With quantum computing on the horizon, Jitendra Nandwani, SVP of Security Services, Zensar Technologies shares how to secure IoT against these threats
The enigma of quantum computing (QC) has captured global attention. The advancement of this technology brings with it unprecedented opportunities but also significant cybersecurity risks.
For government departments and businesses using sophisticated, specialised IT, now is the time to take steps to secure everything from power grids and banking, to IoT infrastructures. While the risk is great, through understanding emerging threats and proactively preparing for quantum cybersecurity risks, teams can safeguard systems and data even as advanced threats develop.
The quantum landscape
Classical computers perform computations using bits, which can store either a 0 or 1. In contrast, quantum computers use qubits (quantum bits), which can store 0, 1, or both 0 and 1 simultaneously, with different probabilities. These qubits represent the probability distribution through the waveform patterns of quantum particles and operate at the data distribution level itself.
As a result, quantum computers perform fewer unnecessary computations than classical computers, enabling them to handle much larger calculations. This has significant implications for industries like IoT. For instance, quantum-enhanced machine learning could enable IoT devices to learn from large datasets more quickly and accurately. Additionally, quantum computing could help manage the growing number of IoT devices and sensors by improving the infrastructure’s ability to handle large-scale operations efficiently.
QC is rapidly transitioning from theory to practical innovation. In March, JPMorgan Chase achieved a critical industry milestone by demonstrating a potential application of a quantum computer. Similarly, Google has unveiled a QC chip which it claims takes five minutes to solve a problem that would currently take the world’s fastest super computers ten septillion to complete.
However, challenges to adoption still need to be overcome, such as improving processing power, efficiency, portability, availability and stability.
Globally, the most significant consideration is potential cybersecurity considerations, as QC has the ability to crunch numbers at incredible speed, making it a serious threat to encryption.
Quantum is coming…and bringing new cybersecurity threats with it
QC poses a unique but significant challenge to existing encryption protocols, recently demonstrated by the UK cybersecurity watchdog warning about the future risk of QC hacking. The National CyberSecurity Centre (NCSC) is encouraging businesses and governments to begin preparing now for the arrival of QC hacking by 2035.
Asymmetric cryptography is currently the most secure encryption process, as it uses a pair of related keys, one public and one private, to encrypt and decrypt a message and protect it from unauthorised access or use. Asymmetric cryptography relies on the difficulty of solving certain mathematical problems, such as integer factorisation and discrete logarithms, which are easy to compute in one direction, but extremely hard to reverse without specific knowledge, such as a secret key.
The security is based on the assumption that, without the private key, the mathematical problems are too difficult to solve efficiently using classical computers. However, a quantum computer could break these encryptions within minutes, meaning cybersecurity analysts need to prepare for a time when quantum computers can crack the most widely used forms of encryption, a moment they have termed ‘Q-Day’.
This event would fundamentally alter the landscape of digital security globally as previously collected encrypted data could be decrypted and exposed, leading to massive privacy breaches across banking, national security departments, business and consumers. Consequently, the world would be facing increased theft, phishing and scams, ransomware attacks and Corporate Espionage.
Quantum cybersecurity measures
Large and small alike, enterprises relying on current encryption standards need to understand the risks and take proactive measures to secure data and systems. The focus needs to be on proactivity, as recovery is always more painful, expensive and difficult than prevention.
To ensure prevention against quantum cyber threats, organisations need to stay informed, aligned and trained on Post Quantum Cryptography (PQC) guidelines shared by the NCSC. PQC is the development of cryptographic systems for classical computers that can prevent attacks launched by quantum computers to protect sensitive data as asymmetric cryptography algorithms become potentially obsolete.
The guidance provides key dates for migration activities that UK industry, government and regulators should follow to help modernise cryptographic environments. Cybersecurity leaders need to ensure they are providing teams with a clear roadmap and the necessary quantum impact awareness training and education.
A Zero Trust architecture should also be adopted. This is a secure infrastructure outline which works on the trust concept wherein the authentication, authorisation and continuous validation is carried out by organisation network architecture. This limits, monitors, and controls data movement, as no user or device can gain network access without authenticating and being assigned application layer access rights. This approach should be supported by advanced threat intelligence, active monitoring and the use of Security Operations Centre services.
Teams should also use advanced security techniques to protect sensitive data during transmission and storage, such as multi-layer encryption. Also, Quantum Key Distribution (QKD), a secure method for exchanging encryption keys between parties using quantum properties to secure communication, designed to protect against future quantum attacks as well as other emerging threats. It works by transmitting photons over fibre optics, where the photon’s quantum state is measured and used to generate a key. Any tampering during transmission is detectable because observing the photons changes their state.
Ready for the quantum shift
The rise of quantum technology presents both extraordinary potential and significant cybersecurity challenges. Due to the technology’s ability to potentially break current encryption methods, it’s vital that cybersecurity teams stay informed on emerging threats to keep IoT infrastructure and other valuable assets secure. With the right preparation and robust resiliency plans , such as deploying PQC, ensuring a Zero Trust architecture, implementing multi-layer encryption, and utilising QKD, organisations can stay ahead of emerging threats.
Jitendra Nandwani is SVP & Head – Cloud Infrastructure & Security Services at Zensar Technologies. He is responsible for leading a team of high-performing units who help enterprise clients achieve transformation through Cloud adoption and professional services.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.