Quantum computing will change the cyber landscape, here’s why we need good governance – The European Sting – Critical News & Insights on European Politics, Economy, Foreign Affairs, Business & Technology
This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.
Author: Ibrahim Almosallam, Consultant, Saudi Information Technology Company
- Quantum computing can process data and information in a much better way than a classical computer.
- Proactive governance is key to maximizing the benefits of technology, mitigating potential risks, and facilitating the transition to a post-quantum era.
- A behavioral approach to governance should be considered alongside technical and procedural approaches.
It’s hard to underestimate the power of quantum computers. Compared to a classical computer, a quantum computer resembles an airplane to a car. They work fundamentally differently and no matter how fast a car is, it cannot fly over a river. Quantum computers use different physical principles, or quantum mechanics, to communicate and process information in a way that no classical computer can ever use classical physics.
A classical computer can only hold one bit of information at a time (0 or 1), whereas qubits in quantum computers can be in a state of superposition and simultaneously have aspects 0 and 1. However, the result of an operation will also be in a state of superposition and the manipulation of states of superposition to extract the desired response is in the domain of quantum algorithms. This article focuses on how to govern this technology to ensure a secure future.
A significant moment for quantum computing
We are now living in a “Wright Brothers moment” in the history of quantum computing. But when a commercial jet version arrives, it will offer another leap forward in information technology similar to what classical computing provided in the 20and century, and, as with any general purpose technology – like the internet, electricity and, for that matter, fire – along with great benefits come great risks.
Advantages include the fact that quantum computers could be used to simulate quantum physical processes for much faster design of drugs and materials; to accelerate the development of artificial intelligence (AI) and provide new levels of security and information communication. But they could also be used to break public-key encryptions, to amplify current AI risks at a faster rate, or be misused in biotechnology to design bioweapons or other risks.
As such, it is difficult to imagine the success of these technologies without strong regulation and governance policies. Can you imagine a world without electrical regulations, internet protocols and fire safety standards? However, even though the risks of quantum computers are well understood, little has yet been done to mitigate them due to the uncertain horizon of their future.
Governance of Quantum Computing
Good governance is essential to minimize the risks and maximize the benefits of quantum computing. However, it’s easy to get lost in all the details about potential benefits and risks, and as an extension of classical computing, it will inevitably inherit both.
Thus, when developing quantum computing policies, it is more efficient to first review current policies to determine which should be:
- Adopted to deal with similar risks.
- Expanded to mitigate increased risk.
- Amended to deal with new or unforeseen risks.
A promising area of quantum computing is optimization, which will accelerate the development of AI and hence its risks, such as data bias. Therefore, it is essential to distinguish between what quantum computing will add and what it will multiply.
Three types of approach to governance
Taking cybersecurity as an example, without losing generality, governance approaches can be grouped into three categories:
- Technical: Software or hardware hardening, such as stronger encryptions or two-factor authentication.
- Procedural: Enforced policies and regulations, such as stronger passwords or compliance.
- Behavioral: Harnessing psychological and social behavior to influence decisions, such as changing defaults, awareness, or social pressure.
All three are equally important, but the latter is often overlooked. Procedural approaches are based on classical economic theory which assumes that humans are rational, selfish and profit maximizing. On the other hand, behavioral techniques are based on modern behavioral economics which understands that humans are not perfectly rational and are influenced by their emotions and cognitive biases.
There are many ways to mitigate quantum risk through behavioral tactics, but we will highlight two examples here.
‘Don’t give me time, give me a deadline’
A fault-tolerant quantum computer will be able to break most of the public-key encryptions that secure our modern communications. Even if the threat is still far in the future, preparation must start now because an adversary can store data encrypted today and then decrypt it retroactively once the technology is mature enough.
This threat is a prime example of how all of the above tactics can be employed. One technical approach to the problem, for example, is to develop new quantum-proof encryption schemes, which is already an active area of research in cryptography. Another technical approach is to use quantum key distribution (QKD) protocols – battling quantum computers with quantum communication channels to exchange keys.
However, people need to be encouraged to take this route and this is where we believe behavioral approaches can help. Raising awareness alone will not suffice; anti-tobacco campaigns are a good example.
Instead, creating a sense of urgency might be a more effective behavioral approach, such as setting an artificial deadline for moving to post-quantum crypto. Deadlines, even self-imposed, have shown their effectiveness in improving performance.
For example, after the announcement of the NIST standards, let’s say in five years that all data encrypted using pre-quantum cryptography would no longer be legally protected. This way, consumers will put pressure on vendors to provide safe quantum solutions and, as a result, vendors will accelerate their transition efforts.
It is well known in the sociological sphere that humans tend to overestimate, and sometimes underestimate, their performance compared to their peers. A famous swedish study published in 1981 found that 88% of American drivers believe they have above average driving skills.
This is an example of the Dunning-Kruger effect, a cognitive bias whereby people with limited knowledge tend to overestimate their abilities. Although the key term here is “limited knowledge”, it is also shown that people tend to recognize their weaknesses and improve through performance feedback, especially in relation to others.
An experiment showed that people worked harder when told they would learn their ranking compared to another group where no feedback was given. We can imagine that such tactics work on a macro scale. Accordingly, a Global Quantum Readiness Index can be seen as a form of feedback that would help nations assess their performance and chart its trajectory.
Moreover, such relative rankings would create the necessary social pressure to induce governments to improve their quantum preparedness. However, these indices must be designed carefully so as not to discourage nations at the bottom of the list. For example, by subdividing the lists by regions and diversifying the parameters, such as having a dimension for quantum sensing, governments would be pressured to pay more attention to them, even if they are otherwise ranked at the top of the overall list. .
A new problem that requires a new solution
Quantum computing is a new problem that requires our latest solutions. It is crucial not to let the old threats overshadow the new ones. Behavioral approaches are very effective and inexpensive in this regard.
What is the Forum doing to prevent a cyberpandemic?
Next-generation technologies such as artificial intelligence, ubiquitous connectivity, and quantum computing have the potential to bring new risks to the world, and at this stage their full impact is not well understood.
There is an urgent need for collective action, political intervention and improved government and corporate accountability to avert a potential cyber pandemic.
The forums Cyber Security Center launched the Future Series: Cybercrime 2025 initiative to identify the approaches needed to manage cyber risks in the face of major technological trends that will occur in the near future.
Find out how the Forum leads more than 150 global experts from business, government and research institutes, and how to get involved in our impact story.
That being said, this is not an argument for using behavioral approaches in place of technical or procedural approaches when considering the governance of quantum computing, but rather for including them in the mix of possible solutions and taken into account when designing new policies related to quantum computing.