Secure Your Company’s Cyber Strategy Against Quantum Computing
Quantum computing is being touted as the next frontier in IT, finance, healthcare and other industries because of its potential to quickly solve problems that could take supercomputers thousands of years to work out.
While this has the potential to bring about advances in all fields, it will also lead to today’s cryptography falling apart, rendering all data untrustworthy. This puts networks and distributed systems under tremendous pressure.
Quantum computing is still very much in its infancy, although growing at a steady pace. Given the possible repercussions, businesses have little choice but to take measures to strengthen their cybersecurity against quantum computing.
Quantum security or quantum-resistant algorithms
The US National Institute of Standards and Technology (NIST) has been engaged in researching quantum-safe cryptography for many years. But standardising post-quantum cryptography (PQC) is difficult because “it is infeasible to solve the problem with the currently available computing resource.”
As the NIST continues to “explore the impacts to cyber security and identify potential quantum “unknown” attacks to infrastructure, network, terminals, and data”, it’s in the process of evaluating 69 potential algorithms for PQC. Such as the Quantum Key Distribution (QKD) that uses the properties of quantum physics to transfer quantum keys between endpoints.
How to prepare for the post-quantum cybersecurity apocalypse
In 2015, the NSA directed that companies should “act now” to protect themselves against quantum computing security threats. World-renowned cyber security expert Prof. Sadie Creese says, “Enterprise leaders are among the first who will need to make judgments on the materiality of the quantum risk to their business and decide when and how to act.”
Dr. Ali El Kaafarani, a researcher at the University of Oxford and CEO of PQShield, a company that specialises in PQC, outlines a few steps that every business should follow to protect themselves against the quantum risks to cybersecurity:
Start talking about quantum literacy early so that everyone in your business grasps the severity of the threat. Identify the risks specific to your organisation, what such an attack would look like and the respective costs to your business.
Conduct a thorough audit of where in your organisation you’re using cryptography, what data you’re protecting, which cryptography standards you’re using and where you’re most vulnerable.
Chalk out how data is moving in your business because that’s when data is most vulnerable. Businesses in finance or healthcare will also have industry-specific regulations and privacy laws to keep in mind.
Start planning the migration to a quantum-resilient cybersecurity architecture, keeping in mind the time and resources it will take to complete. Depending on how crypto-agile your current cybersecurity solutions are, you may need to rewrite everything or make straightforward switches.
By early 2022, NIST will finalise the post-quantum encryption standards, but they have already announced the finalist algorithms. Dr. Kaafarani says that businesses could easily start designing their cybersecurity infrastructures to work with any of those shortlisted algorithms. According to him, a hybrid solution that pairs your existing solutions with post-quantum cryptography could provide the most flexibility.
Every business leader needs a foundational understanding of quantum computing and what measures to take to keep their organisations safe. It’s a topic you can explore in the Oxford Cyber Security for Business Leaders Programme, which is designed to help executives keep their businesses cyber resilient.