Quantum computing could unlock innovation and advance the human race in virtually all industries, but the information security community must act now to ensure it doesn’t expose them to greater risk, a leading CISO has argued.
Jaya Baloo, CISO at Dutch telecoms firm KPN, told attendees at Infosecurity Europe 2018 that quantum computing offers organizations a potentially exponential scalability when it comes to speed and computing power.
However, this “quantum speed-up” poses serious risks to traditional cryptography, in that a current problem that would take “the lifetime of the universe” to solve could end up taking just a few seconds.
With quantum computers potentially emerging in the next 10-20 years, information security professionals must act now, Baloo argued.
“You need to ask yourself which threat model do you have and how long do you have to keep it safe?” she added. “I need us all as an information security community to get our hands dirty now.”
Those organizations that need to secure data over an entire customers lifetime could have a problem if they don’t prepare for the possibility that the crypto they use to secure it now may be effectively obsolete in a couple of decades, Baloo claimed.
What’s more, governments around the world including the US National Security Agency (NSA) are hoovering up encrypted communications with a “capture now, decrypt later” strategy which could see old state and trade secrets fall into the wrong hands in time.
As it currently stands, security pros could extend the lifetime of AES-256 encryption through the quantum computing era by increasing the key size, while SHA-256 and SHA-3 could still work securely with a larger output, claimed Baloo.
However, RSA, DSA, ECDSA and ECDH standards would no longer be effective, she warned.
Quantum computing could offer advances in everything from earlier detection of cancer to MRI scanning and even metrology.