Unless you live under a rock, you’ll know that quantum computers will break the cryptography we use today in as little as 10 years. Unfortunately, most analysis on this topic is simplistic. The quantum threat is described as though a day will come where quantum is unleashed and all systems will be broken at once. This is far from the truth.
As a CISO, it’s important to develop a nuanced understanding of this critical topic. You certainly don’t need to panic, but you need to form a plan that’s based on your business, with all its idiosyncrasies. Your peers in other companies should be doing the same thing; however, their plans will look different. There is no generic answer to the quantum threat.
In reality, the threat will materialize slowly. The first machines able to run Shor’s algorithm will take weeks to break an RSA key. Only the highest value targets will be considered for attack, given the immense cost expected for that amount of computation. Over time, more machines will be capable of breaking keys, and the cost and time associated with the task will reduce dramatically. Eventually, anyone will be able to perform this attack within minutes for minimal cost.
Your goal as a CISO is to assess your risk over this unknown time frame. Do you process data so sensitive that you’re likely to be among the first targets? Is some of your data more valuable than the rest? What about the lifetime of the data — how long does it need to remain secret? These are all questions to consider as you create a pragmatic plan to address the quantum threat.
Understand the Status Quo
At a recent conference, I heard a law firm describe its response to a major cyberattack. During the confusing first days, the company was desperate to assess whether its critical data was safe. Yet the respondents realized they weren’t sure what data mattered most. Eventually they concluded their client data was more important than the rest of the business combined. This shaped the firm’s subsequent decisions and accelerated its response time.
Ideally, you would reach these conclusions before a major cyberbreach. And certainly, you must understand your business priorities before you plan your post-quantum migration plan. CISOs need to develop an inventory of every system that describes:
- The business importance of the data.
- How cryptography protects the data at rest and in transit.
- How long the data needs to remain secret.
If you already have this data in hand, congratulations — you’re unusually well-prepared. For most CISOs, however, this information is patchy, at best. Understanding the status quo is the critical first step in your migration.
Next comes the difficult piece. With your pragmatic hat on, you need to decide the order in which to migrate your systems to post-quantum algorithms. You can’t change everything at once, and it’s likely to be years between the time your first systems are migrated and the last.
Your highest priority should be long-term sensitive data that is transmitted across the Internet. This includes health data, government secrets, client data, and intellectual property. This data is especially vulnerable thanks to an attack sometimes known as “hack now, decrypt later,” in which attackers record encrypted transmissions to decrypt in the future using a quantum computer.
If your company develops physical devices, such as in the Internet of Things (IoT) industry, you will need to pay particular attention to migrating roots of trust toward post-quantum algorithms. Devices that are expected to remain secure for 10 or more years are definitely at risk from fraudulent firmware once the quantum threat arrives.
This is the hardest step in the migration process because it’s unique to your business. But it’s worth doing correctly so that you allocate resources appropriately. This process also highlights the vendors you need to work closely with, as they migrate their own systems to post-quantum protection.
Once your migration plan is in place, the next step is to perform testing to understand the impact of shifting your systems toward post-quantum algorithms. The new post-quantum algorithms behave differently than the algorithms we use today, and it won’t always be a simple task to pull one algorithm out and replace it with another.
Even with the recent NIST announcement of its initial quantum-resistant algorithm candidates, post-quantum algorithms are not yet standardized, and it may take until 2024 until that happens. Use this time wisely to understand where you need to invest additional resources to cope with the changes that lie ahead.
Take the Chance to Build Better
Whenever I talk about quantum, I find the conversation quickly drifts to the quantum threat. However, I encourage people to think positively about quantum technology and even the quantum threat itself.
Responding to the threat will require an immense upheaval of systems, similar in scope to the Y2K challenge. This is a rare opportunity to touch each of our systems and change them for the better. It’s certain that this algorithm migration won’t be the last one we have to conduct. Let’s use this opportunity to build crypto agility into our systems, so the next migration is far less painful.
And while we are rebuilding crypto systems, we should explore how we can build on firmer foundations. This is where quantum technology has a role to play. As we look to a future where threat actors have quantum computers as a weapon, we should look to defend ourselves with the same amount of power. Quantum is a dual-edged sword, and we should ensure that, as defenders, we are ready to wield it for protection as well.