Be ready for quantum-enabled opportunities and threats 9 min read
The Federal Government's recent National Quantum Strategy and FY2023–24 Budget signal a strong commitment to growing Australia's quantum computing sector.
To assist organisations aiming to capitalise on that renewed focus, this Insight gives an overview of the technology and the legal issues that will need to be grappled with as quantum-enabled opportunities and threats evolve.
- Activity and investment in the quantum computing ecosystem remain strong, as commercial applications grow and the Government strives to maintain Australia's capabilities and competitiveness.
- Business leaders – particularly those in the pharmaceutical, financial services, machine learning and AI spaces – should consider how quantum computing might affect their organisation, to ensure that they do not miss out on opportunities to experiment with quantum computing technology as it develops.
- Custodians of large volumes of data or critical infrastructure should begin exploring their options for mitigating quantum-enabled cybersecurity risks.
Quantum computing harnesses the power of quantum mechanics to offer significantly faster, more accurate and efficient computing power compared with classical computing. Unlike a classical computer, which operates using bits of 0s and 1s, a quantum computer uses 'quantum bits' to simultaneously represent 0s and 1s, to exponentially increase computing speeds.
The upshot is that quantum computers excel at complex problem solving. This is promising news when it comes to problems that can be solved in theory but whose computational workloads are beyond the capability of even the most cutting-edge classical computers and supercomputers.
While the expected timeframe for potential commercial applications varies, experts have earmarked several industries as presenting high-value opportunities. Near-to-medium term examples are accelerated drug discovery and testing, data science, and financial portfolio and supply-chain optimisation. Quantum computing is also expected to aid machine learning and AI solutions by being able to process huge datasets more efficiently.
The flipside is that the technology poses a significant cybersecurity threat, as quantum computers' increased computing power will allow bad actors to overcome classical encryption protocols that protect sensitive data. It is a commonly held view that this capability is several years away but, nevertheless, cybersecurity stakeholders should ensure that they are prepared to put in place the necessary controls before this capability exists.
Three distinct, but highly interdependent, value chains are already emerging in the nascent ecosystem.
1. Hardware: it captures the players that provide inputs for, or build, a fully functional quantum computer. These activities are also the most critical, as well as the most labour and capital intensive, requiring extensive funding and engineering capabilities, and also expertise in electronics, programming, physics and chemistry. Participants include technology giants, fundamental research companies and university research labs.
2. Applications: this value chain is focused on exploring and building out use cases for quantum technology. It consists of providers of adjacent tools, applications and complementary systems, and is faster growing and more dynamic – mainly due to the reduced barriers to entry – but entirely dependent on quantum computing hardware provided by third parties. Players that are harnessing quantum computing hardware to develop tools and complementary systems range from technology giants like IBM and Google, to startups focused on a range of issues, including cybersecurity, AI and many more targeted solutions.
3. Cloud service providers: the most viable option, at least in the short-to-medium term, for downstream users and applications to take advantage of quantum computing will be via the cloud. This will allow them to explore the opportunities of quantum processing without requiring as much investment in dedicated quantum computing infrastructure. For now, these offerings are the dominion of the technology giants such as Alibaba, Amazon, IBM, Google and Microsoft, which are all already offering direct-to-expert cloud-based platforms to let end users access quantum computers to explore and build out use cases.
Funding is essential to facilitate growth in all of the above value chains, and has relied on a hefty mix of private and public investment, as stakeholders aim to ensure strategic and independent access to future capabilities. In Australia, public investment tailwinds are set to grow over the next five years in the wake of the recent Federal Budget, which earmarks $101.2 million to support businesses integrating quantum and AI technologies into their operations. This includes initiatives such as the new National Quantum Strategy,1 the establishment of the Critical Technologies Challenge Program ($40.2 million), the Australian Centre for Quantum Growth ($19.8 million) and other investments in quantum technologies.2 Private funding is also contributing to the rise in domestic quantum-computing startups, exemplified by Q-CTRL's announcement of a $27.4 million series B extension3 and the Quantum Brilliance raise of $26 million.4
Quantum computing poses several legal challenges that will need to be considered carefully. These will vary, depending on each organisation's priorities and needs, but are likely to include:
The cybersecurity risk posed by the technology will be significant. It is a matter of 'when' and not 'if' quantum computers will be able to overcome classical encryption protocols.
Cybersecurity practitioners should explore the viability of technical protection measures and other risk mitigation strategies before a quantum computer capable of overcoming current cryptography exists. Otherwise, organisations might risk falling short of statutory and contractual obligations to safeguard data from data breaches and unauthorised handling. Quantum-safe encryption is one countermeasure that might form part of organisations' cybersecurity toolkits to address this threat – however, this is still in its teething stages, with the industry's first quantum-resistant algorithms only being announced by the US National Institute of Standards and Technology in 2022.
