Most cybersecurity professionals are at least vaguely aware by now that quantum computers will make it possible for cybercriminals to crack the algorithms used to encrypt data. Most cybersecurity professionals should be forgiven if they conclude such a capability is still far off.
However, a survey of 125 security professionals who attended the recent 2020 RSA Conference finds 54% said they believe nation-states will leverage quantum computing for attacks in the next two years. Published this week by Quantum Xchange, a provider of encryption tools and software, the survey also finds 20% of respondents said quantum computers are already a threat today.
That report comes on the heels of a separate earlier survey that found 95% of respondents are already discussing at least one tactic to prepare for post-quantum cryptography. One-third said they have already established a post-quantum cryptography budget, while 56% said they are working toward establishing one.95% of respondents are discussing how to prepare for post-quantum cryptography, one-third already established a post-quantum cryptography budget, and 56% are working toward establishing one.Click To Tweet
The assumption is that it is nation-states have the economic resources required to build quantum computers. However, it’s worth noting that the entities that drive organized cybersecurity activity are now generating revenues in excess of $1 trillion a year. They too might have the resources required to invest in quantum computing.
Of course, quantum computers will be made available as a cloud service. It’s not precisely clear to what degree cloud service providers will distinguish who among their customers is precisely engaging in legitimate research versus potentially repurposing what may appear to be just another workload among many.
There are encryption algorithms that are resistant to quantum computers. The problem is that most of the encryption schemes that have been employed in legacy applications today, such as AES, RSA or ECDSA, are not likely to be able to stand up to the massive amount of compute power that is going to be soon available. Organizations will either need to replace the encryption technologies employed in those legacy applications or replace those applications altogether. Cybersecurity teams should also advise their application developers to implement encryption in the future in a way that is more easily upgradable because it’s clear encryption algorithms and platforms will be rapidly evolving soon.
Cybersecurity teams will, of course, obviously play a significant role in helping business leaders make these decisions. In a lot of cases, it’s going to be simpler to rip and replace a legacy application.
It may not be precisely clear when quantum computers will be faster than existing conventional systems, but it is apparent it’s now just a matter of time before quantum computers attain a level of performance that renders many existing encryption platforms obsolete. The challenge cybersecurity teams will encounter is that most business leaders are completely unprepared to have this conversation. In many of their minds, the enterprise applications they have in place should not have to be replaced or significantly upgraded for five years or more. The time to clue business leaders into the new cybersecurity realities of quantum computing is clearly now.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.