Faster development of vaccines and green battery technology, as well as deeper analysis and faster trading in financial markets – these are just some of the benefits that countries in Asia and the Pacific hope to achieve with the introduction of quantum computers. In China, the government has allocated US$10 billion to build the National Laboratory for Quantum Information Science in 2020. In Singapore, they have launched the National Quantum Computing Center and the National Quantum Secure Network. Acceleration in quantum computing has come leaps and bounds, and businesses are already anticipating the future of quantum manufacturing.
While quantum computing will bring massive change and value across various industries, it also brings new and far more dangerous threats. Quantum computing could drastically reduce the time it takes to break the strong cryptographic algorithms we rely on today—potentially from decades to minutes.
While cybersecurity leaders might think they have time to prepare, the post-quantum era has already begun—and many companies are not currently equipped with such developments.
According to a study by (ISC)², the global cybersecurity workforce needs to grow by 65% to effectively prepare and defend against cyber threats. It is difficult for security teams to manage everyday cyber threats, let alone prepare for those that use quantum technologies. The same study also highlights that this is particularly dire in the APAC region, where there is a cybersecurity workforce shortage of 1.42 million. There is an urgent need for organizations to prepare for the quantum computing era – and the sooner they start, the better.
The need to adapt and achieve crypto agility
Advances in quantum computing threaten the integrity of traditional asymmetric encryption algorithms. Protocols such as the RSA algorithm, elliptic curve cryptography, and finite field cryptography will no longer be able to defend against such brute force attacks. Organizations will need to adopt other methods to ensure the security of their data.
The migration to quantum-resistant algorithms will take years to integrate into existing systems and processes. To make matters worse, the opponents already have a head start. Many began collecting and storing encrypted data, waiting for quantum computers to gain enough power to crack the algorithms before launching attacks.
Organizations therefore need to achieve crypto-agility – the ability to change, improve and destroy cryptographic assets to successfully deal with such threats.
It’s not too late to prepare for the post-quantum era
There are four steps organizations must take to achieve crypto-agility:
- Take inventory
- Prioritize data
- Test
- Plan
First, companies need to know what cryptographic assets and algorithms they own, as well as where they are located and what they are used for. A comprehensive view of all data and keys minimizes room for error, enabling more efficient and effective decision making.
Second, once companies know what and where their data is, they need to prioritize it. By categorizing data according to its value and level of risk, organizations can decide which needs to be migrated to post-quantum cryptography first.
Third, organizations need to start prototyping. The National Institute of Standards and Technology (NIST) has selected four quantum-resistant cryptographic algorithms that companies can use to test their data security and prepare for upcoming threats.
Finally, companies need to develop a post-quantum crypto strategy and involve their suppliers in the process. With a structured plan detailing the migration process, organizations will be ready to embrace post-quantum cryptography and adapt to the new technology era.
As we move towards the quantum age, organizations will inevitably face challenges in maintaining their security standards. What’s more, cybercriminals have already started taking steps to take advantage of its instability during this transition period.
It’s time to start migrating to post-quantum cryptography. Organizations therefore need to work with trusted vendors who can help them achieve crypto-agility and seamlessly adapt to this new era of technology and threats.
