23143_Blog_080223_vFinal.1

Cybersecurity in a Post-Quantum World

It’s no secret in the cybersecurity world that traditional cryptography systems, used throughout the entire Internet, are vulnerable to quantum computer attacks. By leveraging quantum mechanical phenomena, quantum computers are powerful enough to decipher the algorithms used as the basis for the most widely used cryptography systems on the Internet, such as RSA.

But quantum computers are not yet widely available, and those that have been developed are not believed to be powerful enough to totally break existing systems. According to Matthew Scholl, Chief of the National Institute of Standards and Technology’s Computer Security Division, feasible quantum computer attacks are still years or potentially decades away. Even so, it took nearly two decades to implement modern public key infrastructure.

Given the magnitude of the impact of quantum computing across every facet of the Internet, there is a need to rethink the approach to Internet security in a post-quantum world – and experts have known this. But what does that post-quantum world look like? The landscape of cybersecurity is and has been changing, but where are we headed?

Fighting fire with fire

The good news about supercomputers is that the same strengths that make them effective weapons can also be leveraged for defensive capabilities. Quantum mechanics can also be leveraged to generate and distribute secure keys. Traditional cryptography systems can be vulnerable to brute force attacks from quantum computers, since they are powerful enough to guess potential key combinations at unprecedented speeds. Additionally, current cryptography systems cannot provide a way to detect if encrypted data has been tampered with, meaning an attacker could compromise encrypted data without being detected.

However, by leveraging quantum mechanics, it’s possible to establish shared secret keys between two users that are only know to them. Additionally, observing the quantum bits used in this system alters them, meaning attempts to intercept data would alert users.

But what about those who don’t have access to quantum computers? Until major technological breakthroughs are made, quantum computers won’t be widely available to most organizations. And your most sensitive data needs protection now.

Post-quantum cryptography

Fortunately, cybersecurity experts around the world have been developing new standards to protect existing systems without relying on quantum computers for defensive capabilities. Collaborative efforts seek to devise different approaches and assess risks and strengths. The Department of Homeland Security (DHS) and the National Institute of Standards and Technology (NIST) are collaborating with various partners to generate new approaches and provide implementation plans for organizations to make the transition to post-quantum cryptography.

The problem of integration

For implementation plans to be feasible for most organizations, new defensive systems would ideally be able to integrate with existing computer systems – and take far less than 20 years to implement. NIST’s Post-Quantum Project was created with the intent to gather potential new technologies to assess their security and feasibility of use. But this is a relatively new field in cybersecurity, so it will take years to develop and standardize processes to protect against quantum computer attacks.

Is your organization prepared for the shift required to survive this changing landscape? For information on how Fognigma can protect your organization against quantum computer attacks without requiring a complete overhaul of existing organizational infrastructure, systems, and technology, see the Fognigma main page, and feel free to contact us.