By Jeffrey Ritter, Visiting Fellow, Kellogg College, University of Oxford
Every security professional, at one time or another (or at many times), confronts executive opposition to changing technology. We all know that every innovation in technology requires adaptations in the security services, introducing new costs tied to shifts in equipment, third-party services, and human resources. We also know, whatever the new risks tied to the new technology, that executives want assurances that any new spending will produce effective results. So often, the end result is for the company to sit back, defer the spending, and better evaluate the severity of the risks.
But what if a new technology emerges that could disrupt nearly 100 percent of your security services with the velocity of a zero-day exploit? That scenario is exactly what drove the CSA Quantum-Safe Security Working Group to produce a new white paper aimed at the non-technical corporate executives frequently in the approval chain for new security investments.
The potential for quantum computing is accelerating with amazing velocity. Nearly each week in 2018 sees new announcements of improving capabilities and increased computational power in quantum computing. Even before the quantum machines have been built to the size required for complex commercial uses, researchers are authoring new programming languages with which to strengthen the potential of quantum computers to solve computational problems that existing computers cannot functionally solve.
That, of course, is the security blanket most encryption represents—solving the math to calculate the proper key(s) to decrypt content or system protections has been computationally infeasible. But, when controlled by bad actors, quantum computing makes the infeasible entirely feasible. Those bad actors could be hostile nation-states, international criminal syndicates, competitors, or others who value the content or systems safeguarded by the encryption.
The new white paper, “A Day Without Safe Cryptography”, was released at the CSA Summit at RSA this week. Rather than get bogged down in technical jargon, the white paper illustrates the dramatic, sobering impact on a company and its corporate leaders when (not if) quantum computing is used to overwhelm commercial encryption services currently available. Executives are presented over a dozen examples of how their personal and corporate lives could be disrupted by quantum computing used by malicious forces.
Simply, the potential for quantum computing to overwhelm encryption protections is so great that, once deployed against company or government systems, there will not be an opportunity to sit back and wait.
Quantum-safe security is already possible, but building a full portfolio of the skills, technologies, and capabilities to get there will be challenging. This is one new security risk against which companies must begin work now, even before quantum computing becomes fully realized.
The Working Group hopes the white paper will help you start the conversation with your executives on the right foot.