Mike Rogers, chairman of Claroty's board of advisors, expects quantum computing will be a double-edged sword in the post-quantum era depending on how organizations employ it. For example, it can strengthen or defeat traditional encryption.

Rogers told SDxCentral in an email interview about the risks and threats in a quantum world, the potential challenges critical infrastructure sectors will face, and what security leaders can do to prepare.

SDxCentral: What might cyberattacks in a quantum world look like? What are the biggest threats?

Rogers: Quantum computing is a technology that has great applicability against very meaningful problem sets. But it is not the technology that is the problem but rather how man chooses to employ it. Quantum technology is likely to be employed both to gain advantages as well as precluding others from gaining advantages. Encryption is a great example of such a dynamic: quantum technology will be used to both strengthen encryption as well as defeat it.

Overall, quantum computing is likely to have its greatest applicability (and advantage over current computational means) against problem sets that have large data sets, a large number of variables within that data, or variables that have a high rate of change over time. One example of such a problem set is commercial encryption, which generates such a massive amount of permutations within its data fields that current computers can't overcome them and access the underlying data being protected. Quantum holds the possibility of being able to power through those permutations and unlocking the data being protected.

Think of the data and functionality that we count on that is currently underpinned by strong encryption: banking, online commercial activity in general, OT/ICS remote functionality, etc. Should we lose that ability to protect data from external access or manipulation we will have real problems and our basic models for cybersecurity will be fundamentally undermined.

SDxCentral: Do attackers already pour more resources into the quantum world other than “harvest now, decrypt later?”

Rogers: Many nation states are very focused on developing and gaining use of quantum technology, both to gain new advantages as well as in figuring out how to overcome the application of quantum technology against current cybersecurity methodologies.

Several of those states are also focused on generating the large pools of data to employ quantum technology against with the view that even old encrypted offers value should the encryption be overcome.

SDxCentral: What is it going to take to break cryptography with a quantum computer?

Rogers: Breaking current encryption is a very difficult task, one likely to take many years before it is achievable through the use of quantum computing. To generate the needed computational power will require the ability to integrate tens of thousands to hundreds of thousands of qubits (the basic building blocks of quantum computing, like bytes are to current computational constructs) and to keep them stable over time. Current state of the art in quantum computers is approaching 500 qubits - so we have a ways to go here.

SDxCentral: Why will critical infrastructure sectors be more vulnerable to attacks in a post-quantum world?

Rogers: Protection of our critical infrastructure against cyberattacks is in no small part built around the use of commercial encryption to protect its associated data or software. If that can be accessed and interrupted, manipulated, or extracted to identify vulnerabilities within these systems, the resulting loss of functionality can cause significant economic and physical harm to include potential injury or loss of life.

SDxCentral: Other than post-quantum cryptography (PQC) transition preparation and crypto agility, what else do organizations and security leaders need to do now as the quantum era creeps closer?

Rogers: As the quantum era creeps closer, this is a journey that is going to take some time. We have a multitude of nations looking to develop the technology, with the U.S. and China being the most visible. Quantum represents a significant inflection point and because of that it’s a disruptor both good and bad. Given the disruption impact, we need to work together. Additionally, we should be harvesting the data now in case it may not be useful now, but impactful down the road.

Photo: Mike Rogers. Source: Claroty