Quantum computing capabilities are already impacting your organization. While data encryption and operational disruptions have long been concerns of chief information security officers (CISOs), the threat posed by emerging quantum computing capabilities is much deeper and more immediate.
Indeed, quantum computing poses an existential risk to conventional encryption protocols that enable virtually all digital transactions. Over the next few years, popular data encryption mechanisms, such as public key cryptography (PKC), may become vulnerable.
Any classically encrypted communication could be tapped and is potentially subject to data exfiltration once quantum decryption solutions are viable. These tactics are called “harvest now, decrypt later” attacks.
As such, ensuring data encryption remains secure requires our urgent attention – even before quantum computing solutions become generally available. Even if some data is irrelevant or rapidly losing value to threat actors, data related to national security, infrastructure, medical records, intellectual capital, etc. may well retain or increase their value over time — see Figure 1. The European bank told us, “We want to keep our data private forever.”
While mere data exposure is a threat, the risk scenarios escalate from there. We use cryptography to protect communication networks, verify electronic transactions and secure digital evidence. And today’s smart automobiles and planes rely on highly connected digital ecosystems, with decades of lifespans ahead of them. Even critical infrastructure systems, traditionally separated from digital networks, are increasingly reliant on the over-the-air updates and field data capture capabilities of the Internet of Things (IoT).
Figure 1 — Data type retention requirements (Sources: CalChamber Alert, AHIMA, JMA Journal, Total HIPAA, IRS)
With the power of quantum computing behind them, adversaries could create fraudulent identities for websites and create fake software downloads and updates. Cybercriminals could launch extortion attacks by threatening to disclose harvested data. They could design fake land records or lease documents that are indistinguishable from the digitally encrypted originals. Considering the digital economy is estimated to be worth $20.8 trillion by 2025, the implications could be staggering.
Don’t make a mistake. The impact is coming – and it’s not a question of if, but how long and how disruptive. But there is also hopeful news. As we will explore, researchers are actively developing quantum remediation techniques and algorithms. The ultimate goal? For organizations – and society – to reap the substantial benefits of the power of quantum computing, while simultaneously protecting against the same technologies when used by cyber adversaries.
Read the report
Securing Mission-Critical Infrastructure Today
Early adopters of quantum cryptography solutions are likely sophisticated threat actors (think nation states) applying the potential of quantum computing to crack today’s cryptography. For industries operating critical infrastructure, the stakes are high.
In a May 2022 memo, the US government warned: “When available, a cryptanalytically relevant quantum computer (CRQC) could compromise civilian and military communications, undermine critical infrastructure surveillance and control systems. and overcome security protocols for most Internet-based systems. financial operations”. Cybersecurity experts, their business counterparts, and laypeople are increasingly on alert.
Consider RSA-2048, a widely used public-key cryptosystem that facilitates secure data transmission. In a 2021 survey, most leading authorities believed that quantum computers could crack RCA-2048 in 24 hours. How soon this could happen is a matter of debate. But the question of when crypto will be broken by quantum computing can be misleading because it involves a specific threshold date that leaders can anticipate. Add to that the troubling truth that implementing solutions and protections can take longer than expected, and technology leaders need to recognize the urgent need to act now.
The open question: can they convince their peers that there is a business advantage to doing so?
To dive deeper into this pressing security topic, read the IBM Institute for Business Value (IBV) Security in the Quantum Era report, from which this blog post is excerpted. The report provides an in-depth analysis of the quantum security landscape and makes a compelling case for developing “quantum secure” strategies today – to maintain the integrity and security of highly sensitive data today and in the future. coming. Additionally, the report charts a clear path for how organizations can work across their ecosystem to protect data from cybercriminals eager to harness the power of quantum computers.