Managing Cyber Risk in the Quantum Era: A Responsible Approach

Managing Cyber Risk in the Quantum Era: A Responsible Approach

By Dana Spataru, Isaac Kohn, Itan Barnes, Colin Soutar

While quantum computing is expected to positively impact many industries and the global economy, its cybersecurity threats are significant and have been widely documented.

While the timing is uncertain, some experts estimate that within ten years, threat actors with quantum computing capabilities may be able to crack public key cryptography algorithms which serve as the backbone to the digital society. This looming issue may evoke a wide range of responses which could lead to some ineffective cybersecurity decisions.

One way to reduce the cyber risk from quantum computing, or other new technologies, is to start preparing now for their potential impact. How can organisations properly prepare? The quantum computing threat is causing organisations to take a “back-to-basics” approach to manage cryptography capabilities, mitigate risk and prepare for future cybersecurity challenges.

Start with perspective: Focus on facts and clarity; embrace change

To begin, there may be much anticipation around the opportunities associated with quantum computing. For some people, there are great expectations and a good amount of hype surrounding this emerging technology. Other people may react negatively or complacently to its threats and may choose to dismiss any potential risk without proper analysis, leaving this “future problem” for later. Yet others may eventually react to the cyberthreats with panic and fear, rushing to try and mitigate risks without properly evaluating them first.

Amidst such hasty and conflicting reactions, it is important to strive for clarity and minimise confusion by taking a programmatic and responsible approach to first understand and then mitigate the quantum risk to cryptography.

While many are focussed on the transition to quantum-safe cryptography, there are currently too many unknowns to properly plan that transition today. Nevertheless, there is a first step that organisations can take that delivers value in the short term while laying the foundation for a sustainable transition. Organisations have struggled to react to previous disruptions to cryptography, such as vulnerability discoveries and deprecation of cryptographic algorithms. Establishing robust cryptography management can position organisations to better navigate future disruptions, including quantum.

Getting back to basics

Cryptography supports the backbone of trust in our digital society. Cryptographic assets such askeys, certificates and algorithms are often scattered throughout an enterprise’s applications and infrastructure. The foundation for any cryptographic transition, including the quantum transition, begins with effective management of those assets. Organisations can adopt a four-step approach to enable this critical business function and position for future disruptions:

• Discovery – Seek out all of the certificates, keys and cryptography algorithms within an organisation, as well as the related data classification. Consider examining some of the main use cases for cryptography in an organisation, such as public key infrastructure (PKI), key management and secure software development.
• Inventory – Create a central repository of cryptographic assets to manage security and reporting in an efficient manner.
• Automation – Where appropriate, automate processes to improve efficiency. For example, automating the lifecycle of certificates can help to improve security and reduce costs.
• Agility – Develop “crypto agility” as both a mindset and in technology processes so that teams may more easily switch between systems and accelerate the transition to quantum-safe solutions.

Call to action

Leaders can take steps now to make sure that their organisations have strong foundational cryptographic management practices in place and that these can be continued in the future when quantum, or other new technologies or threats, are more prevalent. By acting now, business leaders can mitigate cyber threats that may emerge in the future as quantum becomes more mainstream.

• Visit Deloitte Global Cyber
• Learn more about Cyber Identity
• Learn more about Digital Identity