Quantum computing is evolving from the theoretical to the practical. Today, several quantum computers at global institutions can complete certain tasks orders of magnitude faster than any classical supercomputer.
Although quantum computers’ current abilities are more demonstrative than immediately useful, their trajectory suggests that in the coming decades quantum computers will likely revolutionize numerous industries—from pharmaceuticals to materials science—and eventually undermine all popular current public-key encryption methods, and plausibly boost the speed and power of artificial intelligence (AI). What’s more, China has recently emerged as a major player in quantum computing.
Why Booz Allen Wrote This Report
Many organizational leaders and chief information security officers (CISO) lack insight into the practical importance of quantum computing and how to manage related risks. They don’t know how and when the technology might become useful—and how it might shape the behavior of threat actors such as China, a persistent cyber adversary of government and commercial organizations globally and a major developer of quantum-computing technology. This report describes (1) the state of quantum-computing maturity globally and in China, (2) possible quantum-computing uses and their development timeframes, and (3) the assessed influence of the uses on Chinese threat activity.
What Booz Allen Found
Chinese threat groups will likely soon collect encrypted data with long-term utility, expecting to eventually decrypt it with quantum computers. By the end of the 2020s, Chinese threat groups will likely collect data that enables quantum simulators to discover new economically valuable materials, pharmaceuticals, and chemicals. Quantum-assisted AI, meanwhile, is unlikely to emerge or influence adversary behavior in the foreseeable future.
What Booz Allen Recommends
Booz Allen recommends CISOs manage strategic risk associated with quantum computers’ influence on Chinese cyber threats by (1) conducting threat modeling to assess changes to organizational risk, (2) developing an organizational strategy for deploying post-quantum encryption, and (3) educating personnel and staying informed.