Cloud Hosting

There is little doubt that quantum computing will ultimately undermine the security of most of todays encryption systems, and, thereby, render vulnerable to exposure nearly every piece of data that is presently protected through the use of encryption.

What remains uncertain, however, is when the day of so-called quantum supremacy will arrive.

As such, many organizations have hesitated to start preparing for the quantum era after all, they reason, there are enough fires to fight now, and limited resources with which to do so.

But, quantum supremacy is not something that can be addressed when it becomes a fire if we do not start protecting ourselves until encryption-busting devices are known to exist, we are likely to suffer severe consequences. Such an attitude is not alarmist it is reality, whether we like it or not.

Remember, quantum computers already exist. And, while todays commercially-created quantum machines are nowhere near powerful enough to approach quantum supremacy, absolutely nobody knows the true extent of the quantum capabilities of all of the technologically-advanced governments around the world.

Even if no governments can already quickly crack the asymmetric encryption mechanisms used to protect so much of our digital economy, there is no way for the public to known when governments do obtain such capabilities. Unlike commercial sector R&D centers, intelligence agencies certainly are not going to broadcast anything about their accomplishments and advancements. In short, the public is not likely to know when quantum supremacy actually arrives until well after it has arrived.

Another important reason why we must address quantum-supremacy risks well in advance has to do with the nature of data.

Unlike computer hardware and software that are regularly replaced when they become obsolete, data often remains in its original form for many years, if not for decades. As such, one cannot simply address encryption algorithm obsolescence on a forward-thinking basis all of todays sensitive data that is currently protected by encryption will likely need to be identified, decrypted, and re-encrypted with quantum-safe encryption and all copies of the original data in any and all stores in which it resides must be properly destroyed.

Identifying, locating, and converting all data requiring conversion may be a task that is relatively easy for an individual to accomplish, but, for a large enterprise merely identifying and locating the data, never mind actually converting it, is a task is likely to prove complex, time consuming, expensive, and prone to error.

And, of course, the consequences of not fully locating and re-protecting old data can be catastrophic; a single long-forgotten laptop, ZIP disk, CD, or backup tape or even an old floppy disk! could potentially lead to terrible financial losses, legal headaches, and ruined reputations. Organizations that have utilized encryption to protect healthcare information within their possession, for example, could become flagrant violators of HIPAA and face stiff penalties for simply allowing existing backups to remain as is within storage facilities.

On that note, we must realize that at some point in the future, even before encryption-busting quantum computers arrive on the market, those in the know will consider it gross negligence to encrypt data with algorithms known to be vulnerable to quantum compromise. Imagine the reaction from customers, the media, and regulators if IBM announced that it would deliver an encryption-breaking quantum computer in 6 months, and cybersecurity professionals working at a bank reacted by saying that they would wait until after the device arrived on the scene to upgrade their encryption mechanisms? And, again, we wont even get a 6-month warning or any warning at all if, as expected, governments achieve quantum supremacy before industry.

Clearly, there is a need to act in advance and acting takes time. For most organizations, transitioning from todays encryption technologies to quantum-safe encryption mechanisms will likely be a more complex, expensive, and timely process that many people expect, in some cases, even taking years to properly plan and execute. As such, despite the fact that todays known quantum computers are nowhere near ready for prime-time encryption busting, we may already be late vs-a-vis preparing for quantum supremacy; it is possible that we have already reached a point at which it will take the world longer to completely replace its existing encryption mechanisms and re-encrypt its data than it will take for encryption-busting quantum computers to arrive on the scene

One other important note: Sensitive information that is relayed and stored today may remain sensitive in the future, including after quantum computers have rendered todays encryption impotent. In 2022, for example, people around the globe who bank, shop, chat, and use social media online rely on encryption known as TLS to prevent anyone from capturing and viewing communications flowing across the insecure Internet as network traffic. Quantum computing, however, will ultimately render todays TLS impotent; if someone records encrypted sessions as they pass over the Internet now, that party may be able to decrypt such sessions in the future, and expose all of the relevant contents. In short, any data that is captured now can potentially be decrypted and exposed tomorrow; the photos that you just sent your romantic partner over WhatsApp, the results of your recent bloodwork, and your credit report that you accessed over the weekend could all leak. With storage so inexpensive, various governments and perhaps corporations are, in fact, collecting and storing huge amounts of data and who knows how they will use that data once quantum-supremacy arrives. The bottom line is that if we truly want todays communications to remain secret for years to come, we should already be using quantum-safe-encryption to protect it.

Finally, keep in mind that while adding additional transistors to todays classic CPUs grows processing power linearly, quantum computing capabilities expand exponentially with physical system growth; as such, our human experience observing the advancement of technology likely misleads us into wildly underappreciating how fast quantum computing may advance. IBMs recent forecast of its quantum capabilities growing from around 1,000 Qubits next year to over 4,000 Qubits 2 years later, to potentially hundreds of thousands of Qubits shortly thereafter, clearly reinforces the concern about rapid growth delivering quantum supremacy to the market in the not so distant future.

Experts have already identified already several methods of encrypting that we believe will remain safe from quantum cryptanalysis for the foreseeable future yet such technologies are barely leveraged anywhere in the commercial sector. Rather than trying to scramble once we have an unsolvable problem, it would be wise for us to start planning to augment our encryption as needed. NIST has already begun to narrow down its list of recommended ways to address quantums risks to encryption and products have already hit the market already that enable businesses to begin such transitions.

This post is sponsored byIronCAP. Please click the link to learn more about IronCAPs patent protected methods of keeping data safe against not only against todays cyberattacks, but also against future attacks from quantum computers.

Visit link:
Why Businesses Must Address Risks of Quantum Computing NOW Rather Than Wait Until Problems Arrive - Joseph Steinberg