Photo: Unsplash / RNZ
New Zealand's biggest institutions, including government, banks and regulators, are working to address an emerging risk to the security of digital assets and critical infrastructure.
Quantum computers are rapidly developing and will soon be able to break most common encryption systems in place today, which typically use passwords to protect personal data.
The threat, dubbed Y2Q, shapes as this generation's Y2K moment, which required a costly global upgrade of legacy computer systems back in the late 90s to accommodate the four-digit turn of the millennium and avoid 2000 being read as 1900.
The National Cyber Security Centre (NCSC) is the government's lead operational cyber security agency and is fully aware of opportunities and the risks posed in a post-quantum world.
"In terms of cyber security, quantum computing could lead to criminals and other actors having the ability to compromise cryptographic systems currently used to keep information secure," a NCSC spokesperson said, adding the agency was monitoring developments and sharing information with international partners.
"We urge New Zealand businesses, organisations and government agencies to take steps to secure their information and data in light of evolving cyber threats.
"We expect to develop and continually update relevant guidance, keeping in mind the new NIST (the US's National Institute of Standards and Technology) standard, which has a Post-Quantum Cryptography Standardisation project."
The public was also being urged to take note and update their passwords and use two-step authentication to reduce their risks.
Technology Users Association chief executive Craig Young said using random computer-generated passwords was probably better than using words and phrases.
"From an individual's perspective, we went through a period where we were told to write password phrases. Now generative AI works on English and phrases, and so we're already seeing the weakness in that process as well."
Young said there was probably a runway of opportunity to protect digital assets and infrastructure before quantum computing became widespread, anytime between now and 2031.
"But we can't afford to sit around," he said. "As technology changes, the way that we keep ourselves secure will change as well, and we need to keep on top of it."
Updating password protection would help but would not address all the risks.
A number of commonly used apps, such as WhatsApp, were vulnerable and not suitable for sharing serious and secret information.
Photo: AFP / Jaque Silva
Bitcoin, other crypto currencies at risk
The blockchain was also vulnerable. It is the mechanism used to trade Bitcoin and other crypto currencies.
Young said quantum computers might be able to help people recover Bitcoin lost to missing passwords, but there was a flipside, as the technology could be easily used to break into encrypted digital wallets.
Young said the potential for weaponisation of quantum computing was real, though the current state of play was hard to know as not all developers were forthcoming.
"I mean, tech billionaires are going to be looking at any advancement that they can use to drive their business," he said.
"The other thing is we don't know what's happening in countries that we're typically concerned about, such as China or Russia. You know, they will definitely be looking at developing this sort of technology and not necessarily being completely open about it."
However, he said New Zealand does have supercomputers and smart people to run them, though the cost will be high and ongoing as Y2Q would not be the end of it.
