by Diana Proud-Madruga
As an avid science fiction reader, I’ve been watching the current developments in technology with particular interest. The world of science fiction is rapidly moving into the realm of science fact, especially when it comes to quantum computers. Unlike conventional computers, which use ones and zeros, quantum computers follow the principles of quantum physics, using ones, zeros, and everything in between. Breakthroughs in quantum computing will bring with them a quantum leap (pun intended) in analytics, machine learning and artificial intelligence, possibly even opening up the way to an artificial general intelligence. These breakthroughs, however, also pave the way for massive data breaches as quantum computers plow through data protected by current encryption technologies.
The good news is there are things we can do right now to protect information.
On December 15, 2016, the National Institute of Standards and Technology (NIST) announced that it was seeking public-key cryptographic algorithms that are quantum resistant. NIST predicts, per NISTIR 8105, that certain encryption algorithms will be more vulnerable and carry greater impacts from quantum computing:
NISTIR 8105 further warns that organizations should have newer algorithms in place as soon as April 2026. IBM, however, predicts that implementation should occur sooner, feeling that quantum computing will be mainstream within the next five years.
In anticipation of this breakthrough, NIST is actively looking for the next generation of encryption algorithms that will secure data in the post-quantum computing world. After evaluating the first round of candidate algorithms, NIST has moved into the second round. That’s all well and good for future requirements, but what about now? Organizations need to be concerned about what may happen when a quantum computer comes online.
One worst-case scenario is that a hacker (think “enemy state”) could accumulate large amounts of encrypted data in anticipation of being able to crack the encryption as soon as a quantum computer becomes available. Consider that just one piece of critical information within the stolen data could result in a breach of intellectual property, massive identity thefts or even a national security incident.
Luckily, there are steps we can take today to protect information against such a future occurrence. IBM, a current leader in quantum computing, recommends organizations begin by:
Organizations will be looking to solution providers to address one or more of these recommended steps, as the expertise threshold is high for each. Minimum essential vendor credentials include a technologically savvy workforce and a history of collaborating with standards organizations such as NIST and, in the healthcare sector, HL7 Security and Privacy working groups. Moreover, experience in conducting vulnerability analyses will be critical. I am proud to say that Electrosoft Services, Inc. is leading the way in this field, helping private and public organizations address the cybersecurity challenges of today and prepare for the quantum computing world to come.
Diana Proud-Madruga, CISSP, is a Senior Security Analyst with Electrosoft.