[Sedat Çevikparmak, Suna Çevikparmak]
Cybersecurity is a booming industry thanks to the increasing rate of digitalization all across the world in business and government circles. Each day, more services are being moved to clouds and the rate of our livelihood’s dependence on security of these digital assets and networks exponentially increases. The domain of cybersecurity is a constant tug of war between the protectors and the attackers. The frontiers are ever-changing, making the job of protectors very difficult. A new frontier approaching quickly is quantum computing. Who will conquer this new frontier? The good or the bad? Will our protectors have any chance against the immense possibilities that come with quantum computing? Experts predict that it will be a close call.
If you are interested in cybersecurity and have been upskilling recently, all you have been learning could just change overnight when the computing paradigm shifts. If you are also trying to gauge the future trends in cybersecurity so you can invest your time accordingly, read on.
Why the sudden interest in Cybersecurity?
In our research into this topic, the first idea that sticks out is the underlying mechanism for the rise of cybersecurity: an increased digitization. To find timely and relevant information we began canvasing reports from big consulting firms such as McKinsey. McKinsey is one of the most prominent consulting firms in the industry and their articles and reports are highly credible. We found several articles on their website but the one that really hit the mark was with the title of “How COVID-19 has pushed companies over the technology tipping point—and transformed business forever” by LaBerge et al. According to this article, the past decade saw an acceleration in digitalization which brought convenience and efficiency. The pandemic added more fuel to the fire and sped up this phenomenon because many companies felt compelled to digitize and increase their online presence to survive the effects of economic slowdown and lockdown (LaBerge et al.). During the pandemic, the consumer base of many firms shifted swiftly to online marketing channels, which forced those firms to follow suit. A McKinsey survey showed that consumers were three times likelier than before the pandemic to have %80 of their customer interactions in the digital world as opposed to the brick-and-mortar world (LaBerge et al.). The end result of this change was the increased need for cybersecurity. The digital expansion exposed businesses and organizations to many cyber threats, ranging from ransomware to brute hacking attempts, to data breaches and more (LaBerge et al.). To maintain business continuity and competitive edge, businesses and organizations took steps to safeguard their newly made investments into the digital world as criminals evolved in their tactics and exploited vulnerabilities they could find voraciously.
What is Cybersecurity today?
The second idea we needed to explore was the common practice of cybersecurity in the current times. Yes, the need for cybersecurity increased, but what were some of the main topics within this domain? In our research in Google Scholar, we came across an article by Ghosh et al.: “A comprehensive tutorial on cybersecurity in quantum computing paradigm”. The authors do a good job in giving an overview of cybersecurity. Cybersecurity is a big field and comprises encryption, firewalls, multi-factor authentication, threat detection, cloud security, and maybe more importantly a new culture of cyber resilience within the ranks of employees (Ghosh et al.). Cybersecurity plays a crucial role in safeguarding our digital world, ensuring responsible use of AI, and maintaining the integrity and reliability of blockchain and quantum technologies. (Ghosh et al.). Cybersecurity uses the current technology to keep everything safe. What if there is a revolutionary change approaching over the horizon that might require us to redefine and reconsider everything we know about cybersecurity?
What is over the horizon in the computing field?
So, this was our third question and we found Scholten et al.’s article on Google Scholar that answered this question well. According to Scholten et al., many scientists believe that we are almost there with the new developments in quantum computing (Scholten et al.). The author is very clear about what is coming: “Quantum computing poses a known, provable, and substantial risk to the cybersecurity infrastructure that underpins our modern age. Ever since the discovery of Shor’s factoring algorithm 30 years ago, the possibility that quantum computers could be used to break commonly-used cryptographic systems has loomed large over the development of the field” (Scholten et al.). How big of a change is being described? According to many scientists the magnitude of the revolution in computational power of a quantum computer is monumental.
Ghosh et al. had very specific numbers that catch one’s eyes: “Quantum computers, which have computing capacity based on the power of the known universe, will do mathematical operations 158,000,000 times quicker than ordinary computers. They can finish a calculation in four minutes that would take computers of today thousands of years to finish” (Ghosh et al.). Then, we wondered why would this be so bad for cybersecurity? The first threat is against encryption. Encryption is a process of conversion of data into a secret code using highly sophisticated math. It is widely used in securing communications over the internet, or safeguarding the stored data in the cloud, emails, disks or databases. Integrity, confidentiality and authenticity of data relies on encryption (Ghosh et al.). With the power of quantum computing solving current cryptography may be readily available to criminals and risk the very foundations of modern life as we know it. This was concerning. Our current capabilities of protecting our digital assets assume a certain level of computing power and if there is a paradigm shift in computational power then the very basis of encryption is threatened.
We kept searching for some other potential complications of quantum computing and came across Chawla and Mehra’s article on Google Scholar. They were focusing their attention on another growing area within digitalization of our world: internet of things (IoT). It turns out that a second potential problem emanating from quantum computing’s extreme capabilities is with IoT devices which are expanding in many applications such as intelligent environments, cities, smart grids etc. (Chawla and Mehra). IoT applications enable businesses and organizations to collect data and monitor systems in home automation, industrial processes, healthcare monitoring, and environmental monitoring. IoT technology is based on a relatively inexpensive thus scalable sensor technology, which gives these entities an unparalleled decision-making power. However, since these small devices handle immense amounts of data and transfer them through the internet, they are one of the most vulnerable points of entries for cyber criminals. These IoT applications are protected with encryption schemes that will be obsolete when quantum computing becomes available. “Quantum computer solves these classically unsolvable problems based on classical cryptographic primitives” (Chawla and Mehra).
