What are the international stability and ethical implications of quantum computers as we enter a new era of computation?
On July 25, the United Nations Cyber Open-Ended Working Group (OEWG) convened a stakeholder meeting in New York City to discuss expectations of responsible state behavior in cyberspace and challenges around securing information and communications technologies (ICTs). The OEWG meeting also included a presentation hosted by the United Nations Institute of Disarmament Research (UNIDIR) on the cybersecurity risks of quantum computers.
Carnegie Council Visiting Fellow Zhanna Malekos Smith, also a non-resident research fellow with UNIDIR, was invited to address delegates about this emerging technology and its impact on cryptography–the art and science of securing sensitive data. This is a summary of her talk.
Quantum computers are steadily being developed by commercial entities like IBM, Microsoft, and Google, as well as by nation-states. Ethical concerns about the geopolitical risks to this technology are also surfacing at the UN. The UN secretary-general’s 2020 annual report on Current Developments in Science and Technology highlights the potential risks of quantum technologies on international security and disarmament efforts. The report states: “Although applied engineering in the field of quantum computing remains at an early stage, research into its military applications currently takes place in areas such as information and communications technologies and intelligence, surveillance and reconnaissance.” Put simply, encrypted information concerning sensitive government matters could be at risk of being decrypted by threat actors due to the powerful computing capabilities of quantum computers.
So, what collective actions should Member States consider taking to address the potential risks that quantum technologies could present to critical infrastructure?
First, let’s define quantum computers
A quantum computer is a highly advanced computational device based on quantum systems. These devices can perform certain tasks more efficiently than digital computers, like running unstructured searches in databases and factoring large numbers.
These computers use information storage units called quantum bits, or qubits, as opposed to classical bits. The number of qubits is significant because each additional qubit exponentially increases the processor’s potential computing power. To date, the U.S. is home to the world’s largest quantum computing system, IBM’s 433-qubit Osprey superconducting processor. IBM aspires to achieve quantum supremacy with Quantum Condor, a mega-computer chip that could potentially process over 1,000 qubits by the end of 2023. Quantum supremacy is a term coined by physicist John Preskill, and refers to a technological milestone when the computational speed and power of quantum computers could outperform digital computers.
Many states regard quantum supremacy as a necessary imperative for maintaining a competitive edge in national defense and economic industry. For example, India’s National Security Council Secretariat established the Quantum Lab at Military College of Telecommunication Engineering in 2021 to stay abreast of quantum cybersecurity threats to military systems, like post-quantum cryptography.
Harvest Now, Decrypt Later Cyber Attacks
Harvest Now Decrypt Later (HNDL) attacks, also known as Store Now, Decrypt Later attacks, refers to a scenario where malicious actors exfiltrate and store encrypted data today, to then decrypt it in the future using post-quantum cryptography (PQC) algorithms. PQC refers to a technological milestone when advanced quantum computers attain “a sufficient size and level of sophistication,” meaning they could break modern asymmetric cryptographic protocols like RSA, or the Diffie-Helman Key Exchange, and digital signatures. This is alarming because these security protocols secure our day-to-day Internet-based communications and financial transactions.
According to McKinsey & Company: “Since quantum computers can perform multiple calculations simultaneously, they have the potential to break any classical encryption system.” McKinsey estimates that within the next 10 to 20 years, the environment may change, at which point a highly advanced, “cryptanalytically relevant” computer could challenge the status quo. Some scholars, however, are skeptical of the likelihood of states developing such cryptanalytically relevant quantum computers. According to the Biden administration’s 2022 national security memorandum on quantum computers, however, humanity will eventually achieve this technological milestone. The memorandum cautions that when this technology become available it “could jeopardize civilian and military communications, undermine supervisory and control systems for critical infrastructure, and defeat security protocols for most Internet-based financial transactions.” Although no quantum computer is presently equipped with enough qubits to execute Shor’s computer algorithm for solving prime factors, that should not lull one into a false state of complacency in considering this burgeoning cybersecurity risk.
Ethics and Promoting Global Cyber Resilience
Preparation is a quintessential element of success. The purpose of this UNDIR presentation was to provide an opportunity for states to learn about the potential impact of quantum technologies on cybersecurity, and also convene a stakeholder dialogue about how Member States could collaborate to protect critical infrastructure. When states come together in multilateral fora to acknowledge global cybersecurity risks and develop transition strategies, all parties theoretically stand to benefit. How? Because developing global cyber capacity building strategies helps reaffirm ethical expectations of responsible state behavior in cyberspace. As Anne Neuberger, deputy assistant to the U.S. president and deputy national security adviser for cyber and emerging technology, explains, “The process of rolling out new encryption that can defend against a potential quantum computer is not a one-year effort; it’s a lengthy effort.”
From an ethics and risk management standpoint, transitioning information and communications technologies to PQC standards today is essential for defending society against quantum computing threats. Framed as an ethical imperative: Why not lay a foundation to better prepare for a worst-case scenario now, rather than during the actual crisis?
Carnegie Council for Ethics in International Affairs is an independent and nonpartisan nonprofit. The views expressed within this article are those of the author and do not necessarily reflect the position of Carnegie Council.