El \u00faltimo paper de Cloud Security Alliance (CSA) lleva la computaci\u00f3n cu\u00e1ntica y la ciberseguridad a la vanguardia de las mentes de los l\u00edderes empresariales.<\/p>\n
As the quantum age draws nearer, discussions on how to utilise the technology and, most importantly, protect organisations against the risks it poses are moving out of the hypothetical and into the practical. Part of this process is to educate key stakeholders about these opportunities and threats; something we discussed after the Hudson Institute released a guide\u00a0offering business leaders guidance on quantum-secure cybersecurity<\/a>.<\/p>\n To continue this awareness drive, the Quantum-Safe Security working group of the Cloud Security Alliance (CSA), co-chaired by IDQ\u2019s Bruno Huttner, has released \u2018Preparing Enterprises for the Quantum Computing Cybersecurity Threats<\/a>\u2019. The paper looks to inform enterprise leadership and cybersecurity experts of the actions they must take in order to protect their organisations from impending quantum threats. It does this by answering some of the biggest questions around the subject, before outlining six key steps \u2013 spanning both technology and people \u2013 that leadership must take to ensure their security is prepared for the quantum age.<\/p>\n The impact of quantum computing on cryptography<\/span><\/strong><\/p>\n The paper begins by conveying both the benefits and risks of quantum computing; highlighting the challenges that must be overcome. One such challenge is that faced by current cryptographic methods; while the paper reports that quantum computing\u2019s impact on symmetric encryption and hash functions can be mitigated by larger key sizes and outputs, the same is not true of asymmetric encryption.<\/p>\n The CSA states that this technique, used in public key infrastructure (PKI), will face catastrophic consequences as a quantum computer with enough qubits will be able to crack the algorithms currently in use. This means that the likes of RSA, DSA and elliptic curve are all vulnerable to attack.<\/p>\n The paper goes on to discuss why the time to prepare for the quantum age is now, citing key research that shows the history behind quantum resistant cybersecurity and explaining why leadership teams need to plan for a cybersecurity landscape that features quantum computers. While the timeframe for a mainstream device is not exactly known yet, the report demonstrates why organisations must begin the lengthy upgrade process now, in order to avoid both \u2018live\u2019 and \u2018harvest and decrypt\u2019 quantum attacks.<\/p>\n Lastly, the paper discusses the cybersecurity industry\u2019s response to this emerging threat, giving NIST\u2019s drive to standardise quantum-resistant public key algorithms. This process is continuing, and NIST expects draft standards to be available between 2022-24.<\/p>\n Preparing for the post-quantum era<\/span><\/strong><\/p>\n The CSA then provides practical advice on the actions that enterprises should take in order to ready their quantum cybersecurity strategy. It describes six key steps:<\/p>\n Starting the quantum journey today<\/span><\/strong><\/p>\n The paper concludes by reaffirming the need for enterprise leadership to begin taking these steps and addressing these challenges today, as delaying them until tomorrow could mean that it is too late.<\/p>\n \u201cMonitoring the development of quantum computing stack, the standardization of post-quantum cryptography by NIST and the implementation of alternative cryptographic methods is imperative for all stakeholders. Although a quantum computer capable of cracking RSA will likely not arrive for another decade or more, the consequences of inaction are so dire that cybersecurity professionals and decisionmakers should plan and act now.\u201d<\/p>\n\n