A new discussion paper has set out recommendations for the European Union (EU) on how to ensure member states are protected against quantum-enabled cyber-attacks.
Written by Andrea G. Rodríguez, Lead Digital Policy Analyst at the European Policy Centre, the paper A quantum cybersecurity agenda for Europe emphasized the urgent need for a new EU Coordinated Action Plan to facilitate quantum-secured technologies before ‘Q-Day’ – the point at which quantum computers are able to break existing cryptographic algorithms.
Experts believe this will occur in the next five to 10 years, potentially leaving all digital information vulnerable to cyber-threat actors under current encryption protocols.
In the new paper, Rodríguez said that the impact of quantum computing has been “mainly left out of the conversation” at an EU policy level. This includes a lack of strategy on dealing with short-term threats, such as ‘harvest attacks.’ This is where cyber-criminals are already extracting encrypted data in anticipation of Q Day.
She noted that in the absence of EU leadership in this area, “only a few EU countries have made public plans to counter emerging quantum cybersecurity threats, and fewer have put in place strategies to deal with them.”
Read now: HSBC Joins Quantum-Secure Network
The European Policy Centre paper acknowledged that the US has taken the lead in transitioning to post-quantum cybersecurity. The National Institute of Standards and Technology (NIST) is working on developing a post-quantum cryptographic (PQC) standard, and in July 2022 selected a group of encryption tools that could potentially withstand the attack of a quantum computer.
In parallel with this standardization process, in December 2022, US President Joe Biden signed the Quantum Computing Cybersecurity Preparedness Act into law, which sets out a number of obligations on federal agencies to prepare their migration to quantum-secure cryptography.
Rodríguez argued that the EU could play a critical role “in sharing information and best practices and reaching a common approach to the quantum transition” across member states.
With this in mind, the paper set out six recommendations for an EU quantum cybersecurity agenda:
- Establishing an EU Coordinated Action Plan on the quantum transition
- Establishing a new expert group within the European Union Agency for Cybersecurity with seconded national experts to exchange good practices and identify obstacles to the transition to post-quantum encryption
- Assisting in setting priorities for the transition to post-quantum encryption and pushing for cryptographic agility to respond to emerging vulnerabilities
- Facilitating political coordination between the European Commission, member states, national security agencies and ENISA to determine technological priorities and identify use cases for quantum-safe technologies.
- Facilitating technical coordination at the EU level to address research gaps in quantum-safe technologies
- Exploring the use of sandboxes to accelerate the development of near-term applications of quantum information technologies
Rodríguez concluded: “The challenges that quantum computing poses for European cybersecurity might seem far away, but the ability of the EU to detect, protect, defend and recover from them in the future starts by pursuing necessary actions to mitigate them now. Therefore, a quantum cybersecurity agenda is essential for Europe’s economic security in a fast-developing geopolitical environment and is in Europe’s hands to act now.”