In the ever-evolving landscape of technological advancements, AI has taken over the headlines and discussions around security challenges. But amid this buzz, a major disrupter awaits to turn things upside down.
Quantum computing, with its immense processing power, has the potential for mind-blowing advancements in areas like optimization, drug discovery and AI. Yet it also brings forth substantial risks to cybersecurity.
It threatens the very foundation of how our online world is secured today – an intricate system of encryption protocols and cryptographic algorithms that ensure digital trust.
However, once quantum computers are available, they will be able to break these protocols and algorithms very easily, threatening the confidentiality and integrity of sensitive data transmitted over the internet.
It threatens the very foundation of how our online world is secured today – an intricate system of encryption protocols and cryptographic algorithms that ensure digital trust.
The most significant threat today is that advanced attackers could conduct ‘harvest now, decrypt later’ attacks. This means that malicious actors are collecting and storing encrypted data now with the goal of decrypting the data in the future.
When quantum computers become available, attackers will be able to break current encryption algorithms in a matter of seconds.
This concern is widely acknowledged, with 74 percent of security practitioners surveyed worried about the risks posed by post-quantum computing, according to the study, ‘Preparing for a Safe Post Quantum Computing Future’, conducted by Ponemon Institute.
While experts assume that a stable computer capable of cracking current encryption algorithms will be realized within the next seven to 10 years, with the imminent risk of ‘harvest now, decrypt later’ attacks, it is critical to start preparing now.
To mitigate this risk, a new era of cryptography is underway, known as post-quantum cryptography, or quantum-safe cryptography, and cryptographers are diligently working to develop encryption algorithms that are resistant to quantum computers.
Governments and industry bodies have also initiated measures. In the United States, President Joe Biden signed a National Security Memorandum to mitigate the risks of quantum computing to national security.
Additionally, over the past seven years, the National Institute of Standards and Technology in the United States has led efforts to standardize resilient encryption algorithms, reaching a milestone last August with draft standards for quantum-safe algorithms.
In the Asia–Pacific region, there has also been a welcome acceleration in government planning for a post-quantum world. In June 2023, Singapore launched South-East Asia’s first quantum-safe network infrastructure to help businesses tap on quantum-safe technologies.
The Australian Government also launched the National Quantum Strategy in 2022, which clearly states the three key categories of quantum technology as it impacts our future: quantum sensing, quantum computers and quantum communications.
With the imminent risk of ‘harvest now, decrypt later’ attacks, it is critical to start preparing now.
However, the enterprise world is lagging behind, with 58 percent of companies in the Asia–Pacific region stating that they are unprepared for the security implications of quantum computing, according to the same survey conducted by Ponemon Institute.
In fact, only 19 percent of organizations in the region have a strategy in place to address these security challenges. The main challenge that organizations are facing is not having enough time, with 39 percent believing that they have less than five years to prepare.
Additionally, budget constraints and lack of executive support are cited as significant challenges that IT teams are facing. Almost half of respondents are saying that organizations’ leadership is only somewhat aware or not aware of the security implications of quantum computing.
In essence, while awareness is growing, there is a palpable need for organizations to accelerate their efforts in developing comprehensive strategies, allocating resources and garnering executive support to effectively navigate the cybersecurity landscape of the approaching quantum era.
As governments map a path toward next-generation cryptography, enterprises can also take steps to ensure the integrity of their most important data before quantum decryption opens the door to all of today’s secrets.
As businesses transition their algorithms, implementing a robust strategy backed by senior leadership is crucial. The strategy should focus on crypto agility, or what’s the same, reducing the time necessary to replace current cryptographic algorithms with quantum-safe algorithms.
This can be achieved by maintaining visibility into cryptographic keys and assets and adopting centralized crypto-management strategies consistently across the enterprise with accountability and ownership.
Forward-thinking organizations that have invested in crypto agility will be better positioned to manage the transition to quantum-safe algorithms.
Crypto agility not only addresses long-term issues like post-quantum computing, but also helps to reduce outages, operational costs, and with strategic changes like mergers and acquisitions.
Forward-thinking organizations that have invested in crypto agility will be better positioned to manage the transition to quantum-safe algorithms when the final standards are released later this year.
In conclusion, as quantum computing emerges, the imperative for preparedness cannot be overstated. The disruptive potential of quantum computers demands a paradigm shift in how we approach internet security.
Businesses must rise to the occasion, acknowledging the risks and implementing strategies to safeguard their digital future.
Armando Dacal
Contributor Collective Member
Armando Dacal is Group Vice President APJC at DigiCert, and his vast experience in leadership roles at technology companies provides him with a wealth of knowledge and expertise in the field. He received his Bachelor of Arts degree in International Economics from San Diego State University in 2001 and the following year completed a certification program in the Economics of Blockchain and Digital Assets from Wharton Executive Education. For more information visit https://www.digicert.com/