Quantum computing will change the cyber landscape, here’s why we need proper governance
(EuropeanSting) Ibrahim Almosallam, Consultant , Saudi Information Technology Company has written this article thanks to the collaboration of The European Sting with the World Economic Forum. Inside Quantum Technology summarizes.
Almosallam points out, “We now live in a ‘Wright brothers’ moment’ in quantum computing history. But when a commercial jet version arrives, it will deliver a new leap in information technology similar to what classical computation delivered in the 20th century, and, just like with any general-purpose technology – such as the internet, electricity, and, for that matter, fire – alongside great benefits, comes great risks.”
As such, it is hard to imagine the success of such technologies without strong regulations and governance policies. Can you imagine a world without electricity regulations, internet protocols and fire safety standards? However, even though the risks of quantum computers are well understood, little has yet been done to mitigate them due to the unclear horizon as to their future.
Governance of quantum computing
Proper governance is key to minimizing the risks and maximizing the benefits of quantum computing. However, it is easy to get lost in all the detail about potential benefits and risks and, as an extension of classical computing, it will inevitably inherit them both.
So when forming quantum computing policies, it is more effective to first examine current policies to determine which needs to be:
Adopted to address similar risks.
Extended to mitigate enhanced risks.
Amended to address new or unforeseen risks.
Three types of approach to governance
Taking cybersecurity as an example, without loss of generality, governance approaches can be grouped into three categories:
Technical: Software or hardware hardening, such as stronger encryptions or two-factor authentication.
Procedural: Enforced policies and regulations, such as stronger passwords or compliance.
Behavioural: Exploiting psychological and social behavior to influence decisions, such as changing defaults, awareness or social pressure.
‘Don’t give me time, give me a deadline’
Creating a sense of urgency might be a more effective behavioural approach – such as drawing an artificial deadline to transition to post-quantum cryptography. Deadlines, even if self-imposed, have shown to be effective in improving performance. For example, after the NIST standards are announced, say within five years that any data encrypted using pre-quantum cryptography would no longer be protected legally.
A new problem that needs a new solution
Quantum computing is a new problem that requires our latest solutions. It is crucial not to let the old threats make us lose sight of the new ones. Behavioural approaches are very effective and inexpensive in that regard.