In its annual Quantum Summit this year, IBM unveiled its most powerful quantum computing processor to date, with 433 qubits (quantum bits). Nicknamed the Osprey, the processor is nearly three times faster than the company’s 127-qubit Eagle processor it unveiled in 2021 and more than eight times faster than Google’s 53-qubit processor, Sycamore. As a next goal, IBM aims to scale up computing power to 4000+ qubits by 2025 to achieve the “quantum advantage.” These breakthroughs signal that mainstream quantum computers might be here sooner than we think.
As the race to build commercially viable quantum computers gathers speed, it is crucial for organizations to understand its potential impact on existing systems and data. While the enormous processing power of quantum computers is said to open up exciting possibilities for businesses, it also poses a serious threat to data encryption and cybersecurity.
All online transactions and communications today are protected through public key cryptography algorithms such as RSA and ECC. These encryption algorithms help protect data both at rest and in transit, regardless of its location and create a safe environment for internet communications. Breaking these algorithms by solving the complex math problems behind them requires massive computational power that today’s computers do not have.
However, when large-scale quantum computers arrive, they will have sufficient processing power to perform complex math calculations within minutes which could break today’s encryption algorithms, especially RSA, with relative ease. That could leave all internet communications vulnerable and exposed. Given this knowledge, a dangerous trend is picking up in the threat landscape. Commonly referred to as ‘store now, hack later,’ the trend involves threat actors harvesting and storing valuable encrypted data today, with the intent of decrypting it in a few years once powerful quantum computers become readily available.
Considering these possibilities and the pace at which quantum is advancing, scientists and leading cryptography experts are hard at work developing a new wave of quantum-resistant encryption algorithms that can help organizations guard their data and communications from quantum-enabled cyberattacks.
Recently, the National Institute of Standards and Technology (NIST) unveiled the first set of quantum computing algorithms designed to withstand quantum computing attacks. NIST’s announcement marked a significant milestone in the journey towards fortifying security for the quantum future.
Biden’s recent memo on quantum computing also highlighted the looming threat and initiated a roadmap for “a timely and equitable transition” of today’s cryptographic systems to quantum‑safe cryptography standards.
In light of these developments, security experts strongly recommend that organizations start preparing now with a sense of urgency to mitigate threats in the post-quantum future.
Becoming Quantum Ready. Where and How to Begin?
As quantum computing matures fast, organizations need to work in parallel on their public key infrastructures (PKI) to build quantum resistance. Here are some key steps you can consider to start laying the groundwork to get your organization ready for the quantum era:
- Assess your crypto inventory
Visibility into your crypto assets is indispensable for data security. As infrastructures today have hundreds and thousands of PKI certificates and keys distributed across multiple Clouds and on-premises environments, it is essential to know where they are and how many. You can start by running a deep network-level scan to discover all the digital certificates used in your organization. Sort them into a central inventory and analyze them for crypto standards and compliance. An analysis of crypto standards helps you determine instances with vulnerable algorithms or protocols that will need to be switched to post-quantum standards and how to plan for it.
- Test post-quantum cryptographic algorithms
As mentioned earlier, NIST has announced a set of post-quantum algorithms this year. While they are set to be standardized in 2024, you can consider these algorithms and start evaluating migration approaches now to make future implementation easier. Testing can help identify potential systemic issues and develop a migration plan to prepare systems for post-quantum cryptography standards to eliminate delays.
- Create an effective migration plan
Updating cryptographic standards is often a complex and tedious activity as it requires a lot of time and resources. Once you have discovered all your crypto assets, develop a migration plan that outlines which instances need to be migrated on high priority, the hardware or software upgrades required for seamless migration, and the policies and procedures to follow throughout the process. With a well-defined plan, the right automation tools, and crypto-agility, migration can be more smooth sailing.
- Team up with your vendors
Work with your third-party vendors to understand their strategy and the measures they’re taking to adapt to a post-quantum future. Your vendors’ readiness to transition to post-quantum standards directly impacts your enterprise security. Delays in updating systems can affect the performance of applications and tools you use and may cause outages and security breaches. Assess vendor capabilities to ensure they support you in your quantum transition.
- Educate your workforce
Getting quantum-ready requires executive buy-in and teamwork. Educate key stakeholders and the relevant teams about the rapid advancements in quantum computing and the security risks it brings. Get application and network teams to collectively perform impact analysis to plan for application compatibility issues, performance fluctuations, and software or hardware upgrades needed. Define crypto policies and procedures to guide the teams on the migration process. The more aware your teams are, the easier it gets.
- Modernize your PKI for crypto-agility
Once NIST standardizes quantum-safe algorithms, today’s algorithms will soon be deprecated. Protecting your data and resources will depend on how quickly you can switch from existing to quantum-resistant crypto standards. This is also referred to as crypto-agility and plays a vital role in the quantum transition. Building crypto-agility requires a modern and adaptable PKI process that provides visibility, centralized management, and the ability to make crypto changes quickly, when needed. Manual PKI and certificate lifecycle management processes work against crypto-agility and eventually slow down the migration. Consider modernizing your PKI through automation. This helps simplify and accelerate the migration process while keeping it secure and compliant.
The Sooner You Act, The Safer You Are.
As the world’s leading technology companies compete to build commercially viable quantum computers in the next five to ten years, security threats get more real. It’s essential to recognize this imminent threat and start preparing for it with a post-quantum security plan when there is still time. Taking a few small steps now can go a long way in helping you build quantum resilience.