Five Steps to Prepare Security for the Quantum Era
(WSJ.CIO Journal) Currently, the National Institute of Standards and Technology (NIST) is working to standardize postquantum, public-key cryptography algorithms that can be used to develop systems that are secure against both quantum and traditional computers. It plans to announce the standardized results by 2024. One report6 from the World Economic Forum estimates that 20 billion digital devices will need to be upgraded or replaced with postquantum cryptography in the next 20 years.
This is not a simple switch or patch, because cryptography is entrenched across the enterprise—including in physically remote systems. For example, migrating to postquantum cryptography will affect the performance requirements of microprocessors that are embedded in ATM machines, TV set-top boxes, point-of-sale systems, smartphones, and a host of other devices and systems.
In addition to leveraging the NIST standards and migration recommendations, business leaders can take several actions to ready their organizations for the security implications of quantum computing.
1 Build awareness of quantum’s security risks. Understand the risk quantum computing poses to existing cryptographic and encryption systems. Extend this awareness to other business leaders7 at the board, C-suite, and operational level to gain broad support for investing in a quantum-safe cryptography infrastructure.
2 Take a fresh approach to cryptographic governance. This mindset shift can result in a flexible, dynamic cryptographic infrastructure that’s more capable of fluidly evolving with enterprise, industry, and technology security challenges and requirements.
3 Assess the enterprise’s readiness to become crypto-agile. A refreshed approach to cryptography can enable a more crypto-agile organization—that is, one that can efficiently update cryptographic algorithms, parameters, processes, and technologies to better respond to new protocols, standards, and security threats, including those leveraging quantum computing methods.
4 Engage with the quantum security ecosystem. Monitor the development of NIST’s postquantum cryptography standards and solutions and understand and evaluate the recommended migration approaches. Engage in public-private and industry ecosystem relationships to stay aware of developments.
5 Practice good cyber hygiene. As always, be proactive about managing and reducing cybersecurity risks. Establish and maintain strong foundational cybersecurity principles and practices and situational awareness of data, infrastructure, and other assets.
NOTE: Content for this article was furnished by Deloitte and summarized here by IQT-News.