Europe is not ready for a quantum apocalypse: a new report reveals all the weaknesses of the EU
Cybercriminals are already harvesting encrypted data in anticipation of the “quantum day”.
A new discussion paper sets out recommendations for the European Union on how to secure member states from cyberattacks using quantum technology.
Report titled “Quantum Cybersecurity for Europe” was written Andrea G. Rodriguez, Lead Digital Policy Analyst at the European Policy Center. It highlights the need to develop a new coordinated EU action plan to introduce quantum-secured technologies before the so-called “quantum day” – the moment when quantum computers can break existing cryptographic algorithms.
Experts believe that this will happen within the next 5-10 years, potentially jeopardizing all digital information with current encryption protocols.
In her presentation, Rodriguez said that the impact of quantum computing “has largely gone undiscussed” at the EU policy level. As such, this results in the absence of a strategy to counter short-term threats, such as “data mining attacks”, as well as complete helplessness in the long term, when cybercriminals wait for the “quantum day”.
Although some EU countries have already submitted their proposals on how to solve the problem of the “quantum day”, Rodriguez noted that until the EU officially raises this issue for public discussion, the development of truly high-quality and working strategies can not be expected.
Rodriguez’s report formally acknowledges that the US is now leading the way in the transition to post-quantum cybersecurity. National Institute of Standards and Technology (NIST) is actively working on the development of a standard for post-quantum cryptography (PQC) and a year ago selected a group of encryption tools that could potentially withstand the attack of a quantum computer.
And in December 2022, U.S. President Joe Biden signed into law the Quantum Computing Security Preparations Act, which establishes a series of obligations for federal agencies to prepare their transition to quantum-secured cryptography.
Rodriguez argues that the EU could play a key role “in sharing information and transferring best practices and reaching a common approach to quantum transition” among member states if it were to act responsibly.
To this end, the report proposes six recommendations for EU quantum cybersecurity:
- Creation of a coordinated EU action plan for the quantum transition.
- Creation of a new expert group within the European Cybersecurity Agency with national experts to share good practices and identify barriers to moving towards post-quantum encryption.
- Prioritize the transition to post-quantum encryption and encourage cryptographic flexibility to respond to emerging vulnerabilities.
- Ensuring political coordination between the European Commission, EU Member States, national security agencies and ENISA to determine technological priorities and identify use cases for quantum-protected technologies.
- Ensuring technical coordination at the EU level to address gaps in research on quantum-protected technologies.
- Investigation of the possibility of using sandboxes to accelerate the development of the nearest applications of quantum information technologies.
Rodriguez concluded her presentation with the following statement: “The challenges that quantum computing poses for European cybersecurity may seem distant, but the EU’s ability to detect, protect and recover from them in the future begins with taking the necessary mitigation measures now.”
“Thus, the quantum cybersecurity agenda is critical to the economic security of Europe in a rapidly evolving geopolitical environment. Europe must act immediately,” the analyst concluded.