As businesses begin to finalise plans for 2023, on why Quantum Day defence strategies will become more of a priority. In addition, it is likely that organisations will seek to continue to shift their Zero Trust strategies into the New Year.
To discover more, Digital Journal spoke with Torsten Staab, Principal Engineering Fellow, at Raytheon Intelligence and Space.
Staab notes that the quantum computing revolution is a little way into the future, these advances in computing leave plenty for businesses to mull over. He notes: “While Quantum Day or “Q-Day”, might be still 5-10 years out, it is coming faster than we would like.”
As to what this might mean, Staab explains: “Q-Day represents the day that quantum computers will be powerful and stable enough to use the superpositioning power of qubits (that is, quantum bits that can assume multiple states at once) to break widely used asymmetric encryption algorithms such as RSA.”
This comes with challenges, says Staab: “Unfortunately, these quantum-vulnerable encryption algorithms are widely used around the world to secure many of today’s ecommerce, finance, healthcare, critical infrastructure, and defense systems. Once Q-Day arrives, adversaries will be able to decrypt sensitive and classified communications and information if these algorithms stay in place.”
There is some help on the horizon: “The U.S. Department of Commerce’s (DoC) National Institute of Standards and Technology (NIST) announced it was getting ready to standardize the first set of four Post-Quantum Crypto algorithms.. Standardizing such algorithms means organizations around the world can begin replacing existing quantum-vulnerable encryption algorithms, helping to counter the “collect now, decrypt later” strategy currently being used by adversaries. Experts predict that globally it will take well over a decade to upgrade or replace affected systems with quantum-secure, Post-Quantum Cryptography-based (PQC) systems.”
In terms of the immediate future for firms, Staab advises: “Heading into 2023, developing and deploying quantum-resistant security strategies will become a growing priority for organizations in order to better defend their systems, networks, and data from future quantum attacks.”
As an immediate security measure Staab predicts: “Organizations will continue to adopt Zero Trust Security step-by-step – Zero Trust (ZT) Security is a security model, not a product. Adopting Zero Trust Security across an enterprise requires careful planning and the use of complementary, multi-vendor solutions. For many organizations, adopting Zero Trust Security will be a multi-year journey. Establishing a solid ZT strategy up front and developing a phased, step-by-step implementation plan to avoid boiling the ocean and losing focus will be key to a successful Zero Trust Security implementation.”
Staab makes further predictions for the year ahead: “Moving into 2023, look for additional ZT implementation guidance and recommendations from NIST and the U.S. Department of Homeland Security’s (DHS) Cybersecurity & Infrastructure Security Agency (CISA).”
Staab concludes with the following summary: “Furthermore, as we head towards the Quantum Computing Era, adopting a Zero Trust architecture will become more important than ever. Zero Trust principles such as “never trust, always verify” and “assume breach,” coupled the PQC-inspired concepts such as Crypto Agility (i.e. the ability to seamlessly switch between classical and PQC algorithms and quickly replace compromised crypto algorithms if needed) will apply to any organization and be key for providing future-proof, next-generation cyber security.”
