Meeting the World Economic Forum’s 3 Changes to Protect Against the Quantum Threat
The World Economic Forum, in collaboration with Deloitte, has published a white paper, Transitioning to a Secure Quantum Economy, warning how organizations must begin to acknowledge the signification risks quantum computers pose and how the time window to act is narrowing.
The influential group warns, “Any organization possessing information that will be valuable five to 15 years from now should carefully evaluate the consequences of its data exposure in future contexts.” Meaning, if you’re an organization with long-duration data that needs protecting you must ensure it is quantum-safe now to avoid harvesting attacks, costly rip-and-replace scenarios, or premature system obsolescence.
In the September 2022 white paper, WEF outlines three changes organizations should take now to protect against the quantum computing threat:
- Building awareness around the quantum threat by educating senior leaders
- Planning and preparing by adopting a quantum-safe strategy that includes a transition roadmap
- Initiating the transition today by leveraging hybrid solutions
This blog post will show how Quantum Xchange and our groundbreaking key delivery system and change-management platform, Phio TX, enables organizations to adopt all three WEF recommendations easily and affordably.
Building Awareness Around the Quantum Threat by Educating Senior Leaders
WEF acknowledges there’s often an awareness gap that exists between technologists, cybersecurity executives, and executive decision-makers and that this gap must be mended through education and leadership buy-in. In January 2021, Quantum Xchange launched an award-winning awareness campaign we called “Get Quantum Fit,” meant to identify change-agents and arm them with the information needed to improve quantum literacy and enact change within their organization.
The campaign is still applicable today. If you’re a cybersecurity professional, especially those responsible for the security of long-duration data, we encourage you to improve your quantum literacy, set an organizational plan for quantum readiness, and take action. Begin with the two-minute self-assessment here: https://quantumxc.com/self-assesment/
Planning and Preparing by Adopting a Quantum-Safe Strategy that Includes a Transition Roadmap
Under this recommendation the WEF encourages organizations to create initial transition plans and roadmaps and embrace crypto-agility. Quantum Xchange agrees crypto-agility is good, but not nearly enough and here’s why.
Crypto-agility is reactive. The swift changing or swapping of encryption algorithms happens only after a breach occurs or vulnerability is found. It’s impossible to know or predict with certainty which algorithm will crumble, when, and how. And, unlike ransomware, cyber espionage is a silent practice with no warning signs given to confirm eavesdropping is taking place and that new countermeasures should be taken.
Organizations should augment crypto-agility with proactive crypto-diversification. But what is crypto-diversification exactly and how does it differ from crypto-agility or defense-in-depth countermeasures? Crypto-diversification looks to history and assumes all math-based encryption will eventually weaken or fail over time. Like defense-in-depth, crypto-diversification embraces a multilayered defense strategy, encouraging a mix of asymmetric, symmetric, and quantum-based encryption methods throughout every layer of the crypto stack for optimal protection. But unlike defense-in-depth that relies on the same cryptographic and authentication approaches at every layer, crypto-diversification enabled by Phio TX from Quantum Xchange breaks the crypto monoculture that exists and removes single points of failure in cryptography.
Stacking multiple encryption techniques helps keep data traveling securely even if a flaw is uncovered in one of the encryption layers. Organizations won’t always know which part of a crypto stack has been defeated and how, but it won’t matter if the cryptography is sufficiently diversified. Proper security defenses must be diversified at every layer to remove as many points of failure as possible. This is true today and in the quantum future.
Initiating the Transition Today by Leveraging Hybrid Solutions
As the industry awaits NIST to finalize the post-quantum cryptographic standards, expected to be published by 2024, WEF points out that organizations might be hesitant to adopt solutions that have not been standardized but want to test the impact this might have on their ecosystems. Many are turning to hybrid mode or integrating both classical and quantum-ready solutions. But be warned, hybrid key exchange may be fraught with performance issues and implementation errors – single points of failure crypto-agility won’t solve.
Instead, organizations should practice crypto-diversification (for all the reasons discussed earlier) and deploy a future-forward crypto policy management that:
- Introduces redundancies in the cryptographic stack, including algorithms, their implementations, and key delivery.
- Removes single points of failure common to modern-day encryption practices, i.e., software bugs, weak entropy sources, poor programming skills, implementation errors, etc.
- Utilizes a change-management platform to ensure enterprise crypto management evolves in lock step with the shifting threat landscape and as business requirements change.
With a crypto policy management platform like Phio TX, organizations can practice hybrid key exchange with none of the performance or implementation disappointments and no matter which quantum-resistant algorithms are finalized as standard.