Ready for Q-Day? Post-Quantum Cryptography at RSA 2024
The race is on to prepare for the seismic shift that quantum computing will bring to cryptography and data security. At the RSA Conference 2024, experts from Fortanix, Keyfactor and Accenture weighed in on the urgency of migrating to post-quantum cryptography (PQC) and confronting the “steal now, decrypt later” threat.
Dr. Richard Searle, Fortanix’s Chief AI Officer, outlined the stakes: “There is this attack vector called steal now decrypt later, where encrypted information can be collected by an adversary today and stored and then that information can be decrypted at a later date with a quantum resource that they may be building.”
While a crypto-analytically relevant quantum computer capable of breaking current encryption may still be years away, the “future lifespan” of sensitive data demands action now according to Searle.
“Even though quantum computers are still under development, it’s actually a problem that we need to face today in terms of the security of our information,” he said.
For Chris Hickman, Chief Security Officer at Keyfactor, a core challenge is mapping an organization’s entire crypto footprint: “For an organization to even understand where all their crypto assets are today is a pretty big task. We’ve generally as an industry taken cryptography for granted.”
He advises a practical approach.
“Start looking at this technology, start looking at doing some testing and becoming familiar with it. Understand what it means. It is not the same as your traditional RSA crypto,” he said.
Andrew Driscoll, Quantum Security Engineer at Accenture, stressed the need for a comprehensive “strategy assessment” and thorough inventory.
“In order to know what crypto you need to change, you need to know where it’s located. You may need to go to the vendor to get what we call a cryptographic bill of materials,” said Driscoll.
While timelines are uncertain, Driscoll warns organizations must prepare for the inevitable: “This is not going to be an optional change, it is absolutely something that will happen over time because we won’t at some point be able to trust the things that we are trusting today.”
With Q-Day looming, migration is a “multi-year journey” requiring risk assessments, supply chain audits, and diligent adoption of emerging PQC standards to fortify data against the quantum threat.
Featured image: Credit: Intel