Dan Milmo Global technology editor 

UK cybersecurity agency warns over risk of quantum hackers

Organisations including energy and transport firms told to guard systems against powerful new computers
  
  

A computer popup box screen warning of a system being hacked
Quantum computing’s ability to crunch numbers at incredible speed makes it a serious threat to encryption, said the NCSC. Photograph: solarseven/Getty Images/iStockphoto

The UK’s cybersecurity agency is urging organisations to guard their systems against quantum hackers by 2035, as the prospect of breakthroughs in powerful computing threaten digital encryption.

The National Cyber Security Centre (NCSC) has issued new guidance recommending large entities including energy and transport providers introduce “post-quantum cryptography” in order to prevent quantum technology being deployed to break into their systems.

The NCSC warned that quantum computers, which remain a technology under development, will be able to solve the hard mathematical problems that underpin asymmetric public key cryptography – a common encryption method used in a range of everyday situations from mobile phone use to online banking. Quantum computing’s ability to crunch numbers at incredible speed makes it a serious threat to encryption, said the NCSC.

“While today’s encryption methods – used to protect everything from banking to secure communications – rely on mathematical problems that current-generation computers struggle to solve, quantum computers have the potential to solve them much faster, making current encryption methods insecure,” said the agency.

The NSCS is recommending that large organisations, operators of critical national infrastructure such as energy and transport and companies with bespoke IT systems introduce post-quantum cryptography to counter the threat.

Under the guidance, organisations should identify services that need an upgrade by a deadline of 2028, then carry out the most important overhauls by 2031 and complete the migration to a new encryption system by 2035.

“Our new guidance on post-quantum cryptography provides a clear roadmap for organisations to safeguard their data against these future threats, helping to ensure that today’s confidential information remains secure in years to come,” said the NCSC chief technical officer, Ollie Whitehouse.

Traditional computers encode their information in bits – represented as a 0 or a 1 – but their quantum counterparts use qubits, which can encode various combinations of 1s and 0s at the same time. As a result, quantum computers can in theory compute their way through vast numbers of different outcomes and carry out far bigger calculations than previously thought possible.

However, qubits are extremely vulnerable to the slightest interference including minor temperature changes and cosmic rays, a key reason why a large-scale quantum computer has yet to be developed despite significant investment from tech firms. The NCSC is hoping its new advice will give organisations plenty of time to be ready for when quantum computers come onstream.

“Now that there are new methods for public key encryption, it makes sense to migrate now rather than wait for the threat to becoming real,” said Alan Woodward, a professor of cybersecurity at Surrey University.

 

Leave a Comment

Required fields are marked *

*

CAPTCHA

*