Posted In: Cybersecurity & Data Privacy
By Jarman J. Smith on September 7, 2022
If there is one thing truly connecting our world, it is technology. Individuals, organizations, agencies and governments around the globe use technology for several reasons including communication, conducting business, completing day-to-day tasks, and protecting people and assets. However, our reliance on technology raises concerns when you consider the security risks associated with emerging technologies such as quantum computing. While quantum computing may provide greater speed and power than normal computers, this emerging technology comes with potential risks, including data breaches that could threaten the security of business transactions, secure communications and consumer information.
What is Quantum Computing?
Simply put, quantum computing is the next level in the evolution of computers. The ordinary or classic computer has come a long way over the years, as the average smartphone now has the computing power of military grade computers from 50 years ago that were larger than cars.1 However, even with the significant advancements made in technology and computers, there remain problems that classic computers just cannot solve.
For the most part, classic computers are limited to doing one thing at a time, meaning that more complex functions take longer to complete. In this age of big data where the information we need to store is growing immensely, there exists a problem where we do not have the power or time to solve many of our evolving issues with classic computers. For instance, by 2040 we may no longer have the capability to power all the machines around the world.2 These are the types of problems that quantum computers are predicted to solve. Quantum computers can store an enormous amount of information while using less energy than a classic computer. Also, with quantum computing we will be able to create processors that are a million or more times faster than the ones we use today.3 Although it is a new field, the global quantum computing market will be worth approximately $949 million by 2025, and the number of quantum computers could be between 2,000 and 5,000 by 2030.4
What Risks are Associated with Quantum Computing?
The benefits of quantum computing are clear, but the associated security risks are very real as well. Recently, the Cybersecurity and Infrastructure Security Agency (CISA) released advice on ways critical infrastructure should prepare for security risks stemming from quantum computing.5 Mona Harrington, the acting assistant director for CISA’s National Risk Management Center, warned that the power and speed of quantum computers creates substantial risks with respect to data privacy, because the technology will have the ability to break key encryption that networks rely on to secure sensitive information.6 However, there are algorithms that can be used to secure a system against an attack by a quantum computer. Thus, leaders of organizations must be proactive and begin preparing for the transition to a quantum technology-based society, specifically those leaders in critical infrastructure and government sectors. Organizations that act now to begin preparing for the age of quantum technology will be better equipped to protect the confidentiality of data that exists today and that will remain sensitive in the future. Early quantum preparation could reduce exposure to liability relating to data breaches, regulatory penalties for non-compliance with data privacy regulations, and consumer privacy lawsuits for data misconduct.
How is the Legal Field Preparing for the Age of Quantum Technology?
The rise of quantum computers means that new laws and regulations will need to be enacted to regulate the use and development of quantum technology. The U.S. government has acknowledged this need and has already introduced multiple bills through Congress concerning quantum computing. For instance, the Trump Administration signed into law a bill that commits the government to providing $1.2 billion over a five-year period to fund activities promoting quantum science to boost research and develop a future quantum workforce in the country.7 Moreover, President Biden signed directives aimed at preparing the country for the new quantum era, as the U.S. competes with Chinese agencies and companies that are pouring billions of dollars into the next-generation technology.8 As the race to develop a viable quantum computer continues, bipartisan legislation has been introduced in the Senate which aims to strengthen federal networks before this powerful technology can be used to bypass government encryption.9 Coined the “Quantum Computing Cybersecurity Preparedness Act,” this bill works to promote national security by incentivizing federal computer systems to shift to quantum-resilient algorithms to improve defenses against quantum computing cyberattacks and data breaches.
How can your Organization Become “Quantum Ready”?
Organizations around the world should take note of the steps governments are taking to become quantum ready. To adequately prepare for the day when quantum computers become more prevalent in our society, your organization should consider the following tips:
1. Examine your organization’s data processing activities and begin data mapping.
o Proactive and ongoing efforts to examine your organization’s data processing activities can identify potential system vulnerabilities and help leadership understand the categories of data stored within your network that you must protect against quantum-based cyberattacks and other cybersecurity incidents.
2. Develop a pilot team to explore the potential for quantum computing in your business or to analyze how quantum computing may impact your operations through third parties.
o This team could begin developing strategic plans relating to infrastructure adjustments in your operations to embrace quantum technologies, handle allocation of budgets for quantum computing or establishing relationships with internal and external quantum specialists and maintain technical awareness of the rate of development and potential application of quantum computing.
3. Align your organization with trusted cybersecurity and data privacy advisors.
o Cybersecurity and data privacy attorneys can provide guidance on complex issues, including compliance efforts with current data privacy regulations and monitoring legislature activities that may impact the way your organization uses technology. For example, government contractors must adhere to strict requirements concerning the use of software and technology. Additionally, in conjunction with information technology specialists, cybersecurity attorneys can assess your organization’s readiness for quantum technologies and educate your employees on potential risks.
How Brouse Can Help
Like machine learning and artificial intelligence, quantum computing may seem like an area of technology that is scary and impossible to understand. Truth be told, quantum technology has many complexities, and we anticipate that regulations in this space will be extremely complex as well. However, Brouse McDowell’s Cybersecurity and Data Privacy team can provide the guidance and tools you need to prepare for the emergence of this new technology and the regulations to follow and can position your organization to prepare for the threat of quantum cyberattacks. Additionally, our cybersecurity team offers a variety of data privacy and cybersecurity services, including pre-breach and cybersecurity planning, cybersecurity and data privacy transactional services, data regulatory compliance services, breach response and disclosure obligation services, cyber liability insurance review, and any related litigation issues regarding cybersecurity and data breaches (investigation, defense, insurance recovery and response). Please contact us for more information and to learn how we can partner with you.
This blog is intended to provide information generally and to identify general legal requirements. It is not intended as a form of, or as a substitute for legal advice. Such advice should always come from in-house or retained counsel. Moreover, if this Blog in any way seems to contradict advice of counsel, counsel's opinion should control over anything written herein. No attorney client relationship is created or implied by this Blog. © 2022 Brouse McDowell. All rights reserved.