How Quantum Computing is Already Threatening Our Data Security - and What We Can Do About It.
While quantum computers are not yet a common fixture in everyday business operations, the imminent implications for data security demand attention now. Existing encryption methods are at risk of being compromised. Cybercriminals are exploiting this vulnerability through “store-now, decrypt-later attacks”, emphasizing the urgency to fortify our defenses today.#IBM #Artificial Intelligence #Security Strategy Architecture
Quantum computing is incredibly promising. It will be able to solve complex computing problems many times faster than conventional computers. However, this is precisely why it also harbors considerable risks for cyber security[i]. Its tremendous power could pose a huge risk to the security of everyday activities, both in the private and especially in the business sector. Encryption methods could become unusable, interactions on the internet would be compromised, the integrity of digital documents would be called into question and the number of data breaches could explode.
Steal it today, decrypt it tomorrow
Already one of the most dangerous aspects of this emerging threat is the potential for store-now, decrypt-later (SNDL) attacks[ii]. In such attacks, criminal actors are stealing and storing encrypted data today with the intention of decrypting it in the future using post-quantum cryptography (PQC) algorithms. By taking the long view and exploiting delays in the implementation of more advanced security protocols, such attackers are threatening data security largely unnoticed. It is therefore important that companies start planning for these risks and take the necessary measures now.[iii]
It is time to make preparations
In fact, future data security depends on us preparing for the quantum age now. American security organizations are leading the way in this regard. A few weeks ago, the U.S. Cybersecurity and Infrastructure Security Agency, the National Security Agency and the National Institute of Standards and Technology (NIST) published a joint fact sheet on quantum readiness to inform organizations - especially those supporting critical infrastructure - about the threats posed by quantum computing and urge them to begin planning for the future transition to post-quantum crypto standards. The alert is part of an official campaign and contains several recommendations.
Four specific protective measures
As soon as quantum computers are commercially viable, they will open previously closed doors and enable criminals and hostile governments to spy on and access important information[iv]. Organizations can prepare for post-quantum crypto standards by following the following four concrete steps:
- Create a quantum readiness roadmap: Such a roadmap should describe the steps the organization intends to take to transition to post-quantum cryptography.
- Collaborate with technology providers: Organizations should discuss their post-quantum roadmaps with their IT providers so they are aware of their plans for quantum readiness.
- Conduct an inventory: Organizations need to identify and understand their current cryptographic systems and assets in use.
- Create migration plans: These plans should prioritize the most sensitive and critical assets for migration to post-quantum crypto standards.
What is post-quantum cryptography?
Post-quantum cryptography (PQC), also referred to as quantum secure, or quantum resistant, refers to cryptographic algorithms that are considered secure against a cryptanalytic attack by a quantum computer. The goal of PQC is to develop cryptographic systems that are secure against both quantum and classical computers and can interoperate with existing communication protocols and networks.
In the USA, the National Institute of Standards and Technology has already announced the first group of encryption tools designed to withstand a future attack by a quantum computer[v]. These encryption algorithms will be part of NIST's post-quantum cryptography standard, which is expected to be finalized in about two years. The first four algorithms that NIST has announced for post-quantum cryptography are based on structured lattices and hash functions, two families of mathematical problems that can withstand an attack by a quantum computer.
From quantum computers...
The world's leading company in the field of quantum computing and post-quantum cryptography is IBM. Its engineers regularly deliver ever more powerful superconducting quantum processors, and IBM provides real quantum hardware for thousands of developers. The company has introduced IBM Condor, the world's first universal quantum processor with over 1000 qubits. IBM Quantum has also developed a detailed roadmap to scale quantum processors and create the necessary hardware. IBM is also developing innovative quantum software and promoting global collaboration among organizations and communities working on the topic.
… to protection against quantum computers
In the field of post-quantum cryptography, IBM is committed to the development and use of new quantum-safe crypto technology[vi]. IBM has collaborated with the National Institute of Standards and Technology and contributed algorithms for public key encryption and digital signatures. Last July, NIST announced that it had selected four quantum-resistant algorithms for standardization - three of which had been developed by IBM together with academic and industrial partners. On the hardware side, IBM z16 is the industry's first quantum-safe system protected by quantum-safe technologies at multiple firmware levels. IBM cloud development also offers quantum-safe cryptography support for key management and application transactions.
IBM's Quantum Safe technology provides a comprehensive package of tools to secure companies for the quantum future. UMB is the first and largest IBM Platinum Business Partner in Switzerland, specializing in infrastructure, software and solutions, in particular security. UMB is also the only IBM Storage and Power Systems Specialty Elite Partner in Switzerland. Above-average know-how in IBM hardware as well as in software and services guarantees excellent cooperation. Contact us for further information.