Quantum Computers Versus Hackers, Round One. Fight!
This week D-Wave, a leader in the nascent field of quantum computing, unveiled its latest machine, D-Wave 2000Q, as well as its first customer: a cybersecurity firm called Total Digital Security. It’s the first time quantum has been used to fight cyber crime, and if it works, it could reshape how security analysts protect their networks from harm.
In the computers we use every day, a “bit” of information stores either a “1” or a “0,” and that’s how all of our data is encoded. Quantum computing deviates by using quantum-mechanical properties, like entanglement and superposition, to store a 1 or 0 simultaneously in a unit called a “qubit.” With more data per qubit, quantum machines can theoretically compute exponentially faster than current systems.
But quantum computers are difficult to build, and the ones that exist are still limited compared to the theoretical potential of the field. The devices need to be isolated from all types of interference like vibrations or radio waves, so the qubits can maintain their quantum mechanical state without “decohering”—losing their special properties and instead exhibiting classical mechanical traits. To create this quarantine, manufacturers use features like dampeners and extreme cold (approaching absolute zero) to insulate the actual quantum computer chip. But even when a device can largely maintain coherence, quantum data is delicate, so it’s easy for errors to occur.
You have to start somewhere, though. D-Wave’s customers for earlier models range from Lockheed Martin to Google to Los Alamos National Laboratory. Now TDS, a cybersecurity company that builds hardware and software security products, will be the first private security business to seek improved results through next-generation computing.
Quantum Leap
Experts have suggested that quantum computers could break the toughest mainstream encryption strategies in use today; exponentially increased processing speed will eventually allow them to crack protocols that are currently too computationally difficult to unravel. The early commercial interest in quantum computing, though, focuses less on offense and more on helping beleaguered security analysts not just identify incidents, but decide which of those incidents represent an actual threat. IBM estimates that companies have to sift through 200,000 security events per day on average; that’s certainly more than a human team can dependably vet on their own, and generates enough data over time to challenge traditional computers.
It’s a problem already being tackled by AI solutions, notably IBM’s Watson supercomputer. That someone would apply quantum computing to security data was perhaps inevitable. D-Wave’s computers can solve large data analytics and optimization problems more quickly than traditional digital computers. TDS hopes that translates to better network modeling for improved visibility into where and why vulnerabilities exist, and more powerful threat modeling to identify risks and prioritize how they’re addressed. And others are testing the idea of using quantum computers in this way, like a researcher at the University of Maryland who has been using a D-Wave machine to classify malware.
D-Wave’s computers can’t tackle all algorithms yet, but evidence indicates that they can solve large data analytics and optimization problems more quickly than traditional digital computers when given tasks they are tailored for. D-Wave claims that the 2000Q can outperform classical servers by up to 10,000 times.
In that sense, the most valuable attribute of the $15 million D-Wave 2000Q is more straightforward than its mind-bending properties, at least for cybersecurity: It’s fast. And this is a field where the ability to process large volumes of data quickly is paramount.
“Quantum computing will definitely be applied anywhere where we’re using machine learning, cloud computing, data analysis. In security that [means] intrusion detection, looking for patterns in the data, and more sophisticated forms of parallel computing,” says Kevin Curran, a cybersecurity researcher at Ulster University and IEEE senior member.
What Comes Next
The marriage of quantum computing and cybersecurity doesn’t mean that the technology is ready to go mainstream, though. While there’s increasing consensus among the research community that D-Wave computers actually take advantage of quantum mechanics, it’s still a challenge for the industry to build true quantum computers at all, much less show that they deliver meaningful speed improvements over the most powerful traditional binary computers. And no matter how enthusiastic the security community, or any group, is about adopting quantum computing, it will take time to create the infrastructure to support the work.
“It’s a rare skill available in the market right now,” Curran says. “We have to train a whole new generation of people who are able to program quantum computers and develop the algorithms, because it’s completely different from classical computing.”
It’s still “early days” as D-Wave President Bo Ewald likes to say, for cybersecurity or nearly any other quantum computing application. “In general whether it’s a D-Wave computer or a full-fledged quantum computer, if we can solve some of these data analytics problems or any optimization problem faster than the best known classical heuristic that’s great news,” says Michele Mosca, the cofounder of the Institute for Quantum Computing at the University of Waterloo.
Quantum computing is far from a proven tool at this point, and it’s just one of a handful of next-generation computing solution being applied to thorny cybersecurity issues. The more opportunities it has to transform the world, though, the better the chance that it eventually will.
https://www.wired.com/category/security/feed/