CISA: Prepare Now for Quantum Computers, not when Hackers Use Them
Although quantum computing is not commercially available, CISA (Cybersecurity and Infrastructure Security Agency) urges organizations to prepare for the dawn of this new age, which is expected to bring groundbreaking changes in cryptography, and how we protect our secrets.
The agency published a paper earlier in the week, calling for leaders to start preparing for the migration to stronger secret guarding systems, exploring risk mitigation methods, and participating in developing new standards.
Race to Quantum supremacy
Quantum computers are systems that harness quantum mechanics to perform much more powerful computations than are available today on systems that rely on binary (0, 1) computations.
Experts in the field widely accept that the currently experimental quantum computers will achieve superiority over conventional systems by the end of the decade and will quickly render them obsolete with subsequent capability leaps.
This is expected to revolutionize research, solve long-standing mathematical problems, perform higher-level physics simulations, and accelerate the development of artificial intelligence models.
The main negative implication of this quantum computing concerns the cryptography of secrets, a fundamental element of information security.
Cryptographic schemes that are today considered secure will be cracked in mere seconds by quantum computers, leaving persons, companies, and entire countries powerless against the computing supremacy of their adversaries.
“When quantum computers reach higher levels of computing power and speed, they will be capable of breaking public key cryptography, threatening the security of business transactions, secure communications, digital signatures, and customer information,” explains CISA.
This could threaten data in transit relating to top-secret communications, banking operations, military operations, government meetings, critical industrial processes, and more.
Yesterday, China’s Baidu introduced “Qian Shi,” an industry-level quantum supercomputer capable of achieving stable performance at 10 quantum bits of power.
Also Read: January 2022 PDPC Incidents and Undertaking
Baidu also stated that it recently completed the design of a 36-qubit superconducting quantum chip with couplers, which threatens to surpass the strength of the leading American quantum machine, IonQ Aria, which tops at 20 qubits.
Other companies in the race for quantum supremacy are Intel, IBM, Microsoft, IBM, and Google, all competing to advance the field.
Preparing for the new age
Research into quantum-secure encryption algorithms is already underway, and NIST (National Institute of Standards and Technology) plans to publish official guidelines on the topic by the end of 2024.
Until then, CISA recommends that all stakeholders follow the “post-quantum cryptography roadmap”, which can be summarized in the following:
- CEOs should increase their engagement with post-quantum standards developing organizations.
- Organizations should inventory the most sensitive and critical datasets that must be secured for an extended amount of time.
- Organizations should conduct an inventory of all the systems using cryptographic technologies for any function to facilitate a smooth transition in the future.
- Cybersecurity officials within organizations should identify acquisition, cybersecurity, and data security standards that will require updating to reflect post-quantum requirements.
- Organizations should identify where and for what purpose public key cryptography is being used and mark those systems as quantum vulnerable.
- Prioritize one system over another for cryptographic transition based on the organization’s functions, goals, and needs.
- Using the inventory and prioritization information, organizations should develop a plan for systems transitions upon publication of the new post-quantum cryptographic standard.
“Do not wait until the quantum computers are in use by our adversaries to act. Early preparations will ensure a smooth migration to the post-quantum cryptography standard once it is available,” concludes the agency.