The Quantum Threat to Cryptography | Deloitte Netherlands

Article

The Quantum threat to Cryptography

What is your unique driver to act now?

In today's digital world, data security is of utmost importance for organizations. Confidentiality, authenticity, and integrity of data are maintained through the use of public key cryptography, which forms the backbone of digital security. However, with the advent of quantum computers, organizations are realizing the quantum threat might impact their organization and that mitigating this threat might not be accomplished overnight. How can organizations start taking action on this new, uncertain threat?

Go directly to

Introduction

Quantum computers have the potential to break many of the currently used cryptographic algorithms that rely on the difficulty of certain mathematical problems. Unlike classical computers, that use bits to store information as either 0s or 1s, quantum computers use qubits that can exist in multiple states simultaneously, allowing them to process information exponentially faster than classical computers. This new computing paradigm is likely to enable quantum computers to crack encryption keys that are used to protect sensitive data, making current public key cryptography methods obsolete.

The pathway to mitigate the quantum threat is uncertain for many organizations, making it difficult for them to take action. While standardization bodies, like the American National Institute of Standards and Technology (NIST), are working towards standardizing new quantum-resistant cryptographic algorithms (also called Post-Quantum Cryptography), actual migration to these new algorithms is expected to be challenging and time-consuming. This complexity leads to uncertainty for organizations, which can often result in paralysis and inaction.

The four drivers

To address this challenge, we have developed four drivers in collaboration with the World Economic Forum to create a basic model for organizations to understand why and when to kickstart their transition towards a quantum secure organization. These drivers are:

  1. Risk-driven approach: Organizations take the quantum threat as a starting point and evaluate data sensitivity, criticality and lifespan of the data in relation to the likelihood of quantum computers becoming powerful enough within a (limited) timespan.
  2. Regulation-driven approach: With this driver, organizations look towards regulatory developments and stay informed about the evolving regulatory landscape in relation to quantum computing and cryptography. Governments and regulatory bodies around the world are increasingly recognizing the quantum threat and may impose requirements for organizations to adopt quantum-resistant cryptographic methods in certain industries or for handling sensitive data. Organizations taking this approach proactively monitor such regulations to ensure they are adequately prepared for the regulatory aspect of the quantum era.
  3. Innovation-driven approach: Some organizations see the potential of the quantum threat and use it as a diving board for being on the forefront of new innovations. They use the adoption of quantum resistant cryptography as a starting point for next-generation cyber risk management and be prepared when sufficiently powerful quantum computers emerge.
  4. Operation-driven approach: Many organizations have undergone migrations to new cryptographic algorithms before. Adjusting to the quantum threat can be seen in the same light by using the quantum threat as a new trigger to assess the current cryptographic landscape including vulnerabilities, operational challenges and the quantum threat impact. Taking a proactive approach to cryptographic governance today can help organizations protect their data and communications in the future. This will lead to improved operational efficiency with the added benefit of post-quantum readiness.

Conclusion

In conclusion, the threat posed by quantum computers to current cryptographic methods is a real and imminent challenge for organizations. Although still a lot needs to happen before quantum computers are powerful enough to break cryptography, the uncertainty surrounding the timeline and pathway to mitigate this threat could hamper organizations to take action. However, by adopting a proactive approach and leveraging the four drivers outlined above, organizations can better understand why and when to kickstart their transition to quantum-resistant cryptography.

The transition to a quantum secure organization is long and will involve new technical and organizational interventions. Rushing into implementation can prove to be counterproductive in the long run. Understanding what drives you to change can help in shaping this transition in a way that supports organizational needs. Before jumping and implementing post-quantum cryptography, organizations should strategize about their approach and see what driver fits their journey to a quantum ready organization. Following our Quantum Security Lab is one way for organizations to achieve this: participating in the Lab will allow your organization to learn from the latest developments and insights we gathered. It provides in-depth insights in the context of the threat, uncover your unique driver for change and create an initial action plan that will enable you to stay on top of the evolving quantum threat, enable you to address the challenges where needed and strengthen your organization’s security posture.

Go directly to

Did you find this useful?