Quantum-Computing Threats Present Steps Towards Strong Encryption
The impending cybersecurity threat posed by quantum computing has prompted the U.S. government to begin pushing for the public and private sectors to adopt stronger encryption standards.
The National Institute of Standards and Technology in late August released the first completed set of encryption tools designed to withstand cyber attacks.
The Cybersecurity and Infrastructure Security Agency on September 27 publicly released its guidance for federal agencies on moving to what is known as “post-quantum cryptography” – replacing old encryption algorithms with versions that are hard to break.
Government preparedness for the new era of cyber threats highlights the stark contrast between the public and private sectors. While cloud infrastructure giants such as
Chief information and cybersecurity officers in business and government alike “have a lot of work to do—even at the top level. And if you’re not up to par, you have a lot of work to do as you try to close those gaps,” Matthew Scholl, director of the Computer Security Division at NIST’s Information Technology Laboratory, told Bloomberg Law. So the question is, where does this fall in your priorities?”
Moving Forward
Current encryption systems rely on how difficult it is to find the key information of a very large number of numbers. Solving these problems takes today’s computers so long that it’s not worth the time and effort for many cybercriminals, explained Sudeep Kesh, chief development officer of S&P Global Ratings.
But if cracking the security of the current system would take modern computers months, a quantum computer could do it in an hour, Kesh said.
Quantum computing would pose a threat to public key systems such as Rivest-Shamir-Adleman-RSA- and elliptic-curve encryption algorithms, which sign data using keys. They are widely used to encrypt data in transit and authenticate customers in online transactions.
“There have been advances that mean that the reality of quantum computing is no longer confined to a physics lab at MIT or IBM or wherever—it’s approaching that commercial world. ,” said Martin Whitworth, cyber risk expert at S&P Global Ratings.
NIST, CISA, and other government agencies are encouraging the private sector to begin transitioning to the latest computing standards. They suggest that organizations begin to create an inventory to understand what writing methods they use, where they are sent, and for what purposes. That step alone can be difficult, cyber security experts have warned.
“Cryptography is everywhere, every device, every piece of software, every piece of hardware, and it’s part of the foundation of the internet. It’s in” of application protocols,” said Phil Venables, chief information security officer at Google Cloud.
Once organizations are ready, strengthening their systems will require time, money, and close collaboration with partners throughout the global supply chain.
“There’s going to be a lot of IT spending by organizations of all kinds,” said Nigel Smart, researcher and chief academic officer at open source cryptography company Zama. He added, “Everyone will need to improve what they are doing.”
Smart estimated that it could take “maybe five to 10 years” for some businesses to finally move to a more secure state.
‘The Greatest Explanation’
Companies’ cybersecurity policies — and how well they align with industry best practices and government standards — have been put under the microscope amid a growing number of cyber attacks and lawsuits. a crime.
This enhanced analysis showed that even the biggest Big Tech giants can still struggle to keep up with current encryption standards: Last month.
It may not be realistic to expect businesses and other organizations to immediately engage in a complete overhaul of security protocols to protect against quantum computing—especially before the mandatory requirements. legally set, said data privacy, artificial intelligence and cybersecurity lawyer Lily Li, founder of Metaverse Law.
“There is a big gap between NIST’s standards and what the private industry is trying to adopt,” Li said.
Expecting them to quickly change their minds to post-quantum problems might be a big leap, according to Li. Companies that deal with data privacy and security issues – such as hospitals and commercial airlines – are working to meet emerging government requirements that are already falling behind the growing threat. change quickly.
“I think it’s important for NIST to issue this guidance, because it’s a big risk, and companies need to plan for it,” Li said. “But in terms of our cybersecurity posture, we need to step everyone up from the ground up. Now let’s work on the next step.”
‘Crypto Agility’
The federal government’s push for the private sector to move to post-quantum computing encryption also includes encouraging the adoption of new security architectures capable of what it calls “crypto agility”—the be able to exchange encryption algorithms or keys if needed.
“We’re about to develop a planet for the first time, and it’s going to take a lot of work,” Venables said. “We can do the work in a way that allows the next upgrade to happen easily,” he added.
The concept of “crypto agility” requires frequent updates to algorithms and standards as the relatively small branch of mathematics that includes post-quantum cryptography evolves.
“You have to be able to change your algorithms in a second, and you have to know what algorithms you have and be able to check and replace them,” Smart said.
It also aligns with the broader efforts of the Biden administration to protect Americans’ data from foreign adversaries. Adopting strict and durable encryption standards now can help protect data with long-term understanding or security needs going forward.
The key for private sector organizations, however, is not to ignore government calls to start preparing for the age of quantum computing, cyber experts said.
“In other words, the exercise of doing a cryptocurrency analysis and finding out what you’re using and whether it’s a good thing to do,” Smart said. “And this post-quantum revolution forces people to do what they should have been doing 30 years ago.”
#QuantumComputing #Threats #Present #Steps #Strong #Encryption