After years of anticipation, advances in quantum computing are finally beginning to reach commercial applications. Last year, IBM introduced the IBM Q System One, the world’s first integrated universal quantum computing system designed for commercial use. In October 2019, Google claimed “quantum supremacy” when its computer successfully a task in 200 seconds that would have taken a traditional computer thousands of years to complete.
Large-scale quantum computing promises to deliver major advances in processing performance, enabling organizations to rapidly solve problems that had been too complex and time-consuming for “classical” processors. Although this transformative wave of technology is still a few years away, the time to start thinking about the impact is now so we can protect today’s innovations well into the future.
A large-scale quantum computer capable of breaking RSA with 2048-bit keys, or ECC with 224-bit keys — the minimum key sizes used to encrypt and decrypt data today — is coming. Organizations like the National Institute of Standards and Technology (NIST) predict quantum computing could put public-key cryptography (PKI) that is built for today, but planned for use in the future, at risk.
According to NIST computer scientist Matt Scholl, “When quantum computers are a reality, our current public key cryptography won’t work anymore, so we need to start designing now what those replacements will be.”
IT leaders need to know where their cryptography is used in their organization today and have a good system of monitoring and updating it. This is especially true considering the amount of planning and time that transitions to new cryptographic algorithms require of IT.
According to a new survey released by my company, IT leaders agree that the time to prepare for quantum computing threats to PKI and other forms of cryptography is now, not later. They believe the threats to today’s encryption protocols are coming much sooner than some predict, and they do not want to be caught off guard.
In conducting our survey it’s apparent that IT leaders are aware of and anticipating the potential risks of quantum computing to applications across the enterprise, including IoT, although they still may not understand how to fully address the risks.
The Transition To PQC Is Underway
The quantum revolution is picking up speed, and Gartner predicts that 20% of organizations will begin budgeting for quantum computing projects by 2023. The potential security issues associated with quantum computing have motivated enterprises to begin preparing for its arrival.
According to the article “Post-Quantum Cryptography: A Ten-Year Market and Technology Forecast” from Research and Markets, “many more individuals with purchasing authority are expected to buy into PQC over the next five years as they come to understand quantum threats and quantum computer era gets closer.”
In my company’s survey, one-third report that they have a post-quantum cryptography (PQC) budget, while another 56% are working on establishing a PQC budget. Though it’s unclear what they might be using this budget for, most indicated that they are looking to learn more about what to do, so they are not caught off guard when threats emerge.
Nearly 40% of survey participants say it will be somewhat to extremely difficult to upgrade encryption to protect against quantum computer attacks. However, they also believe that the potential benefits will be worth the time and effort. The expected benefits improve crypto-agility.
Crypto-agility is the planning and enablement of an information security system with the flexibility to support the adoption of current and future cryptographic algorithms, without requiring significant system changes. Security systems are considered crypto-agile when their encryption algorithms can be easily integrated and changed.
Getting Out In Front Of Cybersecurity
Quantum computing promises to be a transformative leap in computing power, and the thought of a wholesale replacement of current encryption algorithms is likely daunting for many organizations. Fortunately, with some early planning and proactive action, organizations can position themselves to make the most of the PQC opportunity and mitigate risks, including testing quantum-safe algorithms in their systems today.
The first step toward developing a strategy is to work to build a complete inventory of all the use cases for cryptography in your organization. Having an explicit inventory then allows you to go out and contact vendors about their plans and strategies for the post-quantum era that lies on the horizon, and see how they match up.
Once you’ve received responses from vendors, you can perform experiments and evaluate the feasibility of those strategies in your environment. As you become more aware of potential risks, you can take steps to develop a more comprehensive strategy and a path to move forward, with crypto-agility and good crypto management practices at the forefront.
The dawn of the post-quantum era is upon us, and many organizations and governments are applying R&D resources toward developing this potentially revolutionary technology. Like any transformative technology, commercial quantum computing will be accompanied by plenty of risks. With a proactive approach and a strategic outlook, you can help ensure that your organization’s security posture will keep pace with the changes to come.
This is a syndicated post. Read the original post at Source link .