Share and Follow
The phrase “Store now, harvest later” is striking fear into the hearts of Australia’s cybersecurity experts as they strive to safeguard sensitive information.
Their apprehension is well-founded, with quantum computing emerging as a monumental global security threat, potentially the most significant in decades.
Dr. Vikram Sharma, a seasoned researcher in quantum science, explains, “Problems that would take our most advanced supercomputers thousands of years to solve could be unraveled in mere minutes with quantum computing.”
For industries requiring immense computational power—like vaccine development and space exploration—this advancement could be revolutionary. However, if adversaries gain access to quantum computing, the threat level could escalate dramatically.
Sharma warns, “Facing a quantum-capable adversary without adequate preparation means that the secure systems we depend on could be breached, leading to potentially catastrophic outcomes.”
It’s not just what quantum computing might be able to do to future systems that worries cyber experts, but what state-sponsored hackers might be able to do with data that has already been stolen – including data that has been encrypted.
Much encrypted data has been stolen in recent years but its value is yet to be realised by the thieves.
Which is where the term “store now, harvest later” comes from.
Chief technology officer with the Australian Signals Directorate Karl Hanmore puts the challenge this way:
“If you could imagine a thief could steal all of the safes in the world that are too hard to crack now, but they are working on an amazing safe cracking machine that will be able to instantly open all of these safes. That’s your quantum computer.”
Sharma says the harvesting of encrypted data with the expectation it will eventually be cracked by quantum-powered decryption is a phenomenon being observed across the world.
“That is a particularly scary thought, especially when one is starting to think about valuable intellectual property. You’re thinking about state secrets, you’re thinking about defence. This is an absolutely critical issue, which we need to start to address today,” he said.
“If you’re doing an e-commerce transaction, and either the details of that transaction are revealed or you’re unable to validate the authenticity of who the party on the other end of the line is, that will just bring those systems which are so reliant on for our everyday to complete standstill.”
ASD, the nation’s cyber intelligence agency, says Australia has four years to prepare for quantum computing, with experts predicting such computing power will be at so-called “utility scale” by 2029-30.
Australia’s banks have been tasked with making their systems able to withstand attack, by adopting a new standard of cryptography, which the ASD’s Karl Hanmore explains is a sort of “special maths”.
“By switching to post-quantum cryptographic algorithms, that’s how we keep all of the information safe,” he said.
Andy White, the chief executive of the Australian Payments Network, which regulates the payment systems between banks and other financial institutions, says the sector has been given special authorisation by the competition watchdog ACCC to coordinate preparation for quantum computing alongside Visa, Mastercard and EFTPOS systems.
“It’s an upgrade to about a million point of sale terminals and 25,000 ATMs, so it’s a significant complex program, which is what we’ll aim to do by 2030,” White said.
So what can we all do to prepare for quantum computing?
Don’t fret, for a start, says Hanmore. The banks will be upgrading their security regimes in coming months, so will every major network-exposed business and agency, as well as software developers.
“Your bank, your web browser, your phone will be updating to those new cryptographic algorithms seamlessly, and your stuff will continue to be safe,” he says.
But there are some measures, everyone should take:
If your phone offers a software update, take it.
Don’t share your passwords. Don’t use the same password for multiple accounts. And switch to multi-factor authorisation for accounts, especially those for internet banking.