In 2022, the National Institute for Standards and Technology (NIST) announced its shortlist of quantum-safe encryption algorithms and standards designed to resist the threat of quantum computers. 48 hours later, one of the finalists broke using a conventional computer – no qubits required!
Cryptography is complex, always changing, and difficult to manage. This will only intensify as the quantum era nears and legacy encryption must be replaced with NIST approved, Post- Quantum Cryptographic (PQC) algorithms that carry their own set of challenges, risks, and uncertainties.
To help organizations as they navigate through their quantum preparedness journey, Quantum Xchange published the popular eBook, The Great Crypto Migration. In it, we outline the three pillars of a successful post-quantum migration and quantum-safe cybersecurity architecture build – Awareness, Anticipation, and Advantage.
In this three-part blog series, we’ll share excerpts from the book beginning with Awareness. Please enjoy!
There’s lots of confusion and varying points-of-view on when a quantum computer will be available to break modern-day encryption standards, how best to prepare, and when to start. The World Economic Forum suggests that to overcome this awareness gap, the global business community, and those responsible for the security and integrity of our systems, should start to build quantum literacy at the board and CEO level. Conveying to leadership and non-technical stakeholders the severity and immediacy of the post-quantum crypto migration is a critical first step. Faced with competing priorities, they may otherwise fail to understand why this issue deserves immediate attention and investment.
Some might recall the significant efforts in preparation for the Y2K rollover. General market awareness and public pressure encouraged technology vendors, commercial and private businesses, and government agencies to each do their part to prepare and upgrade their systems in anticipation of the Y2K bug. As a result of this heightened awareness, the widespread failure of the global computing infrastructure was avoided, and fallout was limited to a few small incidents.
Organizations should engage their community and each stakeholder group to help foster quantum literacy and develop an organizational understanding of PQC and technology readiness levels. Build awareness at the board level down to procurement teams, incorporating quantum-safe priorities and requirements into requests for proposals, product iterations, vendor relationships, network infrastructure upgrades, customer deployments – you name it!
Actively participate in industry groups, consortiums, and standards bodies like the QED-C, Quantum Alliance Initiative, and the Quantum Industry Coalition, to help leadership and team members remain engaged and informed on evolving risk profiles, potential solutions, and proven best practices.
Identify technology partners like Quantum Xchange who have experience with large-scale enterprise deployments and offer next-generation, quantum-safe crypto solutions that are practical, affordable, and scalable. This will help take the fear, anxiety, or reservation out of quantum preparedness by having an expert resource to lean on and access to a product built for resiliency, that doesn’t require a PhD in quantum physics, and can be easily deployed across your crypto infrastructure today.
Not sure where to begin? Quantum Xchange has built a robust quantum literacy program to help IT security professionals, especially those responsible for protecting long-duration data, become agents of change within their organizations. Get started here.