How to Start Readying Your IT Ecosystem for Quantum Now

Quantum computers will deliver tremendous benefits, but they will also be able to break the cryptography underlying public key infrastructure (PKI). Quantum computing will be able to solve very specific hard problems that even the fastest supercomputers cannot solve in a reasonable amount of time. This poses an unprecedented problem for encryption that enterprises put their trust in today. Cryptography is the foundation of digital trust – a threat to cryptography is a serious threat to digital trust. In today's increasingly connected ecosystem, broken cryptography can result in unauthorized access to sensitive information, lack of control over connected devices, and potentially, pose great dangers. Consider cars, airplanes, satellites, energy grids. These durable, critical devices are highly vulnerable to attack, as these connected devices (IoT) have long in-field lives requiring their certificates to be updated. Imagine a state-sponsored attack hacking into the system and intercepting software security updates for a satellite. Long-lived devices need to be able to handle whatever cryptographic changes come our way. 

In a nutshell, security measures need to be future-proofed. Where are organizations most vulnerable today? Typically, it’s knowing what’s at risk and knowing where their risks are lurking. When it comes to quantum preparedness, a good first step is for organizations to inventory their systems and algorithms. A few questions to determine quantum preparedness urgency: 

  • How many years does the device need to be secured for?
  • How long does the information need to remain confidential? 

If the answer is 7+ years, we recommend that organizations start preparing today. Alex Truskovsky, Director, Technical Strategy at ISARA will outline what organizations can do to ready their ecosystem now, in the presentation, How to Ready Your IT Ecosystem for Quantum Computing, with Futurex at the Futurex Virtual Summit 2020 on June 18, 2020 at 4:00 p.m. ET. Register here

If your organization manages a device that requires mission-critical security including PKI and digital certificates, hardware security modules (HSMs), or physically embedded roots of trust, start preparing today. This is especially true of enterprises with large, complex PKIs or components such as system on a chip (SoC), memory and storage, communications, or sensors. These industries have big-stake security requirements: 

  • critical infrastructure, including energy and satellites 
  • military 
  • automotive industry 
  • airline industry 
  • financial services 

Here are six steps we recommend organizations take to prepare for quantum: 

1. Conduct your own research. Determine how large-scale quantum computing will impact public-key cryptography and how it will affect your business 

2. Catalog. Perform an archeological expedition to understand how cryptography is used in your organization 

3. Prioritize. Identify and prioritize high-value assets for migration 

4. Build a strategy. Collaborate with your internal team to create a migration plan 

5. Look for tools and partners. Share your needs with key vendors to ensure their roadmap aligns 

6. Plan. Planning your attack will take time but preparing early enough will help mitigate risks 

Because of the real risks imposed by quantum computing — and despite the uncertain arrival time — many CISOs and CIOs have tasked their IS/IT teams with investigating the threat and recommending a course of action. 

To help, we have newly launched our Quantum-Safe Readiness Program for Enterprises, a workshop to explore quantum-safe cryptography gain hands-on experience, and learn best practices. 

And as you'll learn about during the Futurex Virtual Summit 2020, leading vendors have already created solutions that will help you get a head start.  For example, check out Futurex's Quantum Safe Certficate Authority.  Futurex has developed a crypto-agile solution that will utilize both classical and quantum-safe algorithms to take organizations into the next generation of security.