Last year NIST concluded a nearly decade-long competition to develop new algorithms to protect from quantum attacks. With the passing of the Quantum Computing Cybersecurity Preparedness Act into law, the algorithms are expected to see broader deployment by federal agencies in 2023, with commercial industry soon to follow.
But encryption is broken all the time. Even these new quantum-safe algorithms aren’t foolproof. SIKE broke, Rainbow broke, the Chinese say they can break RSA – uncertainties abound. Meanwhile, cybercriminals are already exfiltrating encrypted data in harvest now, decrypt later attacks.
In its new report published mid-January 2023 titled, “Security in the Quantum Era,” IBM institute for Business Value argues that quantum computing poses an “existential risk” to encrypted data stressing, “the risk is real, the need is now” encouraging organizations to take immediate action toward quantum safety (something Quantum Xchange has been saying for years).
2023 is the time to Get Quantum Fit. What does that mean exactly? It’s time to build your quantum literacy muscle, set an organizational plan for enterprise crypto management, and act. When evaluating security priorities for 2023, consider these factors:
- The popularity of digital transformation and the new work from anywhere (WFA) normal has accelerated the adoption of cloud-hosted services and the replacement of legacy infrastructure with SD-WAN. Any organization deploying a network infrastructure today should ensure it is quantum-safe now or risk its premature obsolescence.
- History shows cryptographic transitions can take years, even decades to complete which is why NIST warns another 5–15 more years will be needed after the publication of the cryptographic standards before a full transition is completed.
- All math-based encryption standards are subject to advances in mathematics and computing power that will eventually weaken or outright break the cipher.
- There is no guarantee that the crypto standards selected will not be broken by adversaries or vulnerable to implementation errors. It’s already happened!
- A quantum computer may be available before full migration is complete, leaving critical data exposed to “harvest today, decrypt tomorrow” attacks happening now.
- Significant risk exists in cryptography outside of the crypto algorithms themselves, i.e., software, weak passwords, poor security hygiene practices, skills shortage, etc.
To Get Quantum Fit in 2023, we recommend the following steps:
- Complete the 2-minute assessment to determine your baseline understanding of the quantum threat and its potential impact on your organization.
- Read the suggested materials provided post assessment to fill any knowledge gaps and help you improve your overall quantum literacy and develop a policy-driven crypto management plan that includes quantum-risk mitigation.
- Establish a crypto center of excellence (CCoE) staffed by internal experts responsible for having a complete inventory of crypto and keys used and stored in the enterprise. Identify what protocols and algorithms are used by what servers and software.
- Modernize your outdated security systems by building in a dynamic quantum layer to your infrastructure that includes a crypto change-management platform that can easily keep pace with evolving business requirements and policy controls across the enterprise.
- Embrace cryptographic lifecycle management by practicing crypto agility and deploying redundant countermeasures to diversify away risk – a mix of classic and quantum-safe crypto.
- Combine today’s proven and certified cryptography with tomorrow’s quantum-safe encryption by implementing NIST-backed PQC algorithms and a FIPS 140-2/3 validated key delivery and management system like Phio TX.
- Understand the quantum-crypto strategy of your partners to ensure they too are quantum fit in 2023. Add the requirements for crypto-agility and a software bill of materials in your purchasing process.
Don’t be caught flatfooted and unprepared for what’s ahead (or has already happened). Quantum Xchange can help your organization embrace crypto-agility and manage your crypto lifecycle, policy creation, and control in 2023 and well into the quantum future.
