Managing Cyber Risk in the Quantum Era: A Responsible Approach
By Dana Spataru, Isaac Kohn, Itan Barnes, Colin Soutar
While quantum computing is expected to positively impact many industries and the global economy, its cybersecurity threats are significant and have been widely documented.
While the timing is uncertain, some experts estimate that within ten years, threat actors with quantum computing capabilities may be able to crack public key cryptography algorithms which serve as the backbone to the digital society. This looming issue may evoke a wide range of responses which could lead to some ineffective cybersecurity decisions.
One way to reduce the cyber risk from quantum computing, or other new technologies, is to start preparing now for their potential impact. How can organizations properly prepare? The quantum computing threat is causing organizations to take a “back-to-basics” approach to manage cryptography capabilities, mitigate risk, and prepare for future cybersecurity challenges.
Start with perspective: Focus on facts and clarity; embrace change
To begin, there may be much anticipation around the opportunities associated with quantum computing. For some people, there are great expectations and a good amount of hype surrounding this emerging technology. Other people may react negatively or complacently to its threats and may choose to dismiss any potential risk without proper analysis, leaving this “future problem” for later. Yet others may eventually react to the cyberthreats with panic and fear, rushing to try and mitigate risks without properly evaluating them first.
Amidst such hasty and conflicting reactions, it is important to strive for clarity and minimize confusion by taking a programmatic and responsible approach to first understand and then mitigate the quantum risk to cryptography.
While many are focused on the transition to quantum-safe cryptography, there are currently too many unknowns to properly plan that transition today. Nevertheless, there is a first step that organizations can take that delivers value in the short term while laying the foundation for a sustainable transition. Organizations have struggled to react to previous disruptions to cryptography, such as vulnerability discoveries and deprecation of cryptographic algorithms. Establishing robust cryptography management can position organizations to better navigate future disruptions, including quantum.
Getting back to basics
Cryptography supports the backbone of trust in our digital society. Cryptographic assets such askeys, certificates and algorithms are often scattered throughout an enterprise’s applications and infrastructure. The foundation for any cryptographic transition, including the quantum transition, begins with effective management of those assets. Organizations can adopt a four-step approach to enable this critical business function and position for future disruptions:
Call to action
Leaders can take steps now to make sure that their organizations have strong foundational cryptographic management practices in place, and that these can be continued in the future when quantum, or other new technologies or threats, are more prevalent. By acting now, business leaders can mitigate cyber threats that may emerge in the future as quantum becomes more mainstream.