(WorldEconomicForum) Abhinav Chugh, Acting Content and Partnerships Lead, World Economic Forum, interviews Jaya Baloo, Chief Information Security Officer at Avast about what areas to prioritize to avoid the potential harms and risks from developments in quantum computing. IQT-News has summarized.
What is most misunderstood about your work? What do you wish people knew?
I wish people understood better just how fragile our cybersecurity position is and just how much effort we need to put in to improving the basics now to be prepared for the future. We still rely on foundational protocols that were developed in the 1970s and haven’t changed a lot since then for our primary transmission communications layer.
In your opinion, what is the most critical cybersecurity challenge that leaders currently face?
I think the biggest challenge that leaders face is understanding that we have excluded the cost of cybersecurity in our existing IT infrastructure. When this is already a challenge, thinking about additional safeguards for new technology often seem to be a nice to have rather than a need to have unless compelled by regulatory requirements. A good practice is to reserve about ten percent of IT budget for your non personnel spend for information security.
Why do we need a tighter focus on encryption as a guarantee of privacy and online safety?
Cryptography is at the heart of our global internet economy from online banking to guarding intellectual property as well as the more foundational need to have secure and private communications between individuals. It guards human rights but also supports national security.
How could developments in quantum computing disrupt this?
The promise of quantum computing is that very long held and difficult scientific problems will be solvable in a novel way. Our current cryptography is based on difficult math problems, such as integer factorization and discrete logs, which would take our current computers a very long time to solve. However, a quantum computer of sufficient scale can speed up the solving of these problems so significantly that it will effectively break our currently used cryptographic algorithms.
What actions are required to enable a secure and sustainable transition to the quantum economy?
First things first, we need to know where we use our current cryptography and for what purpose. Most organizations have no idea what their cryptographic resources are and how it enables daily operations. Once we’ve completed that inventory, we need to figure out how to transition to new post quantum algorithms which are a new set of algorithms that will still be resistant to a quantum computing attack, while potentially also looking for very specific opportunities to deploy something called quantum communications (secure communications links based on the principles of quantum mechanics).
What would be your advice to policymakers and other cybersecurity experts to achieve this?
Although it would be wonderful if everyone just voluntarily adopted best practices habitually, I fear we require some regulatory framework and national strategy to make sure that the most vulnerable and critical parts of our economy are quantum ready. My biggest concern is the time we have left to transition to a secure post quantum future.
I would urge policy makers to ensure that there are no export restrictions against export of quantum technologies which would only further deepen the digital divide. Due to our interconnected economies, we need democratization of technology and must ensure global participation to be collectively secure, a sort of digital version of herd immunity.