Plane crashes, no medicine and mass panic – how a ‘Q-Day’ attack on UK would unfold

ARE WE READY FOR WAR?
Q-day will occur when a state acquires a quantum computer powerful enough to crack the encryption on which modern life depends

Are we ready for war? Welcome to The i Paper’s opinion series in which our writers tackle a grim question that, until recently, few had thought to consider.

• Ray Mears: This is the golden rule of preparing for war
• I’ve seen the state of our weaponry – helping Ukraine has left us exposed
• Our nuclear weapons are no longer enough to keep us safe
• Not enough people want to die for Britain – and who can blame them?
• ‘Little green men’ and ghost fleets: How Russia could drag us into war before 2030

There’s a term for a devastating cyber-attack on a broad range of fronts, hitting all the things that make modern life possible, from banking to the water supply: “the everything, everywhere, all at once attack”. These scenarios sometimes seemed a bit hysterical: the power grid, for example — the first target in any cyber wargame — is difficult to hack into. But advances in quantum computing and artificial intelligence mean that the everything, everywhere, all at once attack will one day be possible. And Britain isn’t ready.

Quantum computers are astonishingly good at some kinds of calculations. They can make all the many wrong answers to break a code fade away almost at once. Ordinary computers have to check every single possibility one by one – they would need trillions of years to crack the so-called public key encryption that locks down the internet. In theory, a quantum machine could do it in a few hours, even a few minutes. Public key encryption is used on every secure web page, every time a password or other secret is sent over the internet. Most of our vital systems are networked. Power, water, transport, banking, manufacturing, healthcare: they would all be vulnerable.

Dr Carsten Stöcker is a German scientist and tech entrepreneur whose company, Spherity, makes “post-quantum” software. He warns that autonomous AI agents, using passwords cracked by quantum computers, would be able to carry out attacks on a scale and at a velocity never seen before. Those who wish us harm – whether nation states like China or Russia, or criminal groups – would no longer be limited by human speed or even the speed of classical computers. “Our life depends on the internet” he tells me. “The security of the entire internet will break. This can be an existential crisis.”

II

So, what could an attack look like?

The day begins with a near miss at Heathrow. Two Airbus A380 passenger jets are told to land on the same runway at the same time. They swerve away at the last moment. A red light flashes on the top of the control tower, a message to all planes: “Do not land.” The London Tube grinds to a halt with signals failures across the network. Traffic lights are green at every road junction. Gridlock. Self-driving cars go the wrong way on the motorways. Container ships run aground on the coast.

The UK’s financial system comes under co-ordinated attack. Forged transactions drain accounts. Online banking freezes, so the first sign of trouble for many is when ATMs don’t work. Crypto wallets are emptied and billions of pounds worth of Bitcoin is sold off, sending ripples through financial markets. The London Stock Exchange suspends trading due to “technical difficulties”. Panicky emails sent out by the Bank of England turn out to be forged. Sterling crashes. Long queues form outside banks.

Hospitals find that all their patient records have been scrambled or encrypted for ransom. Insulin pumps, pacemakers, and other networked devices fail. Blood bank inventories are corrupted, so transfusion matching is impossible. Surgeries are cancelled and hospitals turn away all but the most critical cases. The computers that hold prescriptions fail: pharmacies can’t dispense medicines. The NHS moves back to paper records. The government appeals for international medical assistance.

At the Sizewell B nuclear power station, safety systems receive conflicting commands, sensors give readings that make no sense. They switch to manual control. There are selective blackouts across the power grid, targeting government buildings, the City of London, military bases, and the BBC. Mobile phone networks, especially 5G, go down. The government triggers the Mobile Telecommunication Privileged Access Scheme, giving the emergency services priority. Water treatment plants contaminate the drinking supply. The government tells people to boil their water.

III

The quantum computer that could make all this possible has not yet been invented. Keeping a particle in its quantum state has been compared to balancing a pencil on its tip: one breath of air and it falls. A practical, working quantum computer would have to keep a million pencils balanced and ignore the “noise” from the ones that fall. Many tech companies are racing to do this. There may also be huge, secret state efforts, led by the militaries or intelligence agencies in China, Russia, and the United States – even, who knows, in the UK, too. The future will belong to the country that gets the first powerful quantum computer.

“Q-Day”, as it’s known, will come when a quantum computer is big enough and stable enough to run the algorithms that can break today’s internet ciphers. Britain’s National Cyber Security Centre, the NCSC, is charged with protecting us against what could happen next. The NCSC already has its hands full with conventional cyber-attacks.

