Chances are, you’ve at least somewhat concerned about
your privacy, especially your digital privacy.
Chances are, you’re right to be. Every
day, it seems, there are more reports about data beeches, cyberattacks, and selling
or other misuse of confidential/personal data. We talk about privacy, but we’re failing to
adequately protect it. But chances are you’re not worried nearly enough.
Y2Q is coming.
Ready or not, quantum computers are coming. Credit: Bing
That is, I must
admit, a phrase I had not heard of until recently. If you are of a certain age,
you’ll remember Y2K, the fear that the year 2000 would cause computers
everywhere to crash. Business and
governments spent countless hours and huge amounts of money to prepare for it. Y2Q
is an event that is potentially just as catastrophic as we feared Y2K would be,
or worse. It is when quantum computing reaches
the point that will render our current encryption measures irrelevant.
The trouble is, unlike Y2K, we don’t know when Y2Q
will be. Some experts fear it could be
before the end of this decade; others think more the middle or latter part of
the 2030’s. But it is coming, and when
it comes, we better be ready.
“Quantum
computing will break a foundational element of current information security
architectures in a manner that is categorically different from present
cybersecurity vulnerabilities,” warned a
report by The RAND Corporation last year.
“This is potentially a
completely different kind of problem than one we’ve ever faced,” Glenn S. Gerstell, a
former general counsel of the National Security Agency, told
The New York Times. “If that encryption is ever broken,” warned
mathematician Michele
Mosca in Science News, “it would be a systemic catastrophe. The
stakes are just astronomically high.”
The World Economic
Forum thinks
we should be taking the threat very seriously.
In addition to the uncertain deadline, it warns that the solutions are
not quite clear, the threats are primarily external instead of internal, the
damage might not be immediately visible, and dealing with it will need to be an
ongoing efforts, not a one-time fix.
Even worse, cybersecurity
experts fear that some bad actors – think nation-states or cybercriminals – are
already scooping up troves of encrypted data, simply waiting until they possess
the necessary quantum computing to decrypt it.
The horse may be out of the barn before we re-enforce that barn.
It’s not that experts
aren’t paying attention. For example, the National Institute of Standards and
Technology has been studying the problem since the 1990’s, and is currently
finalizing three encryption algorithms designed specifically to counter
quantum computers. Those are expected to be ready by 2024, with more to follow.
“We’re
getting close to the light at the end of the tunnel, where people will have
standards they can use in practice,” said Dustin Moody, a NIST mathematician
and leader of the project.
 |
| Credit: J. Wang/NIST and Shutterstock |
But all this still requires that companies do their part in getting ready, soon enough. Dr Vadim Lyubashevsky, cryptography research at IBM Research, urged:
…it’s important for CISOs and security leaders to understand quantum-safe cryptography. They need to understand their risk and be able to answer the question: what should they prioritize for migration to quantum-safe cryptography? The answer is often critical systems and data that need to be kept for the long term; for example, healthcare, telco, and government-required records.
Similarly, The Cybersecurity and Infrastructure Security Agency
(CISA) emphasized:
“Organizations with a long secrecy lifetime for their data include those
responsible for national security data, communications that contain personally
identifiable information, industrial trade secrets, personal health
information, and sensitive justice system information.”
If all that isn’t scary enough, it’s possible that no encryption scheme will defeat quantum computers. Stephen Ormes, writing in MIT Technology Review points out:
Unfortunately, no one has yet found a single type of problem that is provably hard for computers—classical or quantum—to solve…history suggests that our faith in unbreakability has often been misplaced, and over the years, seemingly impenetrable encryption candidates have fallen to surprisingly simple attacks. Computer scientists find themselves at a curious crossroads, unsure of whether post-quantum algorithms are truly unassailable—or just believed to be so. It’s a distinction at the heart of modern encryption security.
And, just to rub it in, if you’ve already been worried
about artificial intelligence taking our jobs, or at least greatly
boosting the cybersecurity arms race, well, think about AI on quantum
computers, communicating over a quantum internet – “you have a potentially just existential weapon for which we
have no particular deterrent,” Mr. Gerstell also told
NYT.
---------
Healthcare is rarely a first mover when it comes to
technology. It usually waits until the economic or legal imperatives force it
to adopt something. Nor has it been good about protecting our data, despite HIPAA
and other privacy laws. It’s made it
often to hard for those who need the data to have access to it, while failing
to protect it from external entities that want to do bad things with it.
So I don’t expect healthcare to be an early adopter of
quantum computing. But I think we all should be demanding that our healthcare
organizations be cognizant of the threat to privacy that quantum computing
poses. We don’t have twenty years to
prepare for it; we may not even have ten.
The ROI on such preparation may be hard to justify, but the risk of not
investing enough, soon enough, in it is, as Professor Mosca said, catastrophic.
Y2Q is coming for healthcare, and for you.
No comments:
Post a Comment