Post-quantum computing is an inevitable threat to cybersecurity. We know there will be a quantum computer powerful enough to break the RSA and ECC cryptographic algorithms that are being used today. What we don't know is when this is going to happen.
In an effort to gain clarity on when this threat might become real, the Global Risk Institute did a global study where they surveyed a diverse set of leaders and experts in relevant areas of quantum science and technology. Predicting the timeline is difficult, and as expected, the opinions varied. But there were some patterns that emerged from their responses.
While the results suggest the threat is likely a decade or more away, it's good to start planning now to get ahead of it. As stated in the report:
The urgency for any specific organization to complete the transition to quantum-safe cryptography for a particular cyber-system relies on three simple parameters:
If the threat timeline is shorter than the sum of the shelf-life time and of the migration time, then organizations will not be able to protect their assets for the required years against quantum attacks.
This is why it's important to understand the threat timeline, and flag this as an issue now, since the migration from RSA to something new could take several years. One thing you can do today is to perform a cryptographic inventory to assess and understand what algorithms are in use, in which of your systems. Some examples of things to look for:
From there you can begin to develop and implement strategies to improve crypto agility, segmentation and understanding within your organization.
The Global Risk Institute plans to update this report on an annual basis, to track the evolving opinions of leaders in this space. Entrust Datacard actively engaged in research for Post-Quantum technology which we will continue to share, as well as providing resources and information to help you and your organization prepare.