The second Innovation Round Table (IRT) at Billington Cybersecurity’s 13th Summit
A group of wide-ranging experts discussed the issue of Quantum Computing and its impacts on today’s cybersecurity environment at Billington’s 2nd IRT during its 13th Summit on September 7, 2022. Unlike most issues on the minds of cybersecurity professionals today, addressing the coming of Quantum Computers that will be able to break the current cryptologic algorithms used by almost everyone today to protect their systems comes with some unique and daunting challenges. The group focused their discussions on identifying these challenges and highlighting areas where more collective work is needed to ensure everyone is protected when quantum computing becomes a reality.
The good news is that in early 2021 the Biden Administration became the first government to issue mandates and timelines for Federal entities to begin moving to quantum resistant systems. While this is a major step in the right direction, there’s lack of awareness to get people to understand that processes and data protected by today’s cryptologic algorithms will be easily compromised when production level quantum computers are developed. This creates two key challenges for cybersecurity professionals today. First, how do we work to create new quantum resistant algorithms today and leverage them so that this data will be protected in the future? Second, how do we get both the public and private sectors to embrace these quantum resistant algorithms and make necessary adjustments to their systems to enable them universally; especially given that most cybersecurity systems have baked in current public key encryption standards?
The group identified some of the key areas that need to be addressed to significantly move the ball towards addressing both questions prior to the time that production quantum computers are launched. These included:
- Educating everyone about the implications of quantum computing and why they need to think about these implications. This education includes ensuring that folks understand the implications now to make systematic changes to address it when it becomes a threat.
- Finding the funding to begin the conversion process now to be able to convert fast enough to address the threat. The group highlighted the challenges of doing this in the Federal Government given the recent large investments already made by Congress to finance Zero Trust efforts. The group also acknowledged serious work within the private sector to ensure the use of quantum resistant algorithms to protect cloud environments and security enclaves.
- Creating Quantum Resistant Cryptologic Standards and recommended quantum resistant algorithms that have the best chance of protecting against quantum computing and ones that can then be leveraged within Federal, State, Local, and private sector systems with known ways to make changes to these systems to facilitate this use. NIST, as of July 2022, had narrowed down its recommendation process to four standard algorithms that meet the above criteria.
- Beginning the planning process for conversion to the implementation of these standards. NIST recently released a Quantum roadmap (August 2022) that underscores actions organizations can take now to prepare for this transition.
The big take away from this IRT discussion was recognition that many were trying to solve these problems in stove pipes and the need for more of this kind of dialogue among this diverse expert set. This would provide for tighter integration in terms of addressing each problem collectively and increasing collaboration, helping each problem owner addressing them together. The group indicated a willingness to continue to meet, share ideas, and more tightly align these ideas into a single battle plan.