{"id":3069,"date":"2025-05-07T08:00:00","date_gmt":"2025-05-07T08:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=3069"},"modified":"2025-05-07T08:00:00","modified_gmt":"2025-05-07T08:00:00","slug":"quantum-supremacy-cybersecuritys-ultimate-arms-race-has-china-way-in-front","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=3069","title":{"rendered":"Quantum supremacy: Cybersecurity\u2019s ultimate arms race has China way in front"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

Imagine a vast, ancient library, the Library of All Secrets. Within its countless shelves reside every code, message, and hidden truth ever recorded. For centuries, these secrets have been safe, locked away behind intricate, almost unbreakable locks.<\/p>\n

Now picture a new kind of key, shimmering and ethereal, called the \u201cQuantum Key.\u201d Unlike ordinary keys, this one doesn\u2019t just turn one lock. It possesses an almost magical ability: It can try every possible lock combination\u00a0simultaneously.<\/p>\n

This new Quantum Key could unlock incredible new knowledge, solve ancient riddles, and advance understanding in ways never imagined. But in the wrong hands, it will render all those carefully guarded secrets, those vital codes protecting nations, businesses, and individuals immediately vulnerable.<\/p>\n

[ See also: The CISO\u2019s guide to establishing quantum resilience<\/a> ]<\/strong><\/p>\n

This is the world we are rapidly approaching. Every email message and financial transaction is protected by encryption methods that quantum computing will render useless. In 2024 the Global Risk Institute estimated that within five years there is a 5% to 14% probability that quantum computers will be able to break RSA-2048 encryption.\u00a0 Within 10 years, that probably rises to between 19% and 34%.<\/p>\n

This existential threat is on the horizon, but many boards, and even CISOs, remain unconcern. It is a distant future in technology time, after all, and there are so many issues to address in the here and now. But when the time to remediate this issue being estimated at 7-plus years, organizations that have already started dealing with it may still be at major risk of catastrophic disaster.<\/p>\n

Those estimates from the Global Risk Institute do not account for recent developments that indicate quantum\u2019s acceleration. In February 2025, Chinese scientists achieved a major breakthrough with photonic quantum chips<\/a>. Not long after, \u201cOrigin Wukong,\u201d a Chinese quantum computer powered by a 72-qubit chip, fine-tuned a billion-parameter AI model<\/a>. Earlier, in October 2024, Chinese researchers unveiled a method for breaking RSA encryption<\/a>.<\/p>\n

The quantum arms race<\/h2>\n

Much literature suggests that China is outspending western countries by a huge factor in quantum computing, with estimates pegged at $10B to $15B, versus the reported $1B the US plans to invest in the next five years. The EU is also slated to invest $1B, though over the next 10 years. Microsoft is targeting $1B as well.\u00a0<\/p>\n

Unless my maths is wrong, the west as a block is not winning this arms race. China already publishes more research on quantum computing than any country in the world, including the US.<\/p>\n

An advantage gained in quantum will translate into an immediate military advantage in communications and information processing. Every end-to-end encrypted message that feels currently protected will be \u201cEmperor No Clothes\u201d at some point, overnight.<\/p>\n

Indeed, new quantum technology could provide undetectable weapon systems.<\/p>\n

The DeepSeek\/Qwen factor<\/h2>\n

What we learned from recent AI advances, such as DeepSeek and Qwen, that caught the world by surprise<\/a> is that China\u2019s technology is much more advanced than anyone anticipated. I\u2019d argue that this is a leading indicator that China\u2019s quantum computing capabilities are also in absolute stealth-mode development and ahead of the US.<\/p>\n

China has invited proposals for post-quantum protection, and in February 2025, China invited proposals for Next-Generation Commercial Cryptographic Algorithms Program (NGCC)<\/a>.<\/p>\n

While we have from NIST the ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism)<\/a> as the recommended post-quantum protection, it is likely that China is concerned this can\u2019t be trusted and wants to develop its own approach.<\/p>\n

Just in the past few weeks NIST has also announced the recommended (also a mouthful) the Hamming Quasi-Cyclic (HQC) Algorithm<\/a> as a backup cryptographic scheme. This approach is just in case ML-KEM has faults and weaknesses that are currently not apparent.<\/p>\n

World\u2019s largest zero day<\/h2>\n

Should China get there first, it is possible they will have a payday never before seen.\u00a0 Every Bitcoin decrypted and taken. The risk of \u201charvest now, decrypt later\u201d \u2014 in which data collected now from various healthcare, government, and financial services breaches will be unlocked later when the right key arrives \u2014 will be fully realized on all assets.<\/p>\n

Such an event will create both economic and military dominance, with whoever cracks the code having all the keys to the castle. It would be an extreme ethical challenge not to take advantage of this shift for your own advantage. The No. 1 global power could very well be determined by this race, with no room for second place.<\/p>\n

What CISOs can do about it<\/h2>\n

Your transition to quantum-resistant encryption must be mobilized now. While these new cryptographic algorithms have not been tested, there are some actions you can take now<\/a> without waiting for validation.<\/p>\n

Form a discovery team: <\/strong>Your will need funding and to establish a team to understand three key questions: What assets are vulnerable? Is there an inventory of encryption keys? Are these classified in terms of criticality?<\/p>\n

\u00a0Vet your vendors: <\/strong>You will also need to liaise with your third-party partners and vendors to ascertain whether they have a plan to implement post-quantum cryptography, what their timeline is, and how you will be able to certify this work.<\/p>\n

Assemble a team of experts: <\/strong>This 5- to 7-year program will require new skills and existing competency to ensure full remediation. This will mean bringing together a program director, project managers, payments SMEs, architects, developers, testers, business analysts, org change leaders, and cryptography SMEs.<\/p>\n

These skills will become harder to find as more organizations wake up and realize the amount of work required. Because the risks are very real, there are massive incentives to get there \u2014 and hiring \u2014 first.<\/p>\n

Which systems do I start with \u2014 and which can I ignore?<\/h2>\n

Because quantum computing primarily threatens cryptographic security, it\u2019s not a risk to basic computation or data processing. Systems are only at risk if they rely on specific types of encryption (public key cryptography) for security.\u00a0 As a result, critical infrastructure like power grids or traffic systems aren\u2019t directly threatened. Their vulnerabilities would be more about security protocols needing updates rather than core functionality being at risk.<\/p>\n

The most vulnerable systems include:<\/p>\n

Public key cryptography systems, those using RSA and ECC (Elliptic Curve Cryptography)<\/p>\n

Digital signatures used in secure communications<\/p>\n

SSL\/TLS protocols that secure websites (HTTPS)<\/p>\n

Digital identity and authentication systems<\/p>\n

Secure messaging platforms and banking transaction systems<\/p>\n

Cryptocurrency systems that rely on current crypto methods<\/p>\n

On the other hand, several legacy technologies will be safe from the quantum threat, including:<\/p>\n

Traditional databases (without encryption)<\/p>\n

Legacy systems (e.g., COBOL)<\/p>\n

Basic automation systems<\/p>\n

Systems with no cryptographic elements<\/p>\n

Older industrial control systems<\/p>\n

Non-networked computers<\/p>\n

This is not Y2K<\/h2>\n

For those of us who were around for the year-2000 event, you may be thinking this sounds like a parallel of that period. The panic and preparation that was required to get ready was all a massive anticlimax. The economy kept working and planes did not fall out of the sky.<\/p>\n

The significant difference is that we do not know exactly when this catastrophic event will occur, hence the preparation does not have a published exam date. We may all recall from our student days that surprise exams are much harder to pass than those you can dependably map out a plan to work towards.<\/p>\n

One advantage however is that the quantum risk will still need to evolve, making the challenge not so much a sudden \u201ccliff edge\u201d like Y2K but a gradual technological development we can see coming and adapt to.<\/p>\n

So, while both situations generated significant attention and concern, Y2K was more like a known deadline requiring mass updates, while quantum computing represents a longer-term technological shift we actively prepare for. The risks are real but more manageable with proper preparation. Still, the time to get started is now.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Imagine a vast, ancient library, the Library of All Secrets. Within its countless shelves reside every code, message, and hidden truth ever recorded. For centuries, these secrets have been safe, locked away behind intricate, almost unbreakable locks. Now picture a new kind of key, shimmering and ethereal, called the \u201cQuantum Key.\u201d Unlike ordinary keys, this […]<\/p>\n","protected":false},"author":0,"featured_media":3070,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-3069","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/3069"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3069"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/3069\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/3070"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3069"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3069"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3069"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}