With the introduction of NIST’s new post-quantum cryptography standards, the cybersecurity landscape is preparing for a seismic shift. The latest episode of Dark Reading Confidential, titled “Quantum Has Landed: So Now What?”, delves into the challenges and strategies surrounding quantum computing’s impact on encryption. This episode features insights from cybersecurity experts Matthew McFadden, Vice President of Cyber at GDIT, and Professor Thomas Scanlon from Carnegie Mellon University’s Heinz College.
Understanding Quantum Computing’s Impact on Cryptography
Quantum computing operates fundamentally differently from traditional computers by using qubits, which allow it to process vast amounts of data simultaneously. This capability promises breakthroughs in diverse fields, from supply chains to pharmaceuticals, but also poses a significant threat to current encryption standards.
Quantum computers can theoretically crack algorithms like RSA and ECC, essential to secure communications on the internet. This potential has spurred the cybersecurity community to focus on adopting quantum-resistant encryption methods.
A call for proactive preparation
While quantum computing’s full capabilities are not yet realized, experts agree that the cybersecurity sector needs to prepare proactively. The U.S. government and NIST have taken steps by introducing post-quantum cryptographic standards, moving beyond just draft guidelines to fully developed standards. This shift provides a blueprint for organizations to begin adapting their cryptographic practices.
Key Strategies for a Quantum-Secure Future
To address the threat posed by quantum computing, experts advise a multi-layered approach:
- Conduct an Inventory of Cryptographic Assets: Start by identifying all areas within your organization where encryption is used. This inventory is critical to assess vulnerabilities and prioritize systems that may need immediate attention.
- Adopt a Crypto Agility Mindset: Embrace a flexible approach to cryptographic management, allowing for quick adaptation to new standards as quantum capabilities evolve.
- Invest in Workforce Education and Governance: Cybersecurity teams and broader IT staff must understand quantum threats and the importance of a proactive cryptography strategy. A top-down approach to governance can ensure organization-wide alignment.
- Use Hybrid Cryptographic Solutions: Many organizations are adopting hybrid approaches that combine traditional and quantum-resistant cryptography, a practical step while quantum technology is still emerging.
- Implement Contract Language for Quantum Readiness: For those working with vendors or partners, consider incorporating quantum-safe practices and requirements into contracts to ensure third-party resilience against quantum threats.
The way forward
While fully transitioning to post-quantum cryptography will be challenging, taking steps now will position organizations to adapt smoothly when quantum computing achieves mainstream impact. This shift is more than a technical adjustment—it’s a strategic decision to safeguard data and maintain trust in an increasingly uncertain digital landscape.
As quantum computing inches closer to reality, the question is no longer if organizations should prepare but when they will take action.