In mid-September, David Oberhaus, cyber security reporter for Vice Motherboard and CNET, posed an interesting question: how can encryption survive in the age of quantum computing? Even the most complex and powerful computers in existence today pale when compared to quantum devices.
And while this technology can be a boon for scientific and societal advancement, we still don’t quite understand how it will impact information security.
“The threat of a crypto-apocalypse, where everyone's private information becomes insecure due to the arrival of large-scale quantum computers, is no longer a question of 'if,' but a question of 'when,” writes Oberhaus. “The perceived inevitability has security researchers locked in a high-stakes race to develop quantum-resistant cryptography before the dawn of the first large-scale quantum computer arrives on the scene.”
Many industry leaders have been anticipating this issue for years. “Since 2015, we have identified a mass failure in cryptography as the most alarming threat to machine identities, privacy and trust,” says Kevin Bocek, chief security strategist for Venafi. “Now, we are recognizing that the day of a crypto-apocalypse is drawing closer and closer. Every digital asset that makes modern life possible, from online payments to global stock trading, relies on modern cryptographic methods. A crypto-apocalypse event could lead to recessions in multiple economies and much worse.”
So how can cyber security experts ward off this upcoming crypto-apocalypse? Is it possible to embrace quantum computing without hindering encryption?
“Unfortunately, the algorithms needed to generate quantum-immune machine identities are not available at this point in time,” continues Bocek. “But, there are steps organizations can take today to prepare themselves.”
Bocek recommends organizations follow NIST’s certificate guidance and take the following steps:
- Understand which machine identities are in use, where they are and what crypto they utilize.
- Have the ability to control and automate the change out of their machine identities using today’s crypto.
- Begin practicing responding to large scale change outs.
The crypto-apocalypse may be on the horizon, but there is no excuse to be caught off guard. With proper protection and practice, quantum computing and encryption can exist side-by-side.
Are you prepared for the crypto-apocalypse?