Inside the crystalline green glass fortress that is its headquarters in London, there’s serious concern about the “intensifying” nature of these conventional cyber threats. The attack on Jaguar Land Rover earlier this year was the most economically damaging hack in British history. It cost almost £2bn, according to some estimates.

There were also attacks on M&S and the Co-op earlier this year, which cost hundreds of millions of pounds and left supermarket shelves empty. This could be criminal groups holding companies to ransom, rather than nation-states. But a nation-state could use the same techniques to wreak havoc in supply chains for everything from petrol to food.

A source who worked on one of Britain’s secret cyberwarfare programs told me Russia was behind many of these attacks. The Russian intelligence services were using the country’s sophisticated mafiya in a campaign to undermine Western economies. The strategy was to make Russia strong by making everybody else weak, he said. In that sense, we are already fighting a cyber-war.

Most of what’s described as Britain’s critical national infrastructure is in the hands of private companies. Many aren’t protecting themselves properly. British business can be notoriously short-term. Boards focus on profits over the next six months. A senior official told me: “There is a widening gap between the threat and the ability to defend against it.”

And that’s before quantum computing “revolutionises” the technological landscape, as the official put it. There is a solution: ciphers that even a quantum machine cannot break.

The NCSC has published a timetable for “key sectors” of the economy to adopt what’s called quantum-resistant encryption. This plan calls for the next two years to be used to identify vulnerabilities; from 2028, “post-quantum cryptography” should be put into the most important systems; anything else needing a secure connection to the internet should switch over from 2031 to 2035. In this way, the experts at the NCSC hope that Q-Day will be like the Y2K bug – remember that? – not a digital apocalypse.

Dr Chris Erven says this ten-year timetable should be five years or less. He is a former lecturer in quantum computing at Bristol University whose company, KETS, makes chips designed to have unbreakable encryption. BT is testing them in its exchanges now. Dr Erven says the past six-twelve months alone have seen dramatic progress in solving the engineering challenge of making a useful quantum computer, one that can ignore noise to correct errors. “We’re going to be there in a few short years…we’re really not far off. All the stuff we’re using right now is not safe.”

Dr Erven says that whichever country gets the first such machine will probably keep it “secret, in a basement” for as long as possible. “No one is going to shout about the world’s first large quantum computer.” That’s because they could use the digital skeleton key provided by a quantum computer to silently collect the world’s most closely guarded secrets. What does the British state stand to lose? Cutting-edge defence research? The names and addresses of all our spies? Our war plans? The nuclear launch codes? We must assume, or hope, that if these secrets have not yet been protected with quantum proof-ciphers, they soon will be. Even so, it could be too late.

That’s because of what the intelligence community calls “harvest now, decrypt later”. Our enemies are stealing data, even when it’s encrypted, waiting to unscramble it once they get a working quantum computer. No one doubts that China has been patiently accumulating data, ready for the day it might become useful. This is another way in which we are already fighting a cyber-war.

Some secrets don’t age. That’s part of the reason we have the 30-year rule, which delays the release of sensitive official files. If an enemy state’s quantum computer decrypts data stolen from the British government, they would still need to comb through millions of emails and documents. That could take humans months or years, but AIs – so-called large language models like ChatGPT 5 – could do it in hours. A Chinese or Russian LLM could extract and highlight everything that could hurt us most. Running the country, let alone fighting a war, would be impossible. The geopolitical balance would be instantly upended.

We could hit back. Dr Lucas Kello, director of the Centre for Technology and Global Affairs at Oxford University, told me that the UK has a formidable cyber offensive capability. Britain and the US were almost certainly “pre-positioning” malware in the infrastructure of potential enemies. The critical systems of all major powers were probably already mutually compromised – a condition he said could deter outright cyber-war. This is the cyber version of Mutually Assured Destruction.

Your next read

The British government is taking the possibility of cyber warfare seriously. They have created a new Cyber and Electromagnetic Command to lead defensive cyber operations. The National Security Strategy published this year says: “Strong cyber defences are a critical part” of securing our way of life. A Cabinet Office spokesperson said the government was making “the biggest sustained increase in defence spending since the Cold War”. The question is whether this will be enough.

Q-Day might not be obvious at first. There could be a series of apparently disconnected events: an inexplicable plane crash; puzzling interruptions to the power supply; a politician’s reputation destroyed by mysteriously leaked documents. Ordinary citizens, too, might find their secrets put online. People would turn on one another, angry and unsure who to trust.

The age of aerial bombing – and later of the missile – brought the possibility of war to the home front. But bombing a civilian population unites them against the enemy. A cyber war – our secrets used against us – would hit the home front more insidiously. We could be disoriented and demoralised before a shot was fired. Then, both literally as well as metaphorically, the lights would start to go out.