The rapid adoption of generative artificial intelligence (GAI) in the last year has demonstrated how quickly an emerging technology can be embedded into our every day lives. It is widely expected that Quantum Computing (QC) will have the same transformative impact on enterprises bringing immense business value. In fact, EY’s 2022 Quantum Computing Readiness Survey revealed that almost half of the companies surveyed believe that quantum computing will play a significant role in their industry by 2025. Once believed to be far in the future, recent advances in hardware will eventually lead to quantum computing being more universally accessible and scalable. Researchers at the University of Waterloo have developed a new qubit made from silicon that could lead to more stable and scalable quantum computers. Hardware suppliers such as D-wave Systems, Xanadu and IBM have also unveiled next generation processers. As quantum availability becomes more real, so too does the threat, therefore its important that organizations begin to strengthen their reliance to quantum threats.
Quantum Computing is considered an accelerant to AI
Perceived until recently by many to be far in the future, these quantum technology breakthroughs will improve the accessibility of the technology, reduce costs, and provide new business opportunities in financial services. What makes quantum appealing is that quantum computers have approximately double the compute power as classical computers, making them ideal for solving multivariable problems with unprecedented speed. Quantum computing is widely considered an accelerant for AI, empowering more accurate predictions for fraud detection and anomaly analysis or for the detection of market signals or behavior risk. It facilitates more proactive risk management by improving risk analysis, stress testing and cyber risk protection. Aside from optimization tasks, quantum machine learning can be leveraged to create synthetic datasets to mimic the characteristics of real-financial data enabling faster and more accurate testing.
Quantum computing has the potential to undo existing protections, amplify existing problems and introduce new risks
Despite its many benefits, quantum computing has the potential to undo existing protections, amplify existing problems and introduce new risks. The most discussed risk of quantum computing is its ability to break existing encryption protocols including RSA encryption that is embedded in multiple decisions and applications across the world. Blockchain’s asymmetric key cryptography algorithms are also vulnerable. This can lead to a range of security breaches and theft of personal information. Since digital signatures rely on the same encryption technology, they are also vulnerable to forgery or being tampered with, leading to trust and integrity issues.
Quantum computing can supercharge data harvesting – exacerbating privacy risk. One known threat is harvest now and decrypt later – where an attacker acquires data now that they will later decrypt using a quantum computer.
Risks dimensions for AI/ML will also need to be revisited if using a quantum computer. For example, quantum computers can intensify existing biases in AI algorithms at a much faster rate and heighten the black-box problem making explaining an algorithm even more difficult.
What can organizations do now to build resilience?
Putting the opportunity of quantum aside for a moment, it is important that senior leadership recognize that the quantum threat is imminent and to begin to strengthen the security and integrity of their assets. A way to do this is to perform a quantum risk assessment. As risk practitioners know, this begins with an inventory, identifying critical and valuable assets. This could be an isolated assessment, an update to your current framework for managing critical assets or it could be included in your operational resilience program. Ultimately organizations will need a full inventory of the type of cryptography being used in their organization as it will need to be replaced with quantum-resistant cryptography such as NIST Post Quantum Cryptography Standard.
However, by starting with critical operations and making them quantum safe, organizations will in turn strengthen resilience.
Begin by performing a risk assessment to identify and prioritize vulnerable assets
Table: shows some tasks in a Quantum Risk Assessment
Identify | Assess | Control |
Create an asset inventory starting with critical assets and then: | Assess and classify the longevity of data to understand if quantum protection is needed | Embed monitoring into current risk management practices |
· Express the business value | Assess life of asset and likelihood of exposure and compare to availability of quantum protection | Monitor patterns |
· Identify the type of cryptography being used | Analyze previous threat history and data to determine likelihood of QC threats | Prioritize systems and begin mitigation efforts |
· Identify how the encryption keys are being used, stored or applied | Consider new threat actors | Conduct regular assessment |
| Conduct Business impact assessments |
|
Identifying and assessing your cryptography exposure is one step toward being quantum ready but a deeper dive into potential risk exposures is necessary to ensure you have adequate protection against quantum risks. In Part 2 of this series, we will look into risk exposures and risk mitigation strategies.
Qubit - A quantum bit is any bit made of a quantum system, like an electron or photon. Just like classical bits, a quantum bit must have two distinct states: one representing “0” and one representing “1”. Unlike a classical bit, a quantum bit can also exist in superposition states, be subjected to incompatible measurements, and even be entangled with other quantum bits. Having the ability to harness the powers of superposition, interference and entanglement makes qubits fundamentally different and much more powerful than classical bits. Definition from the University of Waterloo
Resources
Brooks, Michael, What’s next for quantum computing? MIT Technology Review, 6 January 2023
Ernst and Young, How can you prepare for the quantum computing future? EY Quantum Readiness Survey 2022, June 2022
IBM, Exploring quantum computing use cases for financial services.
Marr, Bernard, The 5 Biggest Artificial Intelligence Trends for 2024, Forbes, 1 November 2023
Shorter., Ted. Why Companies Must Act Now to Prepare for Post-Quantum Cryptography. Forbes.com, 11 Feb 2022.
World Economic Forum, Transitioning to a Quantum-Secure Economy, September 2022
World Economic Forum, Quantum Readiness Toolkit, Building a Quantum Secure Economy, June 2023
World Economic Forum, Organizations should make these 3 changes now to protect against the quantum computing threat, 13 September 2022