While the prevailing wisdom is that decryption capabilities are not expected until the end of the decade, which should afford organisations time to uplift their encryption protocols, researchers in China recently claimed that they can break 2048-bit RSA encryption using existing quantum computers.5 If true, this would drastically affect the risk profile of encrypted data accessed or exfiltrated in the event of a cyberattack. Data could be decrypted in hours, rather than years, if it were to fall into the hands of bad actors with access to quantum computers with this capability.
In view of this risk, cybersecurity stakeholders should prioritise the assessment of their current technological infrastructure to identify necessary improvements. The appropriate course of action will vary depending on each organisation's circumstances, but more proactive action will be expected where the stakes are highest – eg when the relevant organisation is a custodian of extensive or sensitive datasets or critical infrastructure, or relies on technological infrastructure that would require a lengthy runway for any replacement or security uplift.
The new technology presents stakeholders with several interconnected challenges. Quantum computing:
- is a new and evolving technology, and its exact implications are unknown;
- has the potential to amplify problems already faced today in classical computing; and
- requires significant resource investment, which might affect the risk appetite of vendors and customers alike when it comes to issues like cybersecurity, as researchers try to predict the timeline for quantum computing to crack current encryption standards.
The most appropriate time to consider these challenges is when the technology is still in the design and development phase, as this allows for early intervention. Forums for debating, refining and collaboratively shaping actionable governance principles have begun to take shape in Australia and abroad. The World Economic Forum has already established a stakeholder network – with broad Australian representation – focused on the acceleration of responsible quantum computing, culminating in the development of world-first governance principles published in January 2022.6 Here in Australia, the Federal Government's National Quantum Strategy also signals that it will be working to ensure that regulatory measures and frameworks are fit for purpose.
As the legal and regulatory framework for quantum computing is developed to combat these challenges, early input into government consultation by these stakeholders is crucial for the industry to achieve 'privacy by design' and 'security by design' objectives.
The capital and technical inputs required for quantum technology mean that it is often developed through collaborative projects between two or more organisations, such as Microsoft's research and development partnership with Sydney University.7 Organisations should actively consider who will own any resulting intellectual property, how best to protect intellectual property rights and confidential information, and who will share in the upside of any commercialisation activities. Intellectual property considerations should be settled at an early stage in commercial relationships, and before either party invests significant time and capital.
The Federal Government's identification of quantum computing as a critical technology might also affect transaction timelines for investments into or acquisitions of Australian quantum assets, due to the associated Foreign Investment Review Board (FIRB) requirements. Certain transaction proposals might fall within:
- a compulsory notification and approval regime, where the quantum assets constitute a 'national security business' (which will generally arise where the technology will be used or sold for military or intelligence use); and
- a voluntary notification and approval regime for quantum technologies more generally.
These notification and approval processes will need to be factored into transaction timetables (FIRB assessment periods can often span six months or more), and potential foreign acquirers of Australian quantum assets and their advisers will have to conduct extensive analysis of the nature of target businesses and whether the transaction enlivens the FIRB regime.
Steep hardware and financial barriers to entry will mean that most commercial systems will be offered via 'as-a-service' out-of-the-box style offerings, where customers purchase quantum computing time via the cloud. These arrangements will draw heavily from standard-form terms that are already prevalent in the cloud technology sector, which will not afford customers much, or any, scope for negotiation.
Where organisations can afford the cost of entry, procurement strategies will vary depending on the level of collaboration between the parties and what they each bring to the table. These could range from, at one end of the spectrum, straightforward procurement contracts for the development of a bespoke solution for use by the customer, to more collaborative partnership agreements or joint ventures, where both parties provide key inputs and share in the commercial upside of the solution being developed. In each of these circumstances, there might be more scope to negotiate terms – namely, warranties, liabilities and indemnities – to reflect any information and risk asymmetries between the parties.
To navigate this landscape, business leaders should proactively explore how quantum computing can reshape their operations and open new avenues for growth. Failing to do so may result in missed opportunities and falling behind competitors, especially where simulation, optimisation, or machine learning problems are central to your organisation's competitive advantage.
Businesses pursuing clear use cases are not the only cohort that should be paying close attention. Custodians of extensive or sensitive datasets should begin planning a secure transition to quantum cryptography, to safeguard these assets against new cyberattack risks.
Please contact any of the people below if you would like to discuss the issues raised in this Insight, or if you require assistance pursuing a quantum computing opportunity.
See: National Quantum Strategy | Department of Industry, Science and Resources
See: National Quantum Strategy Issues Paper | Department of Industries, Science and Resources
See: New Funding For Quantum Computing Accelerates Worldwide | Forbes
See: Start-up that makes room-temp quantum computers banks $26m | Australian Financial Review
See: Did China Break The Quantum Barrier? | Forbes
See: Quantum Computing Governance Principles | World Economic Forum
See: Microsoft partnership with university taking quantum computing from lab to reality | The Chronicle of Higher Education, University of Sydney