Quantum Computing and Cybersecurity: How Should You Prepare?
Quantum computing will change cryptography as we know it. And some parts of our cybersecurity eco-system will either evolve or break apart. How can we limit the damage and move securely into the future?
Planning should begin right now, at our organizations and governments, for a quantum-resistant world.
Quantum Computing and Cybersecurity: What Will Change?
A simple way of considering the challenge ahead of us is to view each type of encryption that protects our digital lives as a massive math problem. We rely on the idea that this math problem is too big for today’s computers to “solve,” or in the case of encryption, too big to break. With today’s computing power, it could take years — in some cases thousands of years — of computers cranking away at the problem before threat actors would be able to solve it and break the encryption that protects data on a broad scale.
Quantum computing approaches this type of challenge in a new and more powerful way. It will do the math 158,000,000 times faster than conventional computers, and can solve a computation in four minutes that would take today’s computers 10-thousand years to solve.
The Cybersecurity and Infrastructure Security Agency (CISA) warns that this is going to be a widespread challenge that companies and governments must face.
“As this technology advances over the next decade, quantum computing is increasing risk to some encryption methods that are widely used to protect customer data, complete business transactions, and secure communications.”
And leaders at the National Institute of Standards and Technology (NIST) are even more direct.
“NIST constantly looks to the future to anticipate the needs of U.S. industry and society as a whole, and when they are built, quantum computers powerful enough to break present-day encryption will pose a serious threat to our information systems,” says Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio.
What Is Being Done to Maintain Security in a Post Quantum World?
We are now making visible progress around this challenge.
What is government doing to prepare?
On the Government side of cybersecurity and quantum computing, several initiatives are underway:
- CISA recently launched its Post-Quantum Cryptography Initiative.
This effort is designed to streamline and accelerate government agency plans and preparations for post-quantum computing.
- NIST just published the world's first group of quantum-resistant algorithms.
These algorithms, built on input from cryptographic minds around the globe, will form the foundation of a new cybersecurity standard. NIST designed the algorithms for two main tasks: general encryption, which is used to protect information exchanged across a public network; and digital signatures, used for identity authentication. They rely on math problems that both conventional and quantum computers should have difficulty solving, so cybersecurity and privacy will continue in the quantum age.
What is the cybersecurity industry doing?
Organizations, including those in the cybersecurity and internet of things (IoT) space, are now forming new strategic partnerships to prepare for post-quantum security. This step is crucial for things with long lifecycles, such as systems in critical infrastructure, industrial controls, aerospace and military electronics, telecommunications, transportation infrastructure, and connected cars.
BlackBerry, through its Cylance® AI-based cybersecurity portfolio and its deep roots in the IoT and automotive space via its QNX® real-time operating system, is uniquely positioned in the marketplace, effectively straddling the two technology sectors most likely to be affected by the leap to quantum computing. As a result, it stands to reason that BlackBerry engineers are already working to provide solutions that will proactively protect against tomorrow’s quantum-enabled codebreakers. With its QNX technology embedded in more than 215 million cars on the road today, BlackBerry recently announced it would provide support for quantum-resistant secure boot signatures for NXP® Semiconductors’ vehicle networking processors. The companies will work together and use the BlackBerry® Certicom® Code Signing and Key Management Server to illustrate how to mitigate the risk of potential quantum computing attacks on in-vehicle software and long-lifecycle assets.
The integration will allow software to be digitally signed using the NIST-endorsed CRYSTALS Dilithium digital signature scheme that will be quantum resistant, providing peace of mind for when quantum-powered capabilities eventually threaten traditional code-signing schemes.
How To Prepare for Cybersecurity in Quantum Computing
The U.S. Department of Homeland Security and CISA suggest several steps to take now in order to prepare your organization for post-quantum cybersecurity.
- Engage with Standards Organizations: Subscribe to updates from CISA, NIST and other government agencies working to develop new standards, and respond when they solicit feedback.
- Inventory Critical Data: This will help you plan for future analysis as it becomes clear which data could be most at risk in a post-quantum environment.
- Inventory Cryptographic Technologies in Your Environment: Understand which systems rely on cryptography to function, so you can uncover potential impacts and address them.
The agencies mentioned above recommend you complete this part of your quantum planning by the end of 2023. CISA also created a quantum roadmap, which includes announcing plans for an official NIST quantum cryptography standard in 2024, followed by a push for widespread implementation of quantum-resistant computing technologies shortly after the new standard is issued.
If you have further questions or concerns about quantum computing and cybersecurity, please reach out to us here at BlackBerry. We are committed to helping organizations like yours to transition smoothly and securely to a post-quantum world.