Countdown to Q-Day: Why Manufacturers Must Act in the Present to Prevent Quantum Threats of the Future

Almog Apirion, the CEO and co-founder of Cyolo, explains why manufacturers must act now to prevent the quantum threats that could occur after Q-Day. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

Google’s new quantum computing superchip, “Willow,” purportedly takes just five minutes to solve problems that would take the world’s fastest supercomputers ten septillion—or 10,000,000,000,000,000,000,000,000 years—to complete. Google’s staggering claim is just one indicator that the advent of quantum computing is indeed a possibility, poised to expand our digital capabilities by orders of magnitude. The economic impact of quantum computing is already expected to reach $1.3 trillion by 2035.

But if the history of technology has taught us anything, it’s that as digital innovations change our world for the better, the nefarious capabilities of cyber-criminals are never far behind. A rising tide lifts all ships, including the bad guys.’

Manufacturers, essential services, critical infrastructure providers, and others rely on integrated information technology (IT) and operational technology (OT) networks to run their industrial control systems (ICS) smoothly. While today’s encryption standards largely protect these networks, they face a looming threat from the unfathomable capabilities of quantum computing. And while the threats posed by the advent of quantum computing may not be imminent, we must begin to take this future possibility seriously.

Once quantum computing tools inevitably make their way into the hands of bad actors, they will be able to break through pre-quantum encryptions, bypass standard security protocols, and access critical infrastructure with frightening ease. But here’s the key: this isn’t just a future concern—the trajectory of quantum computing holds ominous implications for cybersecurity posture in the present tense. If hackers steal encrypted data that is currently unbreachable, they simply have to bide their time until the rise of quantum computing allows them to crack it. In other words, hackers will be able to utilize the critical infrastructure of tomorrow to exploit information they’ve stolen today.

In order to prepare for these threats, organizations must do more than just encrypt their critical data—they must take actions to quantum-proof company assets and secure cyber protocols from future technologies.

Background and Context

Cybersecurity analysts have termed the hypothetical quantum doomsday as “Q-Day”–the day quantum computers can successfully penetrate end-to-end encryption, leaving much of today’s online environment exposed.

While Q-Day holds serious implications for any organization with encrypted data, manufacturers are one of the sectors at the most serious risk. Consider that, according to a recent report by the World Economic Forum, manufacturing is currently one of the most highly targeted sectors for cyber-attacks, accounting for 25 percent of all breaches, with 71 percent of these attacks utilizing ransomware.

Manufacturers are particularly exposed to cyber threats because many of their assets and critical infrastructure depend on outdated legacy systems for connection to IT/OT/ICS networks. The rigidity of manufacturing lines and other organizations with legacy systems makes it difficult for them to address vulnerabilities in a timely manner or institute patches to secure them.

To take just one example: the Iran-linked attacks on drinking and wastewater systems in the US highlight longstanding concerns about under-resourced, local companies that depend on outdated operational technologies, including small utilities, manufacturers, and healthcare organizations. The 2021 Colonial Pipeline ransomware attack is another high-profile instance of critical infrastructure whose security was compromised by outdated systems. When Q-Day arrives, countless organizations may be susceptible to the same fate.

Current Readiness and Risk

What are the implications for network security at a time when the inevitability of quantum computing is pushing many hackers to adopt a “harvest now, decrypt later” approach to cyber-attacks?

Network architecture is like an onion, consisting of layer upon layer of functions that are all connected to the central core of business operations. As such, network cybersecurity must employ protections and protocols around each individual layer to ensure a secure environment.

But once a breach or cyber-attack exploits saved credentials or other sensitive company information, bad actors can peel back those layers, remotely accessing critical infrastructure and disrupting operations, resulting in operational disruptions or, for utilities like water systems or electric grids, potentially catastrophic results.

With the ability to decrypt any information in the future, hackers are being that much more brazen about the data they try to steal now, undeterred by the notion that they can’t actually crack open the encrypted data…yet. That is why organizations must move beyond traditional network security and strive to quantum-proof every layer of their onions.

Recommended Actions

There are currently no regulations surrounding quantum-related cyber threats, so most industrial companies are not yet taking steps towards quantum-proofing. But with Q-Day somewhere in the foreseeable future, CISOs must start thinking preventively, ensuring their network infrastructures can integrate quantum-proof encryption standards.

How? Manufacturers should begin by updating their outdated legacy systems. If network architecture is too far behind to keep up with today’s security and encryption standards, then integrating even more digitally complex quantum-proof security will prove even more difficult down the line.

Manufacturers must also ensure that the connections between their networks and critical assets are secure by adopting end-to-end encryption. Applying Zero Trust and enforcing least-privilege principles to remote access, for example, prevents hackers from moving laterally through company networks, even if they breach one segment of the architecture. Safeguarding these individual connections is instrumental for preventing attacks that exploit data and disrupt operations.

Finally, organizations must enforce multi-factor authentication as an additional security layer and establish identity-based access. This will prevent unauthorized access to critical assets and systems.

A Quantum-Proof Future of Security

Quantum-proofing is a twofold gambit. Not only does it require organizations to double down on current security standards to prevent stolen data that hackers can decrypt down the line, but it also requires them to prepare their network infrastructure for the yet-unpredictable cybersecurity threats of the future.

The looming threat of quantum’s ability to break widely used encryption protocols sometime in the future poses serious risks to today’s manufacturing and industrial sectors. As such, quantum-proofing must be implemented proactively to establish security mechanisms against tangible threats to critical infrastructure and utilities. Organizations that can shed the false sense of security afforded by current encryption standards and take a “quantum-proof now, peace-of-mind later” approach will be poised to venture into the future far more safely.