Helping to prepare for quantum’s cybersecurity threat
Quantum computing is set to shape the future of every business, government, organisation and individual. Pre-empting quantum computing’s risks alongside its many benefits is critically important in ensuring the responsible development of this exciting new industry.
The Responsible Innovation Future Science Platform (RI FSP), in partnership with CSIRO’s Data61, recently led research to better understand the technical and ethical challenges that Australia is likely to encounter in a quantum computing world.
The report aims to inform and encourage dialogue within and between the Australian cybersecurity and quantum computing communities and industries. It also demonstrates how responsible innovation can be embedded as part of an interdisciplinary research approach to these issues.
Quick recap: quantum’s benefits and risks
Globally, organisations are seeking to explore the practical use of quantum computing and where it might add most benefit: from technologies that could accelerate, for example, drug and materials development in healthcare; to more productive mineral exploration and water resource management in the mining and other sectors.
But quantum’s risks have been subject to almost as much public scrutiny as its benefits. One of the most significant risks identified to date is that advances in quantum computing may potentially break current encryption systems used by classic computing. Such a scenario could pose technical as well as ethical risks. For example, a privacy breach on cloud-stored data might lead to the breaking of public key encryption schemes. But it may simultaneously generate an ethical risk by exposing an individual or organisation to social and personal harm or have flow-on effects to other parts of an impacted individual’s life.
Understanding the risks: both technical and ethical
The research team, led by the RI FSP’s Dr Rebecca Coates, designed and administered a survey questionnaire to cybersecurity stakeholders, which was supplemented by additional interview data. Stakeholders included experts and professionals working across cybersecurity, telecommunications and information technology sectors.
Dr Coates said that a key part of the survey design was the inclusion of questions on technical risks of quantum computing to cybersecurity, alongside ethical risks.
‘We defined ethical risks in terms of non-maleficence, justice, explicability, beneficence and autonomy,’ said Dr Coates.
‘Technical risks included, for example, communication attacks, cloud-stored attacks and threats to cryptographic solutions.’
In the survey, participants were asked how significant the impact of quantum computing will be on cybersecurity systems’ ability to uphold ethical principles. They were also asked how concerned they were about the possible impacts of quantum computing on cybersecurity systems.
While participants were generally well aware of the ethical risks of quantum computing for cybersecurity, Chief Information Security Officers reported much higher awareness.
The results also indicated a statistically significant association between participants’ job role and their level of ethical awareness.
Analysing the survey data revealed four main themes:
Lack of cross-domain deep knowledge and understanding about the impacts of quantum computing on cybersecurity
Despite there being a high level of awareness of the potential technical challenges of quantum computing to cybersecurity, domain knowledge of quantum computing varies across job roles.
Ethical risks are not considered to be as important as technical risks
Participants ranked technical risks as of more concern to ethical risks. However, the majority of survey participants stated quantum computing could degrade or limit the ability of cybersecurity systems to uphold ethical principles.
Quantum attacks on current cryptographic solutions is a well-known risk
Most participants believed the impact of quantum computing will be seen on cybersecurity within the next five years.
Multiple barriers hinder appropriate action
While nearly all participants believed the risks and impacts of quantum computing to cybersecurity should be mitigated, multiple barriers to mitigation were identified, including lack of awareness, technical incompatibility and inadequate technology.
Planning and preparedness as key
The research team hopes that the report may help build awareness around quantum’s risks alongside its benefits in order to help manage the responsible development and deployment of quantum technologies.
‘This report is an important and timely contribution to the RI field, as well as to cybersecurity and quantum computing,’ said Dr Coates.
‘It also shows how responsible innovation can be an effective tool for encouraging experts and professionals to reflect on the ethical implications of their work, and integrate ethical decision-making from development through to deployment of new technologies.’
‘The key takeaway is that urgent interdisciplinary and publicly engaged action is important, as is further work to ensure there is a dialogue across and within sectors.’