Q-SLICE™ is designed to plug the blind spots in current threat models, so the quantum threat is not overlooked or remain unconsidered. The consideration part will take time with organisations focused on AI other new technology and strategy. Quantum is a far-out technology for most without the understanding or expertise to consider the harm posed by quantum. It may be that an incident or risk due to a jump in quantum becomes the driver for greater focus. In security it is always better to be proactive as opposed to reactive hence starting to develop an easy to use and workable threat model ahead of time, with the time to mature as well. With Q-SLICE™ its categories reflect:
Q-SLICE is broken down into six components:
Quantum Exploitation refers to a class of emerging threats in which adversaries using quantum computational capabilities. Particularly quantum algorithms, to undermine classical security assumptions, breach cryptographic defences and extract actionable intelligence from complex datasets at unprecedented speeds. These threats are not merely theoretical; they represent a paradigm shift in adversarial modelling, requiring a rethinking of both defensive architectures and operational risk.
Subversion of Trust refers to adversarial strategies that target the foundational components of post-quantum and quantum-resilient systems. Particularly those mechanisms assumed to be inherently secure, such as quantum key distribution (QKD), quantum random number generators (QRNGs), and root-of-trust (RoT) anchors. These attacks exploit the implicit trust in hardware, entropy sources, and cryptographic primitives, often bypassing algorithmic strength through manipulation, insertion or compromise at the implementation or supply-chain level.
Legacy Exploitation encompasses adversarial strategies that capitalise on the temporal mismatch between current cryptographic deployments and future quantum capabilities. These attacks are rooted in the principle of harvest now, decrypt later (HNDL) where encrypted data is intercepted and stored with the expectation that quantum computing will eventually render it decipherable. Simultaneously, attackers exploit lingering vulnerabilities in legacy protocols, systems, and infrastructures that have not yet transitioned to PQC, creating a dual threat vector of deferred compromise and immediate weakness.
Integrity Disruption refers to adversarial techniques that compromise the reliability, authenticity or coherence of quantum and post-quantum systems. These attacks target the physical, informational, and perceptual layers of trust—tampering with quantum states. Injecting faults into critical systems and manipulating AI-driven outputs using quantum-enhanced capabilities. Unlike traditional integrity breaches, these threats operate across entangled domains, where disruption can cascade through quantum networks, AI models and human cognition.
Coherence Attacks represent a class of quantum-specific physical and temporal threats that target the fragile stability of quantum systems. These attacks exploit the inherent sensitivity of qubits to environmental noise, timing discrepancies and measurement interference. Undermining the reliability, confidentiality and continuity of quantum operations. Unlike classical exploits, coherence attacks operate at the edge of physics, where minute perturbations can induce catastrophic decoherence, collapse entangled states or leak quantum information through side channels.
Ecosystem Abuse refers to adversarial strategies that exploit the complex interdependencies, transitional fragilities and architectural blind spots within hybrid quantum-classical environments. These threats transcend isolated cryptographic or physical vulnerabilities. Instead targeting the systemic seams between technologies, protocols and organisational layers. As quantum capabilities are integrated into cloud platforms, AI pipelines and PQC modules, attackers gain new opportunities to manipulate, misalign, or destabilise the entire ecosystem.
Qubits is the target IBM aims to achieve by 2025, potentially placing RSA and ECC encryption at real risk.
Of global encrypted internet traffic is vulnerable to quantum attacks if post-quantum cryptography is not adopted in time.
Dollars was allocated by the U.S. Department of Homeland Security in 2023 to accelerate post-quantum cryptography adoption.
Years is the estimated timeframe in which large-scale quantum computers could break RSA-2048 encryption, according to NIST projections.
Jeremy Green developer of Q-SLICE and QUANTA as part of his PhD in computer science. Is also a skilled and experienced security professional with more than 20 certifications across platform, security and DevSecOps including CISSP, CISM, CEH, ECDE and CHFI. He is also an official instructor for ISACA and EC Council and the author of Information Security Management Principles, fourth edition and Security Architecture A practical guide to designing proactive and resilient cyber protection published by BCS.
Author
Jeremy is also the author of BCS Information Security Management Principles Fourth Edition and Security Architecture: A practical guide to designing proactive and resilient cyber protection.
Instructor
Jeremy is an instructor for CompTIA, ISC2, ISACA and EC Council with twenty certifications. He also teachers Ethical Hacking and Digital Forensics on a Foundation Degree and holds a Cert Ed and QTLS.
Security Architect
Jeremy is a security architect supporting the security design and implementation of a large project for Leidos. Undertaking threat modelling, design assessment and stakeholder engagement.
Many organisations will be slow to recognise or respond to the threat posed by quantum computing, particularly in relation to its potential to break classical cryptographic systems. Some of this is due to quantum computing still being widely perceived as an abstract, long-term concern rather than an immediate operational risk.