Faster development of vaccines and green battery technology, as well as deeper analytics and faster trading in the financial markets – these are just some of the benefits that countries in APAC are looking to achieve as they adopt quantum computing. In China, the government has allocated US$10 billion to the construction of the National Laboratory for Quantum Information Sciences in 2020. In Singapore, they have launched the National Quantum Computing Hub and the National Quantum Safe-Network. The acceleration in quantum computing has made leaps and bounds, and businesses are already anticipating the future of quantum.
While quantum computing will bring about massive changes and value across various industries, it also introduces new and much more dangerous threats. Quantum computing could drastically cut down the time needed to crack the strong cryptographic algorithms we rely on today – potentially from decades to minutes.
Although cyber security leaders might think they have time to prepare, the post-quantum era has already begun – and many companies are currently ill-equipped to handle such development.
In a study by (ISC)², the global cyber security workforce needs to grow by 65% to effectively prepare and defend against cyber threats. It is proving difficult for security teams to handle day-to-day cyber threats, let alone prepare for those powered by quantum technology. The same study also highlights that this is particularly dire within the APAC region, which has a cyber security workforce gap of 1.42 million. There is an urgent need for organisations to prepare themselves for the quantum computing era – and the sooner they start, the better.
The need to adapt and achieve crypto agility
Advances in quantum computing threaten the integrity of traditional asymmetric encryption algorithms. Protocols like the RSA algorithm, Elliptic Curve Cryptography, and Finite Field Cryptography will no longer be able to defend against such brute force attacks. Organisations will need to adopt other methods to ensure their data is safe.
Migrating to quantum resistant algorithms will take years to integrate into existing systems and processes. To make matters worse, adversaries already have a head-start. Many have begun collecting and storing encrypted data, waiting for quantum computers to gain sufficient strength to break through the algorithms before launching their attacks.
Organisations, therefore, need to achieve crypto-agility – the ability to change, improve, and revoke cryptographic assets to successfully deal with such threats.
Not too late to prepare for the post-quantum era
There are four steps organisations need to take to attain crypto agility:
Firstly, companies need to know what cryptographic assets and algorithms they possess, as well as the places they reside and what they’re used for. A comprehensive view of all data and keys will minimise margins for error, allowing for more efficient and effective decision making.
Secondly, once companies know what and where their data is, they need to prioritise them. By categorising data according to their value and risk level, organisations can decide which needs to be migrated to post-quantum cryptography first.
Thirdly, organisations need to start prototyping. The National Institute of Standards and Technology (NIST) has selected four quantum-resistant cryptographic algorithms that companies can use to test their data security and prepare for forthcoming threats.
Lastly, companies need to develop a post-quantum cryptography strategy and involve their vendors in the process. With a structured plan detailing the process of migration, organisations will be ready to take on post-quantum cryptography and assimilate into the new technological era.
As we move towards the quantum age, organisations will inevitably face challenges in upholding their security standards. What’s more, cyber criminals have already started making their moves to take advantage of their instability during this transition period.
The time to start migrating to post-quantum cryptography is now. Organisations, therefore, need to work with trusted vendors who can help them achieve crypto-agility and smoothly adjust to this new era of technology and threats.