The world in 2030: from digital to quantum

Currently Russia has placed more than 110,000 troops and equipment along its border with Ukraine, threatening to invade as Western leaders seek to prevent war through diplomacy. Already the cyber battle has begun as hackers recently defaced over 70 Ukrainian government websites and placed malware into ministries’ systems, enabling hackers to disable or take control of them at a critical moment in the crisis.

If Russia decides to attack Ukraine, even in a very limited campaign, it would be preceded by a broad-based cyber-attack to disable Ukraine’s ability to defend and govern itself. The impacts of any cyber-attacks on Ukraine will quickly leap across its borders and if other nations move to assist Ukraine, they too can expect to come under cyber-attack, leading to the possibility of secondary effects becoming global.

During the 2017 NotPetya cyber-attack on Ukraine, Danish global shipping giant Maersk was impacted after software required people and commercial entities to submit their taxes to the Ukrainian government was exploited in a digitally destructive cyber campaign mounted by Russia.

The complex interaction between the Russian cyber operation, Ukrainian taxation software and Maersk’s internal networks caused the company’s shipping operations and port facilities across the globe to come to a halt as they temporarily lost the ability to govern their fleet. Numerous other industries were also impacted as the global supply chain was disrupted. In a more broad-based attack on Ukrainian systems, the impacts could be even worse and more widespread.

The ongoing pandemic and desire to reduce carbon footprints has accelerated the adoption of digital infrastructure across society and transformed the global economy. With more people working from or being educated at home, the demand for internet bandwidth has skyrocketed and shows little sign of ever returning to previous levels.

The integration of digital technology into all areas of commerce, communication, education and work is fundamentally changing the status quo, while many societies struggle to ensure that it does not weaken democracy or exacerbate economic inequality.

The European Commission has committed itself to deliver a Europe fit for the digital age by empowering people, private companies and member states through new technologies, with the aim for digital transformation to benefit everyone. The EU’s digital transformation is also a key part of a new industrial strategy to help Europe regain industrial leadership.

But these new digital connections between home, work, business and governments, plus the continuous integration of electronic devices that monitor our health and control city infrastructure, as well as wearables across an ‘Internet of Things’ (IoT), means more devices will be interconnected than ever before, and more vulnerability will be introduced. These exponentially expanding connections provide even more attack surfaces for hackers and other malign actors.

This vast new growth in the use of digital systems has also occurred in the midst of an ongoing global shortage of cybersecurity experts, with Europe’s shortfall being over 300,000 already.

While much of the world moves even deeper into a digital transformation, it is also moving closer to a revolution in quantum technologies, marking a dawn of the quantum era.

By harnessing the principles of quantum physics, new quantum technologies with far-reaching implications are envisioned. Among them are the ability to more quickly develop new medicines and secure communications for a broad variety of connected systems, but also the ability to break virtually any non-quantum resistant cryptography digital form of encryption, enabling hackers with quantum tools to open and read any email, financial transaction, government communication or military signal that may have been pilfered in one of the billions of data breaches or over the past three decades.

The implications for our digital societies could not be more clear. While a quantum super computer capable of breaking any digital cryptography does not exist yet, governments and companies across the globe are working intensely to build one and achieve “quantum supremacy”. Most experts estimate the horizon for such an achievement to be around eight to ten years away.

In the meantime, these same governments and companies are working to develop the standards and implement quantum resistant cryptography to protect digital systems well before the arrival of quantum codebreaking circa 2030-2032.

Just last week in the United States, President Biden signed a National Security Memorandum that specifically emphasises protecting government systems with quantum resistant cryptography well before 2030.

The European Union has been funding research on the development of quantum resistant cryptography as part of its broader European Quantum Flagship program. The EU, US, China and others are also working on their own quantum internet projects, spending billions on research and competing for a limited talent pool of qualified scientists to make similar advances.

Companies in Europe are already developing and selling quantum resistant solutions, such as Finland’s Nokia, which recently signed a deal with Portugal’s IP Telecom to protect data centre connections.

But much like the current cybersecurity dynamic, if the entire systems of finance, supply chains, communications, AI-enabled systems and the IoT are not sufficiently protected with quantum resistant security, societies could be left entering yet another age of digital vulnerability. Only this time the vulnerability will exist well beyond their computers or smart phones. Rather, the vulnerability will be in their thermostats, pacemakers and insulin pumps. Quantum-resistant ransomware that escapes a hostile cyber operation could endanger countless lives in this scenario.

The implications for quantum resistant cybersecurity are not just an issue for the arrival of quantum hacking tools in 2030, they have great influence on the cyber options open to state actors.

According Dr Pano Yannakogeorgos, the director for New York University’s Global Security, Conflict and Cyber Crime graduate programme: “in many ways, it’s an arms race because the first actor to achieve overall quantum defence will be in a position to unleash cyber-attacks on others and not be as vulnerable to retaliation.”

Another reason why quantum resistant cybersecurity is seen with increased urgency is the new dynamic of ‘hack now, decrypt later’ in which state and nonstate actors capture and store the communications of other governments and companies to be decrypted once quantum decryption tools become available.

Without the urgent application of quantum resistant cybersecurity across numerous key systems, the early 2030s could be a turbulent era of damaging revelations about states, companies and individuals. Given how much data may have been hacked and stored already, at least some of these revelations are likely regardless.

Another aspect of cybersecurity that institutions, member states and companies will tangle with over the coming years are AI-enabled hackers and the use of AI to defend digital systems. AI systems can discover and exploit vulnerabilities much faster than a human operator, but AI-enabled defenders can also detect and patch vulnerabilities and respond to intrusions much faster. The key question for leaders today is whether AI-enabled cyber defence will be available in time (and at the right cost) to make up for ongoing shortfalls in cybersecurity personnel. According to most experts, they won’t.

So, how can Europe be ready for the transition from digital to quantum?

Firstly, the EU identify key systems in the government and private sector, investigate multiple strategies for their transition to quantum-resistant cybersecurity, and provide ample funding to accelerate the process. Protecting the private data of citizens must be prioritised within this effort at the earliest stages.

Secondly, it needs to address the ongoing shortage of cybersecurity experts and start training more cybersecurity experts in the use of AI tools and quantum cybersecurity. This can best be achieved through a federated public-private partnership (PPP) that is funded by the EU and implemented by the member states and tech companies.

Finally, the Union should continue to fund quantum research and development, grow Europe’s AI and quantum talent pool, and provide assistance to member states to develop AI-enabled organisations and industries. This can also be more effectively approached by incubating PPP member state research centres working on quantum and AI research which is coordinated through a central EU hub.