While many cybersecurity experts and researchers initially predicted that quantum computing would become a cybersecurity threat around 2050, the reality is that this timeline is rapidly approaching due to the exponential growth in quantum computing power and advancements in decryption algorithms. Earlier this year, CISA, NSA, and NIST released a paper aimed at informing organizations about post-quantum readiness. In this document, they strongly encourage organizations to initiate preparations now and create a roadmap for transitioning to Post-Quantum Cryptography (PQC) standards to defend against cryptanalytically-relevant quantum computer (CRQC) capabilities.
Many existing standards and cryptographic protocols relying on public key algorithms, such as RSA, ECDH, and ECDSA, will require updates or replacements with post-quantum cryptography algorithms to safeguard against future threats. Early planning is crucial, as cyber threat actors may already be targeting data with a “catch now, break later” approach. For organizations supporting critical infrastructure, consider establishing a project management team to plan and outline the migration to PQC standards. It’s essential to take inventory of all applications, functionalities, and vendors reliant on public-key cryptography to ensure a roadmap for adopting PQC algorithms.
I highly recommend assessing your organization’s current security posture and keeping an eye on NIST’s 2024 standards, which will be instrumental in establishing a quantum-safe organization for the future.