In July, NIST researchers designated four algorithms that they said could potentially thwart cyberattacks from quantum computers, which use the spooky characteristics of quantum physics to crack conventional cryptography. Commerce Secretary Gina Raimondo heralded the move as “an important milestone in securing our sensitive data against the possibility of future cyberattacks from quantum computers.”
Indeed, the NIST’s choices will probably have a major impact going forward, as Ars Technica reports. Graham Steel, CEO of cryptography management software maker Cryptosense, told the tech-news website that while the NIST standards matter in part because large companies often have to comply with them, the selections are also “based on sound reasoning.” Nadia Heninger, an associate professor of computer science at the University of California, San Diego, told Ars Technica that the algorithms will likely become “the de facto international standard” and they’ve been anxiously awaited by many companies.
To get ready for the risks of quantum computers, chief information security officers should begin by wrapping their heads around the NIST’s designated algorithms, according to Quantinuum cybersecurity chief Duncan Jones, writing at Nextgov. Jones says CISOs should start by identifying the assets and use of cryptography that are vulnerable to quantum technology within their systems. CISOs should also talk to vendors about post-quantum algorithms and begin testing post-quantum algorithms for compatibility.
Quantum computers’ looming ability to crack existing cryptographic codes means that, as with the Y2K bug, companies need to prepare now or risk paying the consequences later, as The Economist reports. Colin Soutar, managing director at Deloitte Risk and Financial Advisory, tells the newsmagazine that the consulting firm has already been hearing from big companies about how to maintain security.
Rival consultancy CY also reportedly emphasizes that companies should start moving to post-quantum computing security standards now. Both firms have teamed up with Alphabet spinoff Sandboxaq, which works on post-quantum cryptography. Peter Schwabe, a cryptographer at the Max Planck Institute for Security and Privacy in Germany, tells The Economist that the future may lie in a combination of conventional and post-quantum cryptographic tools, like wearing a belt as well as suspenders.