Quantum

Welcome to the CISO Perspectives Weekly Briefing, where we break down this week’s conversation, providing insights into relevant research and information to help you further understand the topics discussed.

At 450 words, this briefing is about a 5-minute read.

Quantum computing.

For over a decade, quantum computing has been described as a transformative technology that is poised to reshape how organizations process data and secure their systems. While it has long felt just out of reach, the world is now approaching a new paradigm where quantum computing becomes commercially available for many enterprises. However, the impacts of quantum computing are already beginning to emerge now.

Since quantum computing will significantly impact how modern encryption functions, security leaders must understand the steps they need to take to secure themselves against this eventual change, as well as how attackers are already adapting to this new reality.

One of the most significant emerging threats is harvest now, decrypt later attacks. According to the Federal Reserve System, attackers are stealing data that they cannot break with current technologies. Instead, the goal is to store this data until quantum computers become powerful enough to decrypt it and reveal sensitive information, even if it has aged.

These future threats are part of the reason why government agencies, such as the Cybersecurity & Infrastructure Security Agency (CISA), have already been creating new initiatives and guidelines to help address this problem. Through CISA’s Post-Quantum Cryptography (PQC) Initiative, which the agency is using to help “unify and drive efforts with interagency and industry partners to address threats posed by quantum computing.” 

The initiative focuses on four core areas:

• Risk Assessments to address critical infrastructure vulnerabilities and determine where post-quantum cryptography transition work is needed.
• Planning support to help focus resources and engagement for operators across the public and private sectors.
• Developing policies and standards to improve the adoption and implementation of policies, standards, and requirements to improve quantum security.
• Improve engagement and awareness to develop stronger mitigation plans and encourage the implementation of standards

Getting ahead of Quantum.

Quantum computing is not a technology that many will be able to access and utilize within three years. However, for many medium to large-scale enterprises, this technology will arrive sooner than expected. Further, given that the impacts of quantum computing are already being felt now as both governments and attackers are preparing for a post-quantum world, this is not something that security leaders can deal with once it arrives.

With a proactive approach, security leaders can build their quantum-secure infrastructure. This approach involves identifying quantum-vulnerable assets, beginning the transition to post-quantum cryptographic algorithms, and staying aligned with new federal standards. By doing this work earlier, leaders can ensure that when quantum does arrive, their networks and data will remain secure.