Companies that conduct risk assessments need to consider the effect of quantum computing on their information assets today. By 2023 security regulations will change because of updated NIST cryptographic algorithm recommendations that will trigger the first tranche cybersecurity migrations. When fault-tolerant quantum computation is achieved in research labs, the race will start to upgrade security protections against the imminent threats posed by quantum computers.
Quantum computers harness the computational power of quantum systems and offer the ability to solve computational problems previously thought to be intractable. Unfortunately, since 1994 we have known that quantum computers will also break some of the pillars of our cybersecurity infrastructure. This includes breaking factoring and discrete logarithm based public key cryptography, and weakening symmetric key cryptography.
The quantum threat can be mitigated by deploying new cryptographic tools that are believed or known to be resistant to quantum attacks. The transition to quantum-safe cryptography is a tremendous challenge, and the urgency for any particular organization to complete this transition for a particular cyber system relies on three simple parameters.
If x+y>z, then organizations will not be able to protect their assets for the required x years against quantum attacks.
If y>z, then information systems protected by public-key cryptography are vulnerable to systemic collapse.
Depending on the complexity of the system and ecosystem in which the system lives, y can range from several years to decades. Managing the transition proactively will lead to a more robust implementation. In contrast, rushing the transition or managing as a crisis, will not only be disruptive and expensive, it will result in a flawed implementation that is more susceptible to conventional cyber attacks. Thus a proactive approach is critical. Not only must legacy systems be made ready for the quantum future, but also new systems need to be designed to be ready for the threats posed by emerging quantum technology.
The goal of a Quantum Risk Assessment (QRA) is to identify information assets that are potentially vulnerable to quantum threats and recommend mitigation measures, safeguards and controls that can be employed to proactively secure and protect against future threats, particularly quantum attacks.
Director, Quantum Risk Management
John leads our quantum threat and risk assessment business to help organizations understand and manage their cyber security issues. John has worked with organizations in government and industry to assist the migration of their systems and practices to quantum-safety.