On December 21, 2022, President Joe Biden signed the Quantum Computing Cybersecurity Preparedness Act into law. To comply with this act, federal agencies must move to post-quantum computing, and they have until May 4.
The law applies to federal agencies, but it’s also a wake-up call to the private sector to secure their systems.
Leveraging quantum mechanics, quantum computers can dramatically increase computing power to such an extent that bad actors could use the technology to crack most encryption. Some experts predict that quantum computers will break all encryption within 20 years.
If large-scale quantum computers are built, they will be able to break current encryption products that secure everything from sensitive corporate data and passwords to financial transactions, cryptocurrency and classified national security information.
The National Institute of Standards and Technology (NIST) is evaluating several post-quantum encryption standards to protect sensitive data from the advent of quantum computers. The goal is to develop secure encryption that protects against quantum computers and can interoperate with existing communications networks.
In the meantime, here are some steps you can take to make your systems and data more secure from quantum computing risks:
1. Inventory and Classify At-Risk Systems and Data
Take stock of your sensitive data and password-protected systems, so you’re ready for the next phase of digital security. You should conduct a detailed inventory to understand your company’s sensitive systems and data, and what level of protection they might need.
2. Understand Future Exposure
Once you inventory and classify your systems and data, think about how you’re protecting them and whether they’ll be at risk once quantum computing hits. Knowing how your systems and data are protected and where encryption is used is essential.
3. Use Symmetric Encryption
Due to their key length, symmetric encryption standards, like AES-256, are more resistant to quantum attacks. While symmetric encryption is a temporary fix, it’s an excellent way to protect your assets as quantum security tools evolve.
4. Develop a Mitigation Strategy
The next step is to develop a mitigation strategy for the quantum computing threat. At the very least, a mitigation strategy should include a data security policy, an incident response plan, and a disaster recovery plan.
Developing the strategy also involves assessing what company data might already be exposed and determining how to handle that situation. Organizations should next look at their critical data and decide whether it needs additional layers of encryption.
Data in transit is at greater risk of being broken by quantum computing than data at rest. To counter this, organizations will need to adopt post-quantum computing encryption standards, such as those being developed by NIST, to replace asymmetric algorithms.
Looking to ensure your organization is prepared for the advent of quantum computing? MBL Technologies can help. We offer a wide array of cybersecurity services to help you identify weaknesses in your security posture and implement cost-effective, targeted solutions. Contact us today to get started.
