exemplifies this: we’re all using it without truly understanding its potential consequences.
As is the case in cybersecurity, to adequately defend against the impending quantum threat, we must recognize that many of the actions to protect our data and systems will be performed by people – supported by technology.
Being “quantum-safe” requires investment in identifying quantum risks, implementing security measures to mitigate those risks, and ensuring appropriate education and training. In other words, it requires investment in people and processes. These actions will go a long way to helping manage the impending quantum risks.
We must learn from cybersecurity failures. Yes, we need technical experts and technical solutions to respond to quantum threats. But equally important, we need individuals in diverse roles who comprehend the necessary actions and will establish safeguards for our businesses and livelihoods.
If we don’t look more holistically at what is required to address the quantum threat — the technology, the people and the processes — then we simply won’t be prepared.
Randy Purse, CD, PhD, CTDP, is a senior cybersecurity advisor at Rogers Cybersecure Catalyst, Toronto Metropolitan University’s centre for research, training and innovation in cybersecurity.