Quantum computing could break your encryption. It could happen within a couple of years, or it may be a decade or two away. Still, certainly, in the relatively near future, quantum computing will render traditional cryptography obsolete. It’s a challenge every enterprise will have to face, and the sooner they start looking into the risks quantum computing poses to conventional encryption schemes, the better. The U.S. federal government is already assessing the issue.
The 2021 National Defense Authorization Act, which became law on January 1, 2021, includes a mandate to the U.S. Department of Defense to conduct a detailed assessment of current and potential threats to critical national security systems posed by quantum computing.
One of the major concerns is that quantum computing will soon be capable of breaking traditional encryption, and do so very quickly. Last year, before the directive to the U.S. Department of Defense, we spoke with Greg Wetmore, VP of product and software development at Entrust Datacard, about how this risk may soon affect enterprises and their ability to keep their sensitive and regulated data secure.
Here is an edited version of our conversation.
Security Boulevard: How far away do you think we are from quantum computing challenging today’s encryption in use by the private sector?
Greg Wetmore: There’s not a precise answer here. It’s somewhat of prognostication, but, you’ll get a range of responses when you talk to the mathematicians and the security experts. But as soon as you get into that 10-plus year time frame, you start to get into a situation where the majority of experts have pretty high confidence that there’ll be a real threat to enterprise businesses and governments from quantum computers as it relates to their cryptosystems.
One of the things we’re trying to educate our customers about is the importance of concentrating on this problem now. Because, when you look back at how long it has taken in the past for organizations to migrate their cryptosystems to more modern standards, it is a long-term shift. I think back to SHA, or the RSA transition to elliptic curve. Those took 20, 30 years from establishing standards to policy changes and technology changes required. Organizations struggled through that. It was not an easy transition.
Security Boulevard: People were using SHA-1 for much longer than they should have been. It took a ridiculously long time.
Greg Wetmore: With those kinds of timelines in mind, it’s essential to get the word out. There are still people using SHA-1. I recently saw a very old, legacy system that is very hard to change. Do the math: you have a 10-year threat timeline and a 20-year mitigation effort ahead of us.
Security Boulevard: What should organizations start to do?…
Data Maps: What Is It And The Best Techniques and Tools
Since the inception of GDPR, millions of companies around the globe are racing to implemen…
Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in …
