Quantum computing offers tremendous opportunity to unleash a step change in high scale data processing, underpinning enhancements in areas like data analytics and the adoption of automation and artificial intelligence. Driving our ability to model energy flows; predict energy consumption; assess environmental impacts of services; evaluate weather impacts on green energy generation; optimise asset deployment; and automating the systems that enable them. All capabilities critical to the energy sector, empowering its move to digitisation and facilitating energy management in a disaggregated market of energy generation, storage and transmission.
Like any technology quantum compute can be used responsibly or maliciously, for good or for bad.
Such capabilities represent another ratchet in the ongoing cyber arms race as we move ever more to dynamic interactions between threat actors and those defending data and services. All exaggerated by an increasingly hostile environment, with advanced threat actors seeking to weaponise energy supply and attack our Critical National Infrastructure.
As the security paradigm moves from protective security to disruptive defence, leveraging reactive and deception-based techniques, the need to evaluate and model the cyber battle space and to differentiate truth from falsehood in near real time becomes ever more critical. Good decision making comes from accurate and actionable intelligence and quantum compute can provide a competitive advantage materially impacting Security Operations Centre (SOC) services and our approach to managing and securing our estate.
At the forefront of this change is the threat to current encryption algorithms, especially those supporting asymmetric cryptography, the bedrock of Public Key Infrastructure (PKI). These threats are well documented and pose a real threat to business and its associated trust mechanisms. Threats to our current encryption standards are developing just as our dependency increases as we deploy into the cloud, expand our use of IOT and move towards microservices and zero trust models of security based on cryptographic identity provision.
The European Union and the US NIST are actively working on quantum resistant algorithms, and it looks like 2023 will be a key date in their evolution through standardisation of quantum resistant algorithms. No doubt the major crypto vendors will closely follow. But implementing and replacing current cryptographic technology and managing increasingly complex and dynamic key material is no easy task, especially in industries with significant legacy Operational Technology (OT) estates and, ironically perhaps, growing reliance on the Internet of Things (IOT).
Managing this kind of change requires a sound understanding of the nature of the threat to classical encryption systems by quantum compute; handling its impact with good risk management practices, and careful planning to transform to post-quantum encryption solutions. Driving cost effective adoption that is proportional to an evolving risk landscape over time. See our risk management paper on Beyond Critical National Infrastructure.
Like any new technology the business focus needs to be on what it can do for you; how can it help you achieve your business objectives; how will it disrupt your business; and how can others abuse it to cause harm. This is a classic business transformation journey! We are seeing an uptick in general interest around leveraging quantum compute and believe 2023 will be the year companies actively start preparing their defence for the quantum assault on cryptography. Driven by emerging industry standards and services that are actionable. As such we are reaching an inflexion point. Now is the time to consider where it will take you, what’s the best route, what are your early steps, how to build in security by design and who should you partner with to deliver.
This blog was guest written by CGI expert Dr Alex Baxendale as a guest blog for techUK and was originally published here.