Fighting cybercrime in the age of quantum computing

SeeQC/Handout via Reuters

In 1981, when the Nobel prize-winning physicist Richard Feynman proposed a model for a “quantum computer”, no one imagined how the technology would overcome the limitations of traditional computers.

By harnessing the world of subatomic physics, quantum computers enable us to process, store and transmit information with speed. This presents several opportunities for the Middle East.

In Saudi Arabia, quantum computing is accelerating the kingdom’s drive to achieve its Vision 2030 objectives. 

Zapata Computing, a software company, is working with King Abdullah University of Science and Technology to examine how quantum technologies can aid research, as well as important sectors such as oil and gas.

In the UAE, the region’s first quantum computer has been unveiled at Abu Dhabi’s Technology Innovation Institute, brought in from Finland. 

However, there is a downside to the age of quantum computing. We must prepare ourselves for new cybersecurity risks.

• Mena IT spend expected to reach $184bn this year
• Opinion: The psychology of phishing attacks
• Gulf tech trends to watch in 2024

The emergence of this technology makes critical areas such as government intelligence, digital payments, blockchain transactions, health records and national infrastructure more susceptible to security breaches. Businesses must remain vigilant and take measures to mitigate these threats. 

To understand the risks, we need to look at the basics of quantum computing. Conventional computers rely on bits as the fundamental unit of information, which can only be either 0 or 1.

By contrast, quantum computers use qubits, or quantum bits, which can exist in more than one state simultaneously.

This empowers quantum computers to perform complex calculations exponentially faster than classical computers, potentially solving previously unfixable problems.

But quantum computing can compromise the foundations of cybersecurity, primarily through its impact on encryption and public key infrastructure (PKI) encryption in particular. It threatens the integrity of digital documents and the encryption of sensitive health and financial data.

It may eventually become powerful enough to crack PKI encryption using an algorithm originally developed in 1994 by Peter Shor (Shor’s algorithm). This scenario is being termed the “cryptopocalypse”​​​​. Confidential business communications and sensitive customer information could be exposed to malicious actors in seconds.

To counteract this, governments and private organisations should be continuously assessing their cybersecurity protocols to identify potential vulnerabilities. They will need to adopt post-quantum cryptography techniques. This can be complex and costly, requiring substantial changes to existing systems and protocols.

Warding off the ‘cryptopocalypse’

First, enterprises need to identify those algorithms that are vulnerable to quantum computing attacks.

Next, we encourage organisations to revisit and manage their cryptography capabilities effectively, focusing on clarity and a willingness to adapt​​. Collaboration across various sectors is essential to create more robust defence strategies​​.

Third is the transition to quantum-resistant encryption. This involves adopting new algorithms that are believed to be secure against attacks​​.

Fourth, risk managers should examine the shelf life of data and the life cycles of their systems to determine the appropriate timing for implementing mitigation measures​​.

As we stand on the brink of this quantum era, I find myself re-evaluating my understanding of digital security. Our 2024 Digital Trust Insights survey indicates that mitigating cyber-risk remains a top priority for organisations in the Middle East – even higher than microeconomic volatility, inflation and geopolitical risks.

The strategies I have outlined above are just the beginning. We need a concerted effort from governments, industry and academia to develop robust quantum-resistant cryptographic standards.

I also see a need for greater awareness and education on quantum risks among cybersecurity professionals. This is a new frontier and we need to equip ourselves with the knowledge and tools to navigate it.

A proactive approach to cybersecurity is more critical than ever. We do not know for sure when a breakthrough will happen, but if the introduction of ChatGPT and other large language models is anything to go by, the impact is likely to be sudden – and in this scenario it could be devastating.

We need to plan for quantum threats, rather than react to them after the fact. By doing so, we can ensure that our digital infrastructure remains secure and resilient in the face of quantum computing’s unprecedented capabilities.  

Haitham Al Jowhari is partner, digital infrastructure and cybersecurity, at PwC Middle East in Saudi Arabia