Why businesses need to address quantum computing risks NOW rather than waiting for problems to arise

There is no doubt that quantum computing will eventually undermine the security of most current encryption systems and, therefore, make almost all data currently protected by the use of encryption vulnerable to exposure.

What remains uncertain, however, is when the day of so-called “quantum supremacy” will arrive.

As such, many organizations have been hesitant to start preparing for the quantum age – after all, they reason, there are enough fires to fight now and limited resources to do so.

But quantum supremacy isn’t something that can be tackled when it becomes a fire – if we don’t start protecting ourselves until anti-encryption devices are known, we risk serious consequences. Such an attitude is not alarmist, it is the reality, whether we like it or not.

Remember that quantum computers already exist. And, while today’s commercially created quantum machines are nowhere near powerful enough to approach quantum supremacy, absolutely no one knows the true extent of the quantum capabilities of every technologically advanced government around the world.

While no government can already quickly crack the asymmetric encryption mechanisms used to protect so much of our digital economy, the public has no way of knowing when governments are getting such capabilities. Unlike commercial sector R&D centers, intelligence agencies are certainly not going to broadcast anything about their achievements and advancements. In short, audiences are unlikely to know when Quantum Supremacy will arrive long after it does.

Another important reason why we need to address the risks of quantum supremacy well in advance has to do with the nature of the data.

Unlike computer hardware and software that are regularly replaced as they become obsolete, data often remains in its original form for many years, even decades. As such, one cannot simply approach the obsolescence of the encryption algorithm prospectively – all of today’s sensitive data that is currently protected by encryption will likely need to be identified, decrypted, and re-encrypted with a quantum-safe encryption – and all copies of the original data in all stores in which it resides – must be properly destroyed.

Identifying, locating and converting all the data that needs to be converted can be a relatively easy task for an individual to accomplish, but for a large enterprise simply identifying and locating the data, let alone its conversion, is a task that can be complex, time-consuming, expensive and error-prone.

And, of course, the consequences of insufficiently locating and protecting old data can be catastrophic; a single long-forgotten laptop, ZIP disk, backup CD or tape – or even an old floppy disk! – could potentially lead to terrible financial losses, legal headaches and ruined reputations. Organizations that have used encryption to protect health information in their possession, for example, could become gross HIPAA violators and face stiff penalties for simply allowing existing backups to remain in facilities as is. of storage.

On that note, we must realize that at some point in the future, even before anti-encryption quantum computers hit the market, geeks will consider it gross negligence to encrypt data with known algorithms to be vulnerable to quantum compromise. Imagine the reaction of customers, media and regulators if IBM announced that it would deliver a quantum computer breaking encryption in 6 months, and the cybersecurity professionals working in a bank reacted by saying that they would wait for the device arrives on the scene. update their encryption mechanisms? And, again, we won’t even get a 6 month warning – or any warning at all – if, as expected, governments reach quantum supremacy before industry.

Clearly, action must be taken in advance – and action takes time. For most organizations, the transition from current encryption technologies to quantum-safe encryption mechanisms will likely be a more complex, expensive, and timely process that many people expect to take, in some cases, even years to plan. and run correctly. As such, despite the fact that today’s known quantum computers are far from ready for prime-time encryption circumvention, we may already be behind in preparing for the quantum supremacy; it is possible that we have already reached a point where it will take the world longer to completely replace its existing encryption mechanisms and re-encrypt its data than it will take for anti-encryption quantum computers to arrive on the scene

Another important note: Sensitive information that is relayed and stored today may remain sensitive in the future, including after quantum computers render current encryption powerless. In 2022, for example, people around the world who bank, shop, chat and use social media online rely on encryption known as TLS to prevent anyone from capturing and viewing communications traveling over the unsecured Internet as network traffic. Quantum computing, however, will eventually render current TLS powerless; if someone records encrypted sessions as they pass over the Internet now, that party may be able to decrypt those sessions in the future and expose all relevant content. In short, any data captured now can potentially be decrypted and exposed tomorrow; the photos you just sent to your romantic partner via WhatsApp, your recent blood test results, and your credit report you accessed over the weekend could all leak. With such inexpensive storage, various governments – and perhaps corporations – are actually collecting and storing massive amounts of data – and who knows how they will use that data once quantum supremacy arrives. Ultimately, if we really want today’s communications to remain secret for years to come, we must already use quantum encryption to protect it.

Finally, keep in mind that while adding more transistors to today’s mainstream processors increases processing power linearly, quantum computing capabilities increase exponentially with physical system growth; as such, our human experience of observing advances in technology likely misleads us into grossly underestimating the speed at which quantum computing can advance. IBM’s recent forecast of its quantum capabilities growing from around 1,000 Qubits next year to over 4,000 Qubits 2 years later, to potentially hundreds of thousands of Qubits soon after, clearly reinforces the concern. regarding rapid growth offering quantum supremacy to the market in the not so distant future. coming.

Experts have already identified several encryption methods that we believe will remain immune to quantum cryptanalysis for the foreseeable future – but these technologies are barely exploited in the commercial sector. Rather than trying to make do once we have an unsolvable problem, it would be wise for us to start planning to increase our encryption as needed. NIST has already begun whittling down its list of recommended ways to address quantum risks for encryption — and products have already hit the market that allow companies to initiate such transitions.

This post is sponsored by FerCAP™. Please click the link to learn more about IronCAP’s patented methods to protect data not only from today’s cyberattacks, but also from future attacks from quantum computers.

Sherry J. Basler