As we stand on the cusp of a new technological era, the race to secure our digital world has never been more urgent. Quantum computers, once the stuff of science fiction, are rapidly becoming a reality.
While their potential to revolutionize fields like medicine and finance is immense, so too is their potential to upend the very foundations of our digital security. The encryption that protects everything from our financial transactions to state secrets is at risk of being rendered obsolete by quantum computing. In response, the National Institute of Standards and Technology (NIST) has taken crucial steps to safeguard our future, but the work has only just begun.
Quantum computers have the potential to solve certain complex mathematical problems millions of times faster than today’s classical computers. This capability, while groundbreaking, poses a significant threat to the encryption algorithms that currently secure the internet. Public-key cryptography, which underpins the security of online banking, email, and secure communications, relies on the difficulty of factoring large numbers—a task that quantum computers could accomplish in mere minutes .
Experts have warned that adversaries might already be harvesting encrypted data, biding their time until quantum computers are powerful enough to decrypt it. This “harvest now, decrypt later” strategy could lead to catastrophic breaches of sensitive information, from military communications to personal financial data. The implications are dire: without quantum-safe encryption, the digital infrastructure we rely on could become an open door for hackers, both state-sponsored and criminal.
Recognizing the gravity of the threat, NIST has spearheaded an initiative to develop and
new cryptographic algorithms that can withstand the power of quantum computers. After years of rigorous testing and evaluation, NIST has recently published three new algorithms designed to protect against quantum attacks. These algorithms represent the best hope we have for securing our digital future, and their adoption across industries is imperative.
But transitioning to quantum-safe encryption is no small task. The process of integrating these new algorithms into existing systems will take years, if not decades. Companies across sectors—from banking to telecommunications—must begin now to ensure their products and services are equipped to resist quantum threats. As Scott Crowder, vice president of IBM’s quantum adoption group, aptly put it, “Our digital economy is toast unless people go in and change the cryptography”.
The importance of quantum-safe encryption extends far beyond protecting individual companies or even entire industries. At its core, this is a matter of national security. The United States faces sophisticated cyber threats from adversaries like China and Russia, both of which are investing heavily in quantum computing technology. If these nations develop quantum capabilities before the U.S. has transitioned to quantum-safe encryption, the consequences could be devastating.
Consider the implications for our military and intelligence agencies. Communications that are currently secure could be exposed, revealing sensitive information about troop movements, intelligence operations, and strategic plans. The ability of an adversary to decrypt classified information in real time would fundamentally alter the balance of power, eroding the U.S.’s strategic advantage and putting lives at risk.
In the near term, we must accelerate the adoption of quantum-safe encryption standards across all sectors critical to national security. This includes not only government agencies but also private companies that handle sensitive data, such as defense contractors and financial institutions. The NIST algorithms must be integrated into these systems as swiftly as possible to mitigate the risk of a quantum-driven cyberattack. Looking further ahead, the U.S. must continue to invest in quantum research and development. The race to build the first fully functional quantum computer is not just a technological competition; it is a strategic one. The nation that achieves quantum supremacy will have the ability to unlock encrypted information at will, potentially disrupting global markets, undermining national defenses, and compromising the privacy of billions of people.
To safeguard against these threats, the U.S. government must take a multi-pronged approach. First, there must be a concerted effort to educate both the public and private sectors about the risks associated with quantum computing and the importance of transitioning to quantum-safe encryption. This includes providing clear guidance and support to industries that may struggle with the technical and financial challenges of such a transition.
Second, the government should incentivize the rapid adoption of NIST’s quantum-safe standards. This could involve subsidies, tax breaks, or other forms of financial assistance to companies that take proactive steps to upgrade their encryption systems. Given the potentially catastrophic consequences of a quantum cyberattack, the cost of these incentives would be a small price to pay for enhanced national security.
Third, the U.S. must lead international efforts to develop and enforce global standards for quantum-safe encryption. Cyber threats do not respect national borders, and a coordinated international response is essential to ensure that the global digital infrastructure is protected. This will require diplomatic efforts to bring other nations on board and to hold accountable those that fail to comply with established standards. Finally, the U.S. should continue to invest in offensive and defensive cyber capabilities. As quantum computing evolves, so too must our ability to defend against and, if necessary, retaliate against quantum-enabled cyberattacks. This includes not only enhancing our own encryption methods but also developing tools to detect and neutralize quantum based threats before they can do harm.
The advent of quantum computing represents both an incredible opportunity and a profound challenge. While the potential benefits of this technology are vast, so too are the risks. The steps taken by NIST to develop quantum-safe encryption standards are a critical first step, but they are just that—a first step. The work of securing our digital future is far from over.
For the United States, the race to achieve quantum security is nothing less than a race for national survival. The consequences of failure are too great to ignore. It is imperative that we act now to safeguard our national security, protect our digital infrastructure, and ensure that the U.S. remains at the forefront of technological innovation. In the face of the quantum threat, inaction is not an option.
For Additional Insights See
- Quantum Computing and Quantum Security Sensemaking: A reference to key OODA research on all things quantum.
- The Executive’s Guide to Quantum Security: A reference to steps to take now to ensure quantum security including protecting against Harvest Now Decrypt Later attacks.
- Is Quantum Computing Ushering in an Era of No More Secrets?: Context from OODA’s Matt Devost on the very near future of quantum computing.
- What To Do About Quantum Uncertainty: Guess what, besides uncertainty at a quantum level there is great uncertainty among business and policy makers regarding Quantum Computing.
- AI, quantum computing and 5G could make criminals more dangerous than ever, warn police: Quantum is one of many emerging technologies that law enforcement professionals are tracking
- Intel offers AI breakthrough in quantum computing: This article is more about quantum simulations for AI, but shows the ecosystem that is developing around the technology
- Quantum Computing That Can Crack Modern Encryption More Than a Decade Away: When we see reports like this we wonder what qualifies the experts to say this. But in this case the experts are the National Academies of Sciences.
- Could quantum computers render current bitcoin and most blockchain cryptography powerless?: There is a worry that new algorithms that could run on quantum computing could attack blockchain and asymmetric encryption.