CISA: Action required now to prepare for quantum computing cyber threats

Quantum computing could revolutionize many things - but it also presents a huge cybersecurity challenge for providers of critical infrastructure.
Written by Danny Palmer, Senior Writer
Image: Getty/sakkmesterke

Action must be taken now to help protect networks from cybersecurity threats that will emerge in the advent of power of quantum computing, the US Cybersecurity and Infrastructure Security Agency (CISA) has warned. 

While quantum computing could bring benefits to computing and society, it also brings new cybersecurity threats – and the CISA alert warns that critical infrastructure in particular is at risk. 

Many forms of digital communications and internet-connected systems rely on data encryption to protect them from cyber attackers. Public key cryptography helps to protect information from being viewed by unauthorised intruders – and it's extremely difficult to crack using today's computers. 

But quantum computing will bring much higher levels of computing power and speed, capable of breaking public key cryptography and threatening cybersecurity in a wide range of areas including online banking, secure communications and digital signatures. 

Researchers have warned that the cybersecurity of infrastructure that supports critical national services – including electricity, fuel, water and transport – could be at significant risk.

SEE: Critical infrastructure is under attack from hackers. Securing it needs to be a priority - before it's too late

Much of this is due to the dependence on industrial control systems (ICSs), which have long life cycles and rarely receive updates. This means that critical infrastructure providers who aren't prepared could be left vulnerable to attacks. 

It's therefore recommended that critical infrastructure providers make the necessary preparations to mitigate post-quantum cryptography now, rather than waiting for the technology to become more widespread. 

"CISA urges ICS organizations to ensure that their hardware replacement cycles, and cybersecurity risk management strategies account for actions to address risks from quantum computing capabilities," said the alert. 

"Do not wait until the quantum computers are in use by our adversaries to act. Early preparations will ensure a smooth migration to the post-quantum cryptography standard once it is available."

While the expense and expertise required to develop quantum computing technology are currently restricted to large technology companies, research institutions or nation-states, as it becomes more widely available, it could become a major cybersecurity issue for everyone.  

"In the hands of adversaries, sophisticated quantum computers could threaten U.S. national security if we do not begin to prepare now for the new post-quantum cryptographic standard," warned CISA. 

CISA has previously set out a post-quantum cryptography roadmap to help organisations protect their data and systems and to reduce risks related to the advancement of quantum computing technology. 


Editorial standards