How to prepare for post-quantum computing security
One of the biggest fears about quantum computing is its ability to easily break current encryption algorithms. Learn why and how to start making quantum security preparations.
Quantum computers are projected to break many of the cryptographic standards that have adequately protected data for decades -- a scary thought for security professionals and organizations alike.
While companies don't need to hit the panic button over quantum quite yet -- it will likely be five to 10 years before the technology is ready -- that doesn't mean they can ignore it.
President Joe Biden signed two quantum computing presidential directives in 2022, signaling it was time to figure out how to handle the emerging technology. The directives called for the creation of quantum-resistant cryptographic standards -- a task NIST revealed results for in 2024 after more than half a decade of effort -- and the preparation for federal agencies to adopt these future standards.
"The culmination of the work NIST has been doing is a starting gun for upgrading to post-quantum cryptography," said Colin Soutar, managing director at Deloitte.
With the gun sounded, companies need to figure out how quantum computing will affect them once it arrives, which could call for better data protection now and preparation for post-quantum cryptography (PQC).
The quantum security worry
The major concern with quantum computing is how easily it could crack data transmission cryptography algorithms. The asymmetric RSA algorithm, for example, which is based on integer factoring and provides sufficient security on classical computers, will be breakable by quantum computers.
Attackers are aware of this issue and have begun to do what is known as data scraping -- collecting encrypted data in hopes it will be useful later. Because storage is cheap, attackers are harvesting encrypted data now to crack once quantum computing matures.
Post-quantum computing also shines a spotlight on the ongoing issue of legacy systems and devices, said Jon France, CISO at ISC2. "History shows us that we're really bad at dealing with legacy."
The classic solution to protecting legacy systems generally involves wrapping security around these systems -- a Band-Aid approach that won't work in a post-quantum world. "Quantum is going to be that point of inflection that will rapidly undo the notion we can protect classic systems and devices," France said.
How to prepare for PQC security
Organizations should expect a complete PQC migration to be a multiyear effort, Soutar said, due to the number of services that need updating for PQC and the difficulty for each, as well as dependence on third parties implementing PQC on their systems to secure the entire supply chain.
To prepare for migration now that PQC is standardized, companies should consider the following steps.
1. Inventory and classify data
Review data, and decide what is deemed sensitive. Conduct a data inventory to understand what data the company has and its data classification to understand what data needs which cryptography protections.
Consider what data needs stronger protection now in terms of the data scraping threat. Not all data a company currently stores will matter beyond the next five to 10 years.
"What data is OK four years from now that I am not worried about someone scraping?" said Christopher Savoie, CEO of AI vendor Zapata. "On the other hand, what would I be worried about for years?" Data to pay attention to includes corporate or trade secrets and other business-critical information. Take the appropriate actions to ensure data is safe now and into the future.
2. Understand future exposure
With data inventoried and classified, it's time to conduct risk assessments to understand how data is protected against future risks.
"Organizations should start looking at their potential exposure to understand what their reliance on cryptography is," Soutar said. "It might be deeply embedded in third-party tools; it might be proprietary, transactional capabilities. You need a sense of where cryptography is embedded into your systems and how data is being protected."
Understanding current and future exposure enables organizations to determine urgency around PQC adoption and start building their roadmap.
Consider PQC from a business impact perspective -- not just the technical aspects of implementing new cryptographic algorithms. Select someone to lead the PQC migration effort who can explain to executives the importance of PQC and how it can mitigate security incidents and breaches.
Also, consider the encryption needs of IoT and other embedded devices -- many of which are incapable of handling the increased memory and compute required for PQC algorithms, said Chris Hickman, CSO of identity and access management vendor Keyfactor. Organizations should vet PQC algorithms, such as Falcon and Kyber, that could meet PQC requirements on smaller devices with limited RAM.
3. Create a mitigation strategy
With data inventoried and potential exposure understood, the next step is to create mitigation strategies and a team of employees to lead those efforts.
"Using a mitigation group, start looking at what policies and procedures need to be in place for when the inevitable happens," Savoie said.
This should include a data security policy, incident response plan and business recovery plan, at minimum. Also, assess what company data might already be exposed and stored by attackers, and determine how to handle those situations. Next, look at the critical data stored now, and decide whether it needs additional layers of encryption to protect it.
Symmetric encryption, commonly used by organizations to keep stored data secure, won't be largely affected by quantum computing. Grover's algorithm, which demonstrates how quantum computing quadratically speeds up database searches, has shown it halves the time needed to break symmetric encryption. NIST, therefore, recommended organizations use at least AES-192 or AES-256 to encrypt stored data.
Data in transit, however, is at risk of being broken by quantum computing. To counter this, replace asymmetric algorithms with PQC encryption standards. This task plays into the last aspect of mitigation, Savoie added -- that organizations need to start thinking about how to become and remain crypto-agile.
"As standards change going forward, we need to ensure infrastructure is in a place where we can adapt to new threats and new technologies to mitigate those threats," Savoie said. "Getting your systems crypto-agile and forward-compatible to new standards takes time and is something you need to start working on now."
PQC implementation options
In August 2024, NIST announced it had selected the following three PQC algorithms designed to withstand classical and quantum computing cracking efforts:
- Kyber, public key encapsulation.
- Dilithium, a lattice-based digital signature scheme.
- SPHINCS+, a stateless hash-based signature scheme.
NIST continues to evaluate additional algorithms, including Falcon, which is expected to be standardized later in 2024. Further evaluation of other algorithms helps NIST ensure that, if a current algorithm doesn't work as expected, then organizations have other options to use.
France recommended organizations select more than one algorithm -- and ones that don't rely on the same math. "This provides some protection against future failure," he said.
Beyond PQC algorithms, organizations can also consider quantum key distribution (QKD), which uses quantum mechanics to securely exchange encryption keys. Data encrypted via QKD creates a random quantum state that is difficult to copy. Many QKD protocols can also detect eavesdroppers. The National Security Agency, however, has stated this option is not viable on its own as it now stands.
Organizations could, therefore, combine PQC encryption standards and QKD, suggested Rik Turner, analyst at Omdia. This would make it more difficult for attackers, he noted, because they would need to break through both encryption and QKD to access data in transit.
Organizations aren't on their own in preparing for a post-quantum security world. Turner advised reaching out to vendors to learn if and how they're adding PQC into their tools and services. This could reduce the costs of a migration, especially as QKD can be expensive to implement.
Kyle Johnson is technology editor for TechTarget Security.
