Business leaders offered guidance on quantum-secure cybersecurity
The Hudson Institute raises quantum awareness by equipping CEOs, CIOs and fellow executives with the knowledge they need to address the quantum threat to their organisation.
Following the recent release of ‘The Executive’s Guide to Quantum Computing and Quantum-secure Cybersecurity’, we look at the report’s highlights and discuss the important role of Quantum Key Distribution, Quantum Random Number Generation and post-quantum cryptography.
Raising the profile of quantum computing and quantum-secure cybersecurity
The profile of quantum computing has been rising exponentially thanks to step changes in the technology. However, knowledge around the subject, especially the opportunities and threats it poses, remains scarce at an executive level.
In response to this, the Hudson Institute has released ‘The Executive’s Guide to Quantum Computing and Quantum-secure Cybersecurity’. The document is designed to equip CEOs, CIOs and fellow executives with the knowledge they need to address the quantum threat to their organisation.
Specifically, the guide answers nine key questions in order to guide executives through the fundamentals of the technology, the risks it poses, and what can be done to ensure data is protected the quantum age:
- ‘What is quantum computing?’, where the basic principles of the technology, its advantages over classical computing and its threats to today’s encryption systems are explained.
- ‘How big a threat does it pose to my company?’, which explores the potential security vulnerability causes and explains how a quantum attack using Shor’s Algorithm poses the largest threat to Public Key Cryptography.
- ‘When will a quantum computer be capable of breaking public-encryption systems be ready for use?’, which sets out a timeline in which new quantum technologies are expected to become commercially available.
- ‘How long do I have to protect my data and networks?’, which outlines the importance of protecting business-critical information, discusses how today’s cryptographic algorithms will not be secure from quantum attack and highlights the use of ‘harvest and decrypt’ attacks.
- ‘What is quantum-safe cryptography (QSC)?’, which presents the opposite side of the argument, explaining how organisations can exploit quantum technology such as Quantum Key Distribution “to build essentially unhackable networks”.
- ‘What is the current state of QSC?’, where NIST’s efforts to standardise post-quantum cryptography are introduced alongside the concept of ‘hybrid’ cryptography solutions that combine existing systems with quantum-safe algorithms.
- ‘What steps do I need to take to protect my company, and who needs to be involved?’, which walks executives through the key steps in securing their organisation’s data in the quantum age, as well as which stakeholders to involve.
- ‘What questions should I ask?’, which details the questions executives must pose internally and offer up to potential vendors.
- ‘How will QSC protect my company’s most critical assets?’, which describes the journey executives must take towards implementing QSC and highlights three focus areas of vulnerability: Harvest and decrypt, roots of trust and Public Key Infrastructure (PKI).
QKD, QRNG and post-quantum cryptography feature
To provide executives details of technologies that are resistant to quantum attack, the report discusses the role of Quantum Key Distribution and Quantum Random Number Generation in securing organisations against both conventional and quantum attack, acknowledging that “systems such as quantum-key distribution (QKD) and quantum-safe cryptography (QSC) which use quantum random-number generators (QRNGs), will provide virtually hack-proof data and networks.”
The report also acknowledges the work around post-quantum cryptography (PQC), whereby new quantum-resistant algorithms will be introduced into existing cryptography systems to replace RSA and ECC, which are susceptible to quantum attack. This is an important suggestion as QKD and PQC complement each other – whereby a QKD system can be implemented today and work in conjunction with these quantum-resistant algorithms when they become available.
The report concludes by discussing the importance to executives of readying their organisation for the quantum era, emphasising the need to act now or risk leaving it too late:
“…while the timeline for quantum computers may be lengthy, the timeline for preparing for their arrival is much shorter. Getting prepared must be one of the growing priorities of responsible executives, and while resources for securing data and networks from quantum intrusion are still evolving, much already exists to justify taking action today.”
For further reading, download a copy of ‘Applied Quantum-Safe Security: Quantum-Resistant Algorithms and Quantum Key Distribution’, by the Cloud Security Alliance’s Quantum-Safe Security Working Group.
Find out more about Quantum Key Distribution.