Quantum computers: A Menace to Cybersecurity?
The logical next step in our exploration was considering the transition phase scenarios between traditional and quantum computing. Because it was clear that the industry needed a great amount of adjustment before the new paradigm hit the markets. Realizing that the timing of quantum computing revolution and the parameters of the transition period are also very important for cybersecurity. Scholten et al.’s article provided valuable insight into this question: “Thus, one of the most pressing questions facing quantum computing is whether the pursuits taken by industry and academia to build a quantum computer will, at some point, yield the creation of a cryptographically-relevant quantum computer (which can break cryptography) either prior to, or in parallel with the creation of a quantum computer useful for non-cryptographic applications.” Scholten et al. argued that if quantum computers undergo rapid scalability, outpacing the ability of organizations to transition to post-quantum cryptographic systems, the risks become significantly heightened. But, if quantum computing proceeds more gradually, affording organizations time to adapt their cryptographic infrastructure, the potential risks are somewhat mitigated.
Our last question is whether this phasing is controllable. How do we get everyone involved around the world on board with such a phased approach? After all that exploration we came to the conclusion that these are tough questions that will shape our digital future. Because, in essence, the pace of quantum computing development relative to the transition to post-quantum cryptography strongly impacts the level of risk faced by organizations. A swift advancement necessitates urgent action to fortify cryptographic defenses, while a more gradual progression provides organizations time to ensure the security of their data assets.
Quantum-proof?
Our research also led us to another significant effort to secure our digital systems: Post-quantum cryptography (PQC), which refers to the discipline within cryptography dedicated to crafting algorithms aimed at safeguarding against potential threats posed by quantum computers (Moon and Vermeer). It is alternatively termed quantum-proof, quantum-safe, or quantum-resistant cryptography. The aim of post-quantum cryptography (PQC) is to develop ways to keep information safe from both regular and super-powerful quantum computers. PQC wants to make sure that our current internet systems stay secure even if quantum computers become a reality. This involves using complex math problems that are tough for quantum computers to solve. Think of PQC as the next level of security compared to what we currently have. It’s like upgrading from regular locks to high-tech ones that even the smartest thieves can’t crack easily. Experts stress the need to act fast because we’re not sure when traditional security methods might become vulnerable (Moon and Vermeer). Plus, replacing our current security systems with new ones takes a lot of time, resources, and effort.
In summary, as our digital world expands, it becomes an integral part of daily lives. The paradigm shift in computing is a significant milestone that brings both great opportunities and risks. Our reliance on digital technology will only enhance, from communication to commerce. The arrival of quantum computing could disrupt many aspects of our lives if we’re not prepared. Failing to manage this transition properly could pose serious challenges, which includes potential security breaches, infrastructure problems, and financial instability. Moreover, cybersecurity isn’t just about protecting personal data or business interests; it’s also crucial for national security. With the increasing digitization of critical infrastructure and government systems, cybersecurity vulnerabilities can pose significant threats to a nation’s stability and sovereignty. Therefore, investing in robust post-quantum cryptography and cybersecurity measures is not just a matter of technological advancement but also a necessity for safeguarding national security interests in an increasingly interconnected and digitally dependent world.
References
Chawla, Diksha, and Mehra Pawan Singh. “A Survey on Quantum Computing for Internet of Things Security.” Procedia Computer Science 218 (2023): 2191-2200.
Ghosh, Uttam, Debasish Das, and Pushpita Chatterjee. “A comprehensive tutorial on cybersecurity in quantum computing paradigm.” Authorea Preprints (2023).
LaBerge Laura, et al. “How COVID-19 has pushed companies over the technology tipping point—and transformed business forever” McKinsey & Company (2020).
Moon, Alvin and Michael J. D. Vermeer, Supporting the Future Effectiveness of Post Quantum Cryptography. Homeland Security Operational Analysis Center operated by the RAND
Corporation, 2023. https://www.rand.org/pubs/perspectives/PEA2690-1.html. Scholten, Travis L., et al. “Assessing the benefits and risks of quantum computers.” arXiv preprint arXiv:2401.16317 (2024).
Dr. Sedat Cevikparmak is the Chairman of the Board of Directors at NATO Veterans Initiative - NAVI. Graduating from the United States Military Academy at West Point in 1997, he specialized in Nuclear Engineering and Foreign Area Studies (FAS) with a focus on the Middle East. His military career spanned from 1997 to 2016, concluding with a role at the International Military Staff - NATO HQ in Brussels. Holding master's degrees in National Security Affairs and National and International Security Strategies Management and Leadership, obtained from the Naval Post Graduate School and the Turkish Army War College, respectively, he later earned a Ph.D. in Supply Chain Management from the University of North Texas in 2020. Currently serving as the Chair and Assistant Professor of Supply Chain Management at DeSales University, Dr. Cevikparmak actively contributes to prestigious academic journals (IJPDLM, JPSM, JBIM, IJLM), exploring the behavioral mechanisms influencing supply chain decisions. Married to Suna, he is a devoted parent to two children.
