Cybersecurity Risks Introduced By Quantum Computing – Expert Opinion

Subscribe
Notify of
guest
1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Francis Gaffney
Francis Gaffney , Director of Threat Intelligence
InfoSec Expert
December 22, 2021 5:44 pm

<p><span lang=\"EN-GB\">Quantum computing promises unprecedented speed and power in computing. It also poses new risks. As this technology advances over the next decade, it is expected to break some encryption methods that are widely used to protect customer data, complete business transactions, and secure communications. Modern encryption methods are specifically designed so that decoding them would take so long they are practically unbreakable. Quantum computers change this thinking. These machines are far more powerful than classical computers and should be able to break these codes with ease.</span><u></u><u></u></p><p><span lang=\"EN-GB\"> </span><u></u><u></u></p><p><span lang=\"EN-GB\">If large-scale quantum computers are realized, they would threaten the security of many commonly-used public-key cryptosystems. To prepare for this, organizations should identify where and for what purpose public key cryptography is being used and mark those systems as “<i>quantum vulnerable</i>”, this could include:</span><u></u><u></u><span lang=\"EN-GB\"> </span><u></u><u></u></p><p>§  <span lang=\"EN-GB\">Is the system a high value asset based on organizational requirements?</span><u></u><u></u></p><p>§  <span lang=\"EN-GB\">What is the system protecting (e.g., key stores, passwords, root keys, signing keys, PII, sensitive PII)?</span><u></u><u></u></p><p>§  <span lang=\"EN-GB\">What other systems does the system communicate with?</span><u></u><u></u></p><p>§  <span lang=\"EN-GB\">To what extent does the system share information with other entities outside of their organization?</span><u></u><u></u></p><p>§  <span lang=\"EN-GB\">Does the system support a critical national infrastructure sector?</span><u></u><u></u></p><p>§  <span lang=\"EN-GB\">How long does the data need to be protected?</span><u></u><u></u></p><p>§  <span lang=\"EN-GB\">Using the inventory and prioritization information, organizations should develop a plan for systems transitions upon publication of the new post-quantum cryptographic standard.</span><u></u><u></u></p><p><span lang=\"EN-GB\">o   <i>Cybersecurity officials should provide guidance for creating transition plans</i>.”</span></p>

Last edited 6 months ago by Francis Gaffney
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x