Notes from a CSIS Virtual Event: Cybersecurity in the Quantum Future

By Jacqueline Lee

On June 15, CSIS hosted a panel discussion on the future of cybersecurity and quantum technologies with experts Lisa O’Connor, Director of Global Security Research and Development at Accenture Labs; Josyula R. Rao, CTO of Security Research at IBM; and Dustin Moody, a mathematician at NIST that leads their Post-Quantum Cryptography project. The panel was moderated by James A. Lewis, SVP and Director of the CSIS Strategic Technologies Program.

The conversation started out with an assessment on the current state of quantum computing and what organizations can do to prepare for what a quantum future may entail. While there is great excitement for the potential behind quantum computing, increased availability of quantum capabilities also introduces new risks. All agreed that we may be closer than we think to a future where quantum technology poses a significant threat to the nation’s digital infrastructure. O’Connor asserted that we are in a “borrowed time” space and should be preparing for quantum by thinking how to re-architect our infrastructure for crypto-agility. Rao echoed this sentiment, stating that “the threat is today.”

Moody explained how core to this problem is quantum computing’s ability to perform computationally expensive calculations at unprecedented speeds. This capability deployed at a large scale will threaten existing cryptographic techniques—leaving a range of applications from ATMs to emails vulnerable—unless we replace those algorithms with those that are “quantum-safe”.

In its efforts to achieve such quantum resistance, NIST organized an international competition in which teams designed and submitted algorithms that can provide protection against quantum attacks. While Rao hypothesized—and Moody confirmed—that more than one algorithm can be found to be the “best” depending on the application and use parameters, Moody disclosed that there will be a NIST-supported algorithm by the end of the year.

The panel also expressed enthusiasm for the benefits that quantum computing holds for cybersecurity. O’Connor spoke of quantum’s “really fun properties,” which could be used in novel ways such as revocation of sensitive data and access, efficient algorithms for machine learning, enhanced digital twins for modeling security architectures, and high-quality random number generation which lies at the core of most cybersecurity techniques deployed today. Rao expressed similar excitement in the ability to capture the state of a system—such as in detecting an eavesdropper—by measuring qubits, the basic unit of quantum information. Moody built off this notion of “cryptography guaranteed by the laws of physics” and spoke of the rise of quantum as a good opportunity for organizations to re-evaluate their cybersecurity practices and protections.

Regarding what companies should be doing now to engage with the developing dynamics of quantum, the experts provided advice that was indicative of their backgrounds. O’Connor encouraged companies to change how they think about their business problems and begin a process to determine where the opportunities to engage with quantum are. She described that a proactive approach could help organizations determine what the early wins for quantum computing are and plan for what is in store. Rao focused on following the development of quantum technologies and identifying opportunities to apply quantum to gain competitive advantage, predicting that the disruptive nature of quantum computing could result in a significant realignment of market shares across fields. He also spoke of the importance of public-private partnerships in this space, to not only advance the fundamental science behind such technologies, but to also develop the roadmaps and hybrid (quantum and traditional computing) models necessary to harness their full capabilities. Lastly, Moody cautioned against acting too quickly to implement a quantum-resilient algorithm before NIST announces a standard. At the same time, he advised that companies should indeed start to assess internally where they stand and where they want to be.

Taking all of this into account, is the United States organized and ready for a quantum future? The experts seemed to think so; however, they also agreed that more can be done. Rao voiced the need to increase national security in a quantum sense and anticipated a long period for hybrid models as it will likely take decades to re-build and secure all our systems. O’Connor concurred with this and added that such centralized investment should not come at the expense of stifling creativity for quantum applications in various fields. Moody concluded by affirming the need for the government to be involved in quantum and voicing an optimism—shared by all three—for the exciting future applications of quantum computing.

The full conversation was recorded and is available here.

Jacqueline Lee is a research intern with the Strategic Technologies Program at the Center for Strategic and International Studies in Washington, DC.

The Strategic Technologies Blog is produced by the Strategic Technologies Program at the Center for Strategic and International Studies (CSIS), a private, tax-exempt institution focusing on international public policy issues. Its research is nonpartisan and nonproprietary. CSIS does not take specific policy positions. Accordingly, all views, positions, and conclusions expressed in this publication should be understood to be solely those of the author(s)