Quantum computing continues to advance and going forward we can expect quantum computers to be optimizing financial trading strategies, utilizing quantum chemistry to develop new materials, and applying artificial intelligence technology to natural language processing. But what about the security issues?
Digital Journal heard from Torsten Staab, Principal Technical Fellow, Raytheon, regarding what trends he anticipates being at the forefront for organizations as we continue to see a rapid progression of technical advances like quantum computing and generative-AI.
Dr. Staab places the quantum computing advancement firmly within the area of corporate security. Here he considers how the technology can contribute to cryptography. Stabb notes: “With the rapid progression of quantum computing and associated cybersecurity risks, we can expect to see a heightened focus on quantum-resistant cryptography, also referred to as post-quantum cryptography (PQC).”
Cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages.
In terms of how the contribution from advanced technology, Stabb foresees: “PQC algorithms are designed to ensure that cryptographic systems can withstand quantum attacks. With the National Institute of Standards and Technology’s (NIST) much-anticipated standardization of its first round of PQC algorithms in early 2024, we can also expect to see more organizations starting to develop their quantum security strategies.”
He goes on to consider: “As a result, associated concepts such as crypto agility will also gain more attention over the next few years. Crypto agility refers to an information security system’s ability to quickly adopt an alternative to its original encryption method or protocol without requiring a significant change to the system, its infrastructure, or connected systems, services, or applications.”
As well as technology ,there is an underlying philosophy in terms of hat will be needed: “The next generation of IT/OT solutions must be crypto-agile to enable a successful transition from today’s classical encryption to tomorrow’s post-quantum cryptography. Being crypto-agile is also important because nobody can provide a 100 percent guarantee that their encryption algorithm, including NIST’s new PQC algorithms, is unbreakable.”
Technology will move back and forth as attempts are made to building security. Stabb considers: “In 2024, we can also expect to hear and see much more about the Generative AI-fuelled (GenAI) cybersecurity arms race. For example, players on both sides (i.e., defensive and offensive cyber) are rapidly adopting and integrating fine-tuned Large Language Model-enabled (LLM) tools in an effort to better attack and defend systems.”
In terms of examples, Staab sees: “GenAI-powered capabilities such as automated code generation, reverse engineering, and document exploitation will reach previously unthinkable levels of sophistication and speed. Organizations unwilling to invest in and adopt these next-generation GenAI tools will fall behind and potentially be at a much higher risk of getting compromised.”
Those left behind could experience: “Emerging GenAI-related security risks such as data leakage, model poisoning, or system hallucinations”. Stabb thinks these will also get more attention “as organizations try to weigh the pros and cons and figure out which GenAI security guardrails and usage policies to put in place.”