Alex - stock.adobe.com
A post-quantum security world sounds scary. Quantum computers are projected to break many of the cryptographic standards that have adequately protected data for decades.
While companies don't need to hit the panic button over quantum quite yet -- it will likely be decade or more before the technology is ready -- that doesn't mean quantum should be ignored.
President Joe Biden signed two quantum computing presidential directives in 2022, signaling the time is now to figure out how to handle the emerging technology. The directives call for the creation of quantum-resistant cryptographic standards -- a task NIST has been busy with for more than half a decade -- and preparing federal agencies to adopt these future standards.
Companies need to figure out how they will be affected once quantum computing arrives, which may call for better data protection now or preparing for post-quantum cryptography (PQC).
The quantum security worry
The major concern with quantum computing is how easily it will crack data transmission cryptography algorithms. The asymmetric RSA algorithm, for example, which is based on integer factoring and provides sufficient security on classical computers, will be breakable on quantum computers.
Attackers are aware of this issue and have begun to do what is known as data scraping -- collecting encrypted data in hopes it will be useful later. Because storage is cheap, attackers are harvesting encrypted data now to crack once quantum computing matures.
How to prepare for PQC security
Heather West, research manager at IDC, is also advising organizations to start looking at quantum. "Piecemealing it together now is going to be a lot easier than suddenly going, 'Oh my goodness, the technology is here, what do we do?'" she said.
To prepare and make future transitions easier once PQC becomes standardized, companies should consider the following three steps.
1. Inventory and classify data
This step involves reviewing data and deciding what is considered sensitive. Conduct a data inventory to understand what data your company has and its data classification to understand what data needs which protections.
Be sure to consider what data needs stronger protection now in terms of the data scraping threat.
"What data is OK four years from now that I am not worried about someone scraping?" said Christopher Savoie, CEO of Zapata Computing. "On the other hand, what would I be worried about for years?" Such data could involve corporate or trade secrets and other business-critical information. Take the appropriate actions to ensure data is safe now and in the future.
2. Understand future exposure
With data inventoried and classified, consider how data is currently protected and whether it will be at risk once quantum computing arrives.
"Organizations should start looking at their potential exposure to understand what their reliance on cryptography is," said Colin Soutar, managing director at Deloitte & Touche LLP. "It might be deeply embedded in third-party tools; it might be proprietary, transactional capabilities. You need a sense of where cryptography is embedded into your systems and how data is being protected."
Soutar noted that examining cyber hygiene around current data could help beyond preparing for PQC.
"Even if you end up doing nothing around the potential future quantum risk, maybe you identify SSL certificates that are outdated or something else that is more perfunctory and needs to be updated," he said.
3. Create a mitigation strategy
With data inventoried and potential exposure understood, the next step is to create mitigation groups and mitigation strategies.
"Using a mitigation group, start looking at what policies and procedures need to be in place for when the inevitable happens," Savoie said.
This should include a data security policy, incident response plan and business recovery plan, at a minimum. This step also involves assessing what company data might already be exposed and stored by attackers and determining how to handle that situation. Next, organizations should look at the critical data they have stored now and decide whether it needs additional layers of encryption to protect it.
Symmetric encryption, commonly used by organizations to keep stored data secure, won't be largely affected by quantum computing. Grover's algorithm, which demonstrates how quantum computing will quadratically speed up database searches, has shown it halves the time needed to break symmetric encryption. NIST therefore recommends organizations use at least AES-192 or AES-256 to encrypt stored data.
Data in transit, however, is at risk of being broken by quantum computing. To counter this, organizations will need to adopt PQC encryption standards to replace asymmetric algorithms. NIST is evaluating several options, two of which -- SIKE and Rainbow -- were easily defeated by classical computers, so stand no chance against quantum computers. NIST is still evaluating seven potentially viable options.
Handling asymmetric encryption changes plays into the last aspect of mitigation, Savoie added. This means organizations need to start thinking about how to remain crypto-agile.
"As standards change going forward, we need to ensure infrastructure is in a place where we can actually adapt to new threats and new technologies to mitigate those threats," Savoie said. "Getting your systems crypto-agile and forward-compatible to new standards takes time and is something you need to start working on now."
PQC implementation options
Three options have been bandied about as experts work to figure out the most effective PQC option for quantum security preparation.
First, follow NIST's research and consider any algorithms it vets. Currently, four primary finalist algorithms remain uncracked and potentially viable. Three additional algorithms also are being studied for viability.
Another option is quantum key distribution (QKD), which uses quantum mechanics to securely exchange encryption keys. Data encrypted via QKD creates a random quantum state that is difficult to copy. Many QKD protocols can also detect eavesdroppers. The National Security Agency, however, has stated this option is not viable on its own as it now stands.
A third option is to combine PQC encryption standards and QKD, suggested Rik Turner, principal analyst at Omdia. This would make it more difficult for attackers, he noted, because they would need to break through both encryption and QKD to access data in transit.