Step one: Inventory your algorithms and data with a view towards which sensitive data ought to be protected with PQC. This is a data classification exercise where you need to add a column to track whether the datastore or application qualifies for PQC.Step two: Check your internet-facing assets to see which, if any, are already capable of supporting TLSv1.3 with PQC algorithms.Step three: Create internal capability to test new ciphers so that once NIST is able to “bless” another set of candidates (two of the first set of four algorithms have already been broken), you’ll be positioned to implement them without a five- to 10-year lag time.
The fearmongering critics are missing the point: Critics say this is fearmongering and that we’ll have warning signs before quantum becomes a real threat. They’re wrong on the timeline. In my discussions with colleagues on the quantum security working group for the World Economic Forum, we see that financial services, healthcare and manufacturing are making plans now because they understand something crucial: It took us at least 10 years to get financial services to move to SHA-256 for encryption and for PCI compliance requirements to deprecate SSLv3 after TLS came into play in 1999. The insecure protocols weren’t formally deprecated until PCI DSS version 3.1 in 2015. That’s the current speed of “crypto agility” in financial services.The cryptographically relevant quantum computer risk, being about five to 10 years away, is essentially a now risk, given the rate of adoption of new cryptography standards. The most dangerous myth seems to be that it can be put off to tomorrow and that nothing needs to be done today.We’ve seen recent kerfuffles over factoring 22-bit RSA keys in research papers published in China, which is just a trivial academic milestone that doesn’t purport the demise of RSA-2048 encryption. But we will continue to see advancements in hybrid classical-quantum approaches to factoring integers. The writing is on the wall.Meanwhile, I’ve seen some pretty insane LinkedIn assertions from organizations making statements about computers with 4,000 qubits. For RSA-2048 to be broken, according to Shor’s algorithm, we would need around 20 million qubit quantum computers. So we are still orders of magnitude away. (The marketing teams will make sweeping generalizations about achievements and write them off as “good enough,” often comparing physical qubits and logical qubits as if they’re the same thing, but that is a classic apples-and-oranges fallacy.)
Monday morning action items: The moment when a cryptographically relevant quantum computer comes into existence won’t arrive with fanfare or bombast. Hence, the idea of the silent boom. But by then, it will be too late for incident response.What you should do Monday morning: Start that data classification exercise. Figure out what needs protecting for the long term versus what has a shorter shelf life. In the world of DNS, we have Time To Live (TTL) that declares how long a resolver can cache a response. Think of a “PQC TTL” for your sensitive data, because not everything needs 30-year protection.Just as the HTTPS-everywhere movement took time to gain traction, so too will the PQC-everywhere efforts. The difference is we can’t wait for the attack to happen before we start preparing. There’s no such thing as quantum incident response, only quantum readiness.This article is published as part of the Foundry Expert Contributor Network.Want to join?
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4073058/theres-no-such-thing-as-quantum-incident-response-and-that-changes-everything.html
