Preparedness for cyber threats posed by quantum technology inadequate

Only a few actors critical to security of supply are sufficiently prepared for the cyber security threats posed by quantum technology, reveals a survey carried out by the National Emergency Supply Organisation’s Digital Pool. The survey report provides companies with recommendations for the path towards quantum-safe solutions.

Quantum technology can be used to quickly process massive amounts of data. In the future, quantum technology applications will make it possible to carry out currently impossible computational tasks, for example. It is hoped that these applications will eventually provide solutions to challenges related to climate change and energy, sustainable production and consumption and the design of new medicines, for example.

Quantum computing could also be used to solve the computational problems that contemporary cryptographic techniques protecting telecommunications and databases are based on. Once these cryptographic techniques are broken, the telecommunications and databases protected by them will no longer be secure. The threat stems from the development of both quantum computers themselves and the decryption algorithms that they can be used to run.

Organisations can protect themselves against attacks aided by quantum computers by strengthening their existing symmetric cryptography by increasing the length of the encryption key. Public key methods, on the other hand, require entirely new algorithms. New methods already exist, and their standardisation will be completed in 2024. Organisations should start preparing for the deployment of these methods now to also ensure the security of critical information and systems in the future.

According to the survey, few enterprises have taken concrete action to account for quantum threats. Although the threats associated with quantum technology are quite widely recognised, only 11% of the companies that responded to the survey had taken the quantum threat into account in their procurements. Many companies lacked cryptographic schemes and strategies as well as an inventory of the cryptography they use.

The report produced by the Digital Pool provides not only information on the opportunities and threats posed by quantum technology, but also information on how to prepare for quantum threats and a model for the transition to quantum-safe solutions that companies can start implementing.

The survey was carried out by VTT and funded by the National Emergency Supply Agency’s Digital Security 2030 programme.

Read the survey report here (pdf)