The European Union (EU) must prepare for quantum cyberattacks and adopt a new coordinated action plan to ensure a harmonized transition to post-quantum encryption to tackle quantum cybersecurity threats of the future. That’s according to a new discussion paper written by Andrea G. Rodr?guez, lead digital policy analyst at the European Policy Centre.
Advances in quantum computing put Europe’s cybersecurity at risk by rendering current encryption systems obsolete and creating new cybersecurity challenges, Rodr?guez wrote. This is often coined “Q-Day” – the point at which quantum computers will break existing cryptographic algorithms – and experts believe this will occur in the next five to ten years, potentially leaving all digital information vulnerable to malicious actors under current encryption protocols. For Europe to be serious about its cybersecurity ambitions, it must develop a quantum cybersecurity agenda, Rodr?guez stated, “sharing information and best practices and reaching a common approach to the quantum transition” across member states.
Cybersecurity impact of quantum computing out of EU’s purview
Quantum computing will disrupt online security by compromising cryptography or by facilitating cyberattacks such as those on digital identities, Rodr?guez wrote. “Cyberattacks on encryption using quantum computers would allow adversaries to decode encrypted information, interfere with communications, and access networks and information systems without permission, thereby opening the door to stealing and sharing previously confidential information,” she warned.
“Given that the prospects of a cryptographically significant quantum computer – one able to break encryption – are not a question of if but rather when, cybercriminals and geopolitical adversaries are rushing to obtain sensitive encrypted information that cannot be read today to be de-coded once quantum computers are available.” These types of cyberattacks, known as “harvest attacks” or “download now-decrypt later,” are already a risk to European security.
The impact of quantum computing on Europe’s cybersecurity and data protection has been mainly left out of the conversation despite sporadic mentions in some policy documents such as the 2020 EU Cybersecurity Strategy or the 2022 Union Secure Connectivity Programme, Rodr?guez said.
US leads the way on post-quantum cybersecurity
The US arguably leads the transition to post-quantum cybersecurity, in which post-quantum cryptography will be the protagonist, according to Rodr?guez. The National Institute of Standards and Technology (NIST) has initiated a standardization process of post-quantum cryptography algorithms, while the Quantum Cybersecurity Preparedness Act, established in 2022, sets up a roadmap to migrate government information to post-quantum cryptography, Rodr?guez wrote.
