One area of data protection that will be affected by quantum computing capabilities is encryption. You see, quantum computing will make current day encryption practices obsolete. The traditional Public Key Infrastructure (PKI) system used can easily come crashing down when public keys become vulnerable to attack by quantum machines. Instead of years to decipher codes, we could be down to minutes or even instantly.
That changes life pretty darn dramatically. Just imagine all those security certificates issued for websites, emails and digital signatures to validate authentication becoming obsolete in a matter of minutes. We can already sense the drool from cyber criminals and adversarial nations.
Here comes the “the sky is falling” talk, so here’s the disclaimer: we don’t expect this encryption calamity to happen tomorrow, but we do expect it to happen within our lifetime. It’s not unreasonable to think within a decade or so. The 10-15 year mark isn’t all too unreasonable, especially if you start taking into consideration study and standardization. But that’s the problem with any new technology: timing.
So with that said, are you going to wait and see what happens or – if your resources permit – be an early adopter? Here are some thoughts that may help you decide.
If you’re not a data-dependent company, you’ll be pretty safe for the next few years while you play the “wait and see” card. By the time you are worried about quantum computing, you’ll probably have suffered other obstacles that impact you more directly.
But if you are a data-dependent company – like a bank, financial institution or organization that holds and uses plenty of personal identifiable information – you may want to be one of those first ticket holders for the first quantum trains. Note: in case you haven’t been following, a couple of trains have already pulled out of station.
One of those quantum trains specifically related to encryption is Quantum Key Distribution (QKD). It’s an interesting concept because the process does not necessarily rely on a quantum computer but rather uses quantum physics to build the key instead of hard mathematics. Read the article for more details on how photons are used to create the key and how a disturbance to the photon protects the data.
It’s not quantum computing exactly, but it’s kind of cool that you’re using quantum physics to help prevent against a potential future quantum computing attack. And we understand there are limitations to using photons, such as speed and distance, but some of us still remember that a 9,600 bit/s modem was a technological breakthrough, and as recently as 20 years ago, if you had a 56.6 kbit/s in your home computer, you were a total rock star.
Keep perspective: 20 years ago wasn’t that long ago. Everything has a beginning. The first trials of online banking started in the early 1980s, and in 2001, Bank of America had nearly three million people banking online. In other words, change comes fast.
So while we are still very much in the “zone of the unknown” a word of advice: if you’re a data-heavy organization and you plan to use and keep that data for years to come, you need to start thinking about new and alternate forms of encryption today.
About the Authors:
Paul Ferrillo Paul Ferrillo is partner and shareholder in Greenberg Traurig’s (“GT”) Litigation department, where he focuses on complex securities, shareholder and business litigation, and internal investigations. He also is part of GT’s Cybersecurity group, where he focuses primarily on cybersecurity corporate governance issues, and assists clients and boards of directors with governance, disclosures (both regulatory and post-breach crisis management), and regulatory matters relating to their cybersecurity postures and the regulatory requirements which govern them (e.g. SEC OCIE, FINRA, OCC, FFIEC and NY DFS).
George Platsis has worked in the United States, Canada, Asia, and Europe, as a consultant and an educator and is a current member of the SDI Cyber Team (www.sdicyber.com). For over 15 years, he has worked with the private, public, and non-profit sectors to address their strategic, operational, and training needs, in the fields of: business development, risk/crisis management, and cultural relations. His current professional efforts focus on human factor vulnerabilities related to cybersecurity, information security, and data security by separating the network and information risk areas.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
For full article, click here.