Here’s Why Achieving Quantum-Ready Security is an Art and a Science

Whether quantum computers become a threat to current cybersecurity practices tomorrow or in ten years, they will fundamentally change cryptography. With that in mind, we’re rapidly approaching a new era of security, and that means it’s time to get real about the impact of quantum computing and what it takes to be quantum-ready.

That was the topic of discussion during Keyfactor’s webinar featuring David Hook, VP of Software Engineering at Bouncy Castle, Keyfactor; Chris Hickman, Chief Security Officer at Keyfactor; and Jeff Stapleton, Chair of X9F4 Cybersecurity Workgroup. 

Specifically, they discussed the current state of quantum computing and quantum-resistant algorithms, the art of building a comprehensive strategy for quantum readiness, and the science of testing and implementing a new set of algorithms. Read on for a recap of their conversation, or click here to watch the full webinar.

The more we hear about quantum computing, the more we hear about quantum readiness. But what does that really mean? The idea of being quantum-ready doesn’t come down to having a specific technology, a policy, or a training event; rather, it’s everything that companies need to do, including those things and much more. 

Specifically, getting ahead of the threat requires organizations to take a deep look at their cryptography to understand what’s actually happening today. For example, what is using cryptography, and how is it being used? Most organizations have work to do when it comes to being able to quickly identify what types of algorithms are being used, which lines of business are being protected, what’s the technology behind it, and so on. But this work is important because quantum-readiness ultimately comes down to an organization’s knowledge of their cryptography and ability to take action as appropriate to defend themselves against the potential future risk of quantum computers. 

Notably, this is not the first cryptographic transition (think SHA-1 to SHA-2, DES to Triple DES to AES in financial services, and so on), and it won’t be the last. Cryptography is always evolving, and that makes having the agility to transition algorithms and the visibility to understand the engineering and implications behind that transition essential.

The first component of quantum readiness is the art of building a strategy and a plan to prepare for the changes ahead. That includes identifying the risks, scoping out the impact on your organization, and training and equipping your teams for success.

The ocean of healthcare data out there positions the medical, pharmaceutical, and healthcare industries for truly revolutionary innovation.

With quantum capabilities, researchers can simulate and model complex molecular interactions in order to design safer, more effective medications and bring them to market faster. They’ll be able to model diseases to identify markers and genetic variation, gaining an advantage over the diseases of tomorrow.

The world’s communication infrastructure is perhaps the most highly-targeted asset that organizations and governments are hustling to quantum-proof. But quantum computing can solve many longstanding challenges in the telecom space as well.

Quantum can optimize complex network routing and scheduling to lower latency and improve overall performance. It can further improve network planning by analyzing large data sets regarding human behavior, traffic patterns, and coverage areas to identify the most sensible location for base stations and other aspects of network layout. 

By drawing data from network performance, quantum algorithms can inform energy-efficient strategies for network infrastructure to achieve lower energy consumption and cost. 

The COVID-19 pandemic poured rocket fuel on the digital transformation taking place in the banking and financial sectors. Today, banks face the hurdle of creating customer experiences that rival those provided by their fintech challengers. As they work to evolve both internal and customer-facing processes, financial institutions must also contend with an ever-shifting regulatory landscape.

Like healthcare, quantum computing will allow the banking industry to better wield huge swaths of data to improve customer outcomes.

Quantum will likely give banks the agility to comply with emerging regulations swiftly. For instance, by detecting behavioral patterns on a more granular basis, banks will be able to detect fraud and money laundering more effectively. The same can be said for detecting cyber attacks and other criminal activity.

In other areas of finance, quantum will allow for a deeper analysis of market trends and forecasting. This will allow financial professionals to model various potential investment scenarios and become proactive in meeting those situations. For customers, this means more informed trading strategies and investment decisions.

The explosion of IoT devices and use cases has only just begun, and new regulations paint a picture of the future where devices enjoy greater interoperability and security by design. 

The benefits of quantum-leveraged IoT will align with the sector in which connected devices are deployed, but generally, quantum will allow organizations to take advantage of the full informational capabilities of these devices — unlocking hidden patterns, abnormalities, and correlations in sensor data.

Consider smart cities, which some claim to be the best business case for quantum computing. Quantum algorithms can help assess traffic patterns and resource expenditures to inform more efficient and sustainable urban planning. This goes beyond minimizing drive time and improving public transit: opportunities lie in places most people would never think of. For instance, trash bins equipped with connected sensors that detect composition and fill levels can drive greater efficiencies in the collection and recycling process. 

Of course, IoT deployments can provide valuable data on energy consumption, device usage, network traffic, and power management. Quantum computing will help action this data and create better strategies for energy efficiency.

Not to mention, quantum could help prevent attacks on city infrastructure, the types of which have made headlines in recent years.

In the quantum age, risk and opportunity will be more closely tied than ever before. Organizations must work to become both quantum-capable and quantum-resilient. Their ability to take advantage of quantum’s potential and defend against quantum-capable bad actors will be one and the same. 

Shifting to new quantum-era cryptographic algorithms will take more than flipping a switch. Establishing crypto-agility before it becomes imperative will determine the success or failure of adapting to quantum. 

The average organization is behind the cryptography curve. To get up to speed, organizations should:

• Work to understand where digital certificates are being used, which departments are using them, and who is generating them. 
• Establish a centralized hub for managing certificate lifecycles.
• Use this hub to automate the discovery and re-issuance of certificates, and enable their bulk issuance and revocation.

These steps lay the groundwork for transitioning to quantum-resistant algorithms.

That’s fantastic. You may be ready to start experimenting with quantum-resistant PKI assets and systems. Keyfactor’s PQC Playground gives you access to post-quantum certificates and certificate authorities. 

• Keyfactor Command lets you assess your organization’s PKI and certificate management security.
• Keyfactor EJBCA lets you create a quantum-ready CA and issue post-quantum certificates in your lab environment (until algorithms are production-ready).
• Keyfactor SignServer lets you start signing artifacts with post-quantum algorithms in your lab environment to test for compatibility.
• Bouncy Castle lets you build and test apps with quantum-capable cryptographic APIs.