Page 157 - Cyber Defense eMagazine January 2023
P. 157
China already committing $10 billion investment towards its development, the threat they pose to
encryption is no longer a question of if, but when.
Quantum computers are a rapidly emerging technology that harnesses the laws of quantum mechanics
to solve problems too complex for classical computers. Through this new computational model, quantum
computers will be able to break all current public key encryption used ubiquitously today.
The risk is rapidly becoming a major concern for policy makers: the G7, led by the White House, recently
included the quantum threat in their key 21st Century challenges.
From a risk perspective however, independent of how quickly this emerging technology is developing,
what makes the threat even more dangerous is that quantum attacks, namely the “Harvest Now. Decrypt
Later (HNDL), can be carried out retrospectively. This means that an institution can be targeted today
with a ‘harvest now and decrypt later’ attack. Threat actors have the capability of harvesting encrypted
sensitive data from across sectors and levels including financial information, national security intelligence
and business and consumer data and then storing this data for decryption at a later date.
It is this fact that demands an urgent response from the cybersecurity community. Security is about
identifying and mitigating risk: the longer businesses delay replacing exposed encryption with post-
quantum cryptography, the greater the quantity of data will be exposed.
What do the NIST standards mean for businesses?
There is growing recognition of the need for businesses to prepare for this new and sophisticated threat,
especially to the cyber systems that our critical infrastructure and democratic institutions rely on. The
primary purpose of the NIST process was to identify a robust suite of encryption that businesses could
trust and utilise in defending themselves against this threat.
Under the guidelines and protection of these new standards, businesses can chart a path to long term
cybersecurity with the certainty that the encryption they are using is quantum secure.
The process to achieve quantum security is simple in concept but the challenge will be in the execution.
Businesses first need to identify their exposure through a comprehensive audit of the encryption they use
and its locations. With this clear picture and armed with these new standards we can chart a roadmap
and timeline to move forward in replacing the vulnerable encryption and adopt PQC.
What’s next for post quantum cryptography
Now is not the time for complacency. The global post quantum cryptography community has worked
tirelessly to establish these new schemes and standards, but the focus now must turn on adopting them
within its cybersecurity infrastructure imminently.
These new standards also represent the beginning of the journey towards actualising a quantum secure
future. Just as businesses and governments need to stay alert to adapt to the growing and changing
Cyber Defense eMagazine – January 2023 Edition 157
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.