The European Union (EU) is being urged to take proactive measures to prepare for quantum cyberattacks and implement a coordinated action plan to ensure a smooth transition to post-quantum encryption. The call comes from Andrea G. Rodríguez, lead digital policy analyst at the European Policy Centre, in a new discussion paper.
Rodríguez highlights that the advancements in quantum computing pose a significant risk to Europe’s cybersecurity. As quantum computers become more powerful, they have the potential to render current encryption systems obsolete and create new cybersecurity challenges. This phenomenon, commonly referred to as “Q-Day,” is the point at which quantum computers can break existing cryptographic algorithms. Experts predict that Q-Day could occur within the next five to ten years, leaving all digital information vulnerable to malicious actors unless appropriate measures are taken.
To address these risks, Rodríguez emphasizes the need for the EU to develop a quantum cybersecurity agenda. This agenda should include the sharing of information and best practices, as well as the adoption of a common approach to the quantum transition among member states. By doing so, Europe can effectively tackle quantum cybersecurity threats and safeguard its digital infrastructure.
The impact of quantum computing on cybersecurity extends beyond the EU’s borders. Quantum computers have the potential to disrupt online security by compromising cryptography and enabling cyberattacks on digital identities. Rodríguez warns that cyberattacks using quantum computers could allow adversaries to decode encrypted information, interfere with communications, and gain unauthorized access to networks and information systems. This could lead to the theft and sharing of previously confidential information.
Furthermore, there is a growing concern about the risk of “harvest attacks” or “download now-decrypt later” attacks, where cybercriminals and geopolitical adversaries capture encrypted information that cannot currently be decoded. Once quantum computers become available, they can use these captured data to decipher the information, posing a significant threat to European security.
Despite sporadic mentions of the impact of quantum computing on cybersecurity in some policy documents, Rodríguez argues that the issue has not received enough attention in the EU’s cybersecurity discussions. She believes that Europe must prioritize this topic and integrate it into its cybersecurity strategy to effectively address the challenges that quantum computing presents.
In contrast, the United States is leading the way in post-quantum cybersecurity. Rodríguez highlights the efforts of the National Institute of Standards and Technology (NIST) in standardizing post-quantum cryptography algorithms. Additionally, the Quantum Cybersecurity Preparedness Act, introduced in 2022, provides a roadmap for migrating government information to post-quantum cryptography. These initiatives demonstrate the US’s commitment to tackling the cybersecurity risks posed by quantum computing.
To ensure the future security and resilience of Europe’s digital infrastructure, the EU must take immediate action. By adopting a coordinated approach and investing in research and development, Europe can be better equipped to mitigate the risks associated with quantum cyberattacks. It is crucial for the EU to prioritize quantum cybersecurity and work towards a harmonized transition to post-quantum encryption to safeguard its digital assets and protect its citizens’ data.