Officials say there’s a lot agencies and other entities should be doing, even though it may be more than a decade before a quantum computer can decode current levels of encryption.
The Department of Homeland Security partnered with the National Institute of Standards and Technology in releasing guidance entities should implement now to protect themselves from the looming potential threat of quantum computing.
“Quantum computing will be a scientific breakthrough. It is also expected to pose new data privacy and cybersecurity risks,” DHS Secretary Alejandro Mayorkas said in a press release Monday. “Now is the time for organizations to assess and mitigate their related risk exposure.”
It may be difficult for organizations dealing with the fallout from attacks like those against IT management firm SolarWinds and Microsoft Exchange servers to turn their attention to a threat that seems so remote—the science behind quantum computing is very much in its nascent stages. But experts warn adversaries could be vacuuming up data now to decipher later when the technology becomes mature enough to unravel the encryption standards currently protecting digital communications.
“As we continue responding to urgent cyber challenges, we must also stay ahead of the curve by focusing on strategic, long-term goals,” Mayorkas said. “This new roadmap will help protect our critical infrastructure and increase cybersecurity resilience across the country.”
The roadmap recommends organizations conduct an inventory of their systems to determine which ones will be vulnerable in a post-quantum computing world and includes pointers for prioritizing their protection with updated acquisition and data security standards.
NIST is running a public competition to decide on new encryption algorithms that should be resistant to the kinds of calculations quantum computers can quickly execute. But there’s a lot agencies can be doing now to prepare for their arrival.
“As this technology advances over the next decade, it is expected to break some encryption methods that are widely used to protect customer data, complete business transactions, and secure communications,” according to the press release. “DHS’s new guidance will help organizations prepare for the transition to post-quantum cryptography by identifying, prioritizing, and protecting potentially vulnerable data, algorithms, protocols, and systems.”