Quantum computing has created a significant vulnerability in your security measures today before it even arrives at minimal capacity in the next 5 - 9 years or even sooner!
Either way, it is coming.
“If it’s that far out before it can be utilized to any significant level, then how is it affecting me today?”
Bad actors have been, and will continue to, infiltrate systems and archive data from unsuspecting organizations for future use, even if they are currently unable to decrypt it.
Quantum computing has the potential to render the vast majority, if not all, current encryption methods ineffective.
Here are some terms to describe this emerging cybersecurity threat: Store Now, Decrypt Later, and Harvest Now, Decrypt Later.
We were warned of this threat nine years ago. In 2016, the National Security Agency (NSA) published a paper, "Quantum Computing and Cryptography". This paper included the warning, “If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use.”
I found this statement interesting, “If large-scale quantum computers are ever built…” in this 2016 paper.
In just nine years, this is not even a question. It is a fact that large-scale quantum computing is coming, and due to the record-setting investments being made in this technology into different vendors, it will be a reality much sooner than currently projected.
The potential of quantum computing is significant
Improved Drug Discovery and Healthcare
Quantum computing can model complex molecular interactions, speeding up the discovery of new drugs and personalized medicine.
Optimization Solutions
Quantum computers can solve large-scale optimization problems (e.g., supply chains, logistics, and traffic flow) more efficiently than classical systems.
Material Science Advancements
Enables the simulation of atomic structures, leading to the development of new materials with enhanced properties (e.g., superconductors, lightweight alloys).
Climate Modeling and Sustainability
Quantum systems can improve climate models, enhancing predictions of weather patterns and environmental changes, aiding in climate change mitigation efforts.
Enhanced Machine Learning and AI
Quantum computing can process vast amounts of data faster, potentially leading to breakthroughs in artificial intelligence and deep learning applications.
Cryptography and Secure Communications
While quantum computers can pose risks to classical encryption, they also enable Quantum Key Distribution (QKD) for virtually unbreakable communications.
Financial Modeling
Quantum algorithms can enhance financial risk analysis and portfolio optimization by simulating multiple complex scenarios more efficiently.
Accelerated Scientific Research
Quantum simulations could accelerate research in physics, chemistry, and engineering by handling problems that are computationally infeasible for classical computers.
However, it comes with inherent risks, which typically coincide with most technologies.
Sort of Good News
What bad actors have been able to acquire from your organization in the past can not be helped or undone. Typical accountant phrase, “It is what it is.”
But there should be no hesitation to start implementing, what are called, quantum-resistant measures to prevent any further future threats.
Good news, on August 2024, NIST released a paper on a final set of encryption tools designed to withstand the attack of a quantum computer.
These post-quantum encryption standards protect various types of electronic information, including confidential email communications and e-commerce transactions that drive the modern economy.
Referenced in the above NIST announcement was this paper published in July 2022, “NIST Announces First Four Quantum-Resistant Cryptographic Algorithms”, Federal agency reveals the first group of winners from its six-year competition.
I found these two papers very meaningful with information and how the different quantum-resistant measures were intended to be used in different use cases.
What does this mean to your organization? It is going to take planning, execution of the plan and require a significant amount of effort to complete.
Like all measures, this will come with a certain amount of new vulnerability testing and maintenance.
It does remind me of the effort required for Y2K. It's a conversion of a significant amount of resources to these new measures.
As a CPTO in EdTech for 25+ years, I see this as an opportunity to critically review all aspects of your security and business continuity measures.
I have always been very diligent in standard and creative non-standard security measures in the platform and infrastructure.
These creative, non-standard measures will be effective in the past and will continue to be in the future.
Please contact me if you have any questions about these new measures with a focus on EdTech requirements.
Comments