Preparing to live in a quantum computing world

DigiCert
By Avesta Hojjati
Tuesday, 14 July, 2020



Preparing to live in a quantum computing world

Back in January 2019, IBM turned the global computing community on its head when it introduced the first circuit-based commercial quantum computer, the IBM Q System One. While the full commercial availability of quantum computers is still a way off, many individuals — including those in the IT sector — are excited about the promise of these machines offering solutions to problems that are too difficult for today’s digital computers.

One of the major benefits a quantum computer will provide is the ability to solve problems at light speed via its super coding systems. To put it in perspective, with current technology we estimate it would take a few quadrillion years to crack 2048-bit encryption. A capable quantum computer could conceivably do it in months.

But not all of quantum computing’s promise is for the good.

The US National Institute of Standards and Technology predicts that future quantum computers will (likely within the next decade) be able to break today’s most sophisticated encryption algorithms, leading to profound security issues.

Before that happens, the IT industry will have to develop new cryptographic algorithms — ones that are able to withstand quantum computing threats. This is referred to as post-quantum cryptography, or PQC.

But PQC is only half of the equation. Quantum-safe strategies must also be deployed while manufacturing the products of today, or we will risk greater security problems down the line.

While savvy enterprises around the world are readying for the introduction of quantum computing, a recent ReRez Research Report, commissioned by DigiCert, found that amongst enterprise IT staff there are still many questions to be asked.

PQC confusion

The research found that while seven in ten are ‘somewhat’ to ‘completely’ aware of PQC, less than two-thirds knew the correct definition… demonstrating that while there is widespread awareness of PQC, it is peppered with confusion and needs to be addressed quickly.

In addition, 59% of those surveyed indicated they are currently deploying hybrid (PQC + RSA/ECC) certificates, something that seems unlikely as the availability of PQC certificates is limited to early testing situations.

What is evident is that quantum computing is on the agenda on IT professionals and researchers, and it is influencing their thinking.

The quantum computing threat

Despite the benefits that quantum computers promise to bring to businesses, there are clear and obvious risks that organisations will face from these machines. These include the possibility that all currently encrypted data will at some point become vulnerable, and that therefore the costs of addressing quantum cyber attacks will spiral out of control.

The research found that 55% of the enterprise IT professionals surveyed noted that quantum computing is already a cybersecurity threat today, with 71% saying it will be a ‘somewhat’ to ‘extremely’ large threat in the future.

And what, precisely, does the IT believe constitutes the ‘future’ when it comes to PQC? Surprisingly soon, actually. The median prediction for when PQC would be required to combat the security threat posed by quantum computers is 2022.

With the impending threat closer than many professionals would like to believe, it is no surprise that most (83%) say it is important for IT to learn about quantum-safe security practices.

Preparing for PQC

Beyond learning about PQC, almost all organisations said that they either had a PQC budget or were working on establishing such a budget. In fact, more than half of the enterprises surveyed (59%) said their PQC budget will be ‘somewhat’ to ‘extremely’ large. The funds are divided between consultants, products and staff.

There’s no denying quantum computing is one of the key technologies that will shape the world’s enterprises in the future, alongside augmented and virtual reality and AI. And yet, quantum’s promise is tempered by the risk it poses to cryptography.

It’s now more important than ever for companies to start planning their strategies for securing their organisations for a quantum future, including the following best practices:

  1. Know your risk and establish a quantum crypto maturity model.
  2. Understand the importance of crypto-agility in your organisation and establish it as a core practice — this includes knowing everywhere that crypto is being used in your organisation, how it is being used and having the ability to remediate quickly if there are any issues.
  3. Work with leading vendors to establish digital certificate best practices and ensure they are tracking PQC industry progress to help you stay ahead of the curve, including with their products and solutions.

As the old saying goes, with great power comes great responsibility. With quantum computing set to arrive in the near future, businesses need to be increasingly aware of the power and peril these machines may have depending on how they are managed.

We’re in the excellent position of knowing what the problem is, or will become, and we have the luxury of taking the necessary steps to prepare for it ahead of time, instead of frantically searching for answers once it’s too late.

Avesta Hojjati is Head of Research and Development at DigiCert.

Image credit: ©stock.adobe.com/au/Bartek

Related Articles

Mental health and the culture within IT

There is a culture within the IT world that downplays the importance of maintaining good mental...

ACCC sues Google over user data scraping

The ACCC has accused Google of failing to obtain consumers' informed consent before combining...

AIIA endorses JobTrainer program

The AIIA has welcomed the government's JobTrainer initiative to reskill school leavers and...


  • All content Copyright © 2020 Westwick-Farrow Pty Ltd