//
you're reading...
Information Security, IT & TECHNOLOGY

Mitigating the Quantum Risk to Cybersecurity


ISACA-Logo

One of the most fundamental pillars of cybersecurity is cryptography, and most of the cryptography tools used today rely on computational assumptions, such as the difficulty of factoring 2048 bit numbers.

Two decades ago, we learned that the quantum paradigm implies that essentially all of the deployed public key cryptography will be completely broken by a quantum computer, and brute force attacks of symmetric ciphers can also be sped up significantly. Fortunately, quantum computers did not exist at the time.

Today, the wait-and-see approach is no longer a responsible option. Protecting against quantum risk takes many years of planning and deployment. The realistic timelines for evolving to a quantum-safe infrastructure are comparable to the timelines for the quantum risk to become a reality. If one is responsible for providing medium- or long-term confidentiality, the risk of waiting is even more acute.

Research advances in the past decade have brought security experts close to having a blueprint of a robust scalable quantum computing system, which will be followed by a focused engineering effort to build large-scale quantum computers. While it is hard to predict how long these final stages will take, there is no reason for people to be confident that it will take much more than a decade or so.

At present, I estimate a 1 in 7 chance of breaking RSA 2048 by 2026 and a 1 in 2 chance of breaking it by 2031. Recently, the US National Security Agency (NSA) announced preliminary plans for transitioning to quantum-resistant algorithms.

In my recent Journal article, “Cybersecurity in the Quantum World,” I explain quantum technologies and how they threaten cybersecurity. The article also discusses timelines for managing this quantum risk and the kinds of approaches an organization can take.

Read Michele Mosca’s recent Journal article:
Cybersecurity in the Quantum World,” ISACA Journal, volume 5, 2015.

[ISACA Journal Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 124,727 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,534 other followers

Twitter Updates

Archives

September 2015
M T W T F S S
« Aug   Oct »
 123456
78910111213
14151617181920
21222324252627
282930  
%d bloggers like this: