Are you ready for Q-Day?
In this InTechnology video recorded at RSA Conference 2024, Camille talks with Dr. Richard Searle, Chief AI Officer at Fortanix; Chris Hickman, Chief Security Officer at Keyfactor; and Andrew Driscoll, Quantum Security Engineer at Accenture. They get into the new era of security challenges with quantum computing and post-quantum cryptography, strategic planning for the post-quantum transition, and the timeline towards Q-Day.
Quantum Computing and Cryptography: A New Era of Security Challenges
Richard explains that quantum computers rely on atomic structures that enable them to perform massively parallel calculations. However, their ability to compute extremely complex functions simultaneously poses a threat to today’s cryptography, paving the way for new post-quantum cryptography standards. He introduces the concept of “steal now, decrypt later” (SNDL), a tactic already in use where malicious actors steal or copy encrypted information now, intending to decrypt it later with quantum resources. Inevitably, we are heading toward “Q Day,” which Andrew describes as the day a powerful quantum computer can break today’s encryption standards.
Strategic Planning for the Post-Quantum Transition
Andrew and Chris then outline how organizations can begin their quantum journey. Preparing for quantum computing is a multi-year process, and Chris emphasizes that even identifying the organization’s current crypto assets and those potentially impacted by quantum cryptography is a significant task. Andrew advises conducting strategy assessments, educating stakeholders, and understanding the organization’s cryptographic ecosystem to protect sensitive data. Chris also highlights the importance of considering the entire supply chain, including cloud providers and third parties that currently hold an organization’s data.
For quantum computing use cases, Richard cites the rising demand for intensive computing to support AI adoption. However, current computing is unsustainable due to hardware availability, performance, and power consumption inefficiencies. He argues that quantum computing is the solution to these issues. He draws a parallel to how cloud computing transformed the compute landscape in terms of performance and security risks, much like quantum computing will do today. Organizations will eventually need to meet new post-quantum standards, such as those from NIST or other world governments. While these standards are still emerging, many governments have already published recommended guidelines for this transition period.
The Timeline Toward Q-Day: Preparing for the Inevitable
The conversation concludes with a discussion of when quantum computing will be unveiled and how organizations should pace their preparations. Chris underscores the need for immediate preparation, emphasizing that organizations should treat cryptography as critical infrastructure. Andrew speculates that quantum computers capable of breaking modern encryption might already exist but could be kept secret if developed by nation-states or organizations with highly sensitive purposes.
Regardless of when quantum computers become public, Richard advises CISOs to prioritize post-quantum cryptography. Chris adds that the transition will be mandatory since existing systems will eventually become untrustworthy. To make the switch more manageable, Chris recommends assessing an organization’s current SNDL risks and gradually migrating rather than making a costly all-at-once shift. Ultimately, Richard and Andrew emphasize that sensitive encrypted data is already being copied, making it crucial for organizations to start preparing with post-quantum cryptography now.
Dr. Richard Searle, Chief AI Officer at Fortanix
Richard currently holds the position of Chief AI Officer at Fortanix and previously served as Vice President of Confidential Computing. He has also been the General Members’ Representative to the Governing Board and Chair of the End-User Advisory Council for the Confidential Computing Consortium of the Linux Foundation. Richard is a frequent contributor to thought leadership articles and regularly delivers talks on topics like quantum computing, AI security, and the applications of confidential computing. He holds a Doctor of Business Administration degree from Henley Business School and an MBA from The Open University Business School, and he is a Fellow in Manufacturing Management and Manufacturing Engineering from Cranfield University.
Chris Hickman, Chief Security Officer at Keyfactor
Chris Hickman has been the Chief Security Officer at Keyfactor since 2006. Before this role, he was the Director of Technical Services at Alacris, a smart card and certificate management firm now integrated into the Microsoft Identity Manager product suite. His work has included overseeing PKI projects for organizations like NATO, the U.S. and Canadian Departments of Defense, Fortune 100 banks and financial institutions, telecom providers, manufacturers, insurers, and retailers.
Andrew Driscoll, Quantum Security Engineer at Accenture
Andrew Driscoll currently works as a Quantum Security Engineer at Accenture, having previously served as a Security Consultant and Senior Security Analyst. He earned a Bachelor’s degree in Computer Science with a focus on software, web, and computer security from Bradley University. Before his current role at Accenture, Andrew was an Information Security Summer Analyst Intern there, a Software Validation Intern at Caterpillar, and a Code Sensei at Code Ninjas.
Check it out. For more information, previous podcasts, and full versions, visit our homepage.
To read more about cybersecurity topics, visit our blog.
#postquantumcryptography #quantumcomputing #RSAC2024
The views and opinions expressed are those of the guests and author and do not necessarily reflect the official policy or position of Intel Corporation.
—–
If you are interested in emerging threats, new technologies, or best tips and practices in cybersecurity, please follow the InTechnology podcast on your favorite podcast platforms: Apple Podcast and Spotify.
Follow our host Camille @morhardt.
Learn more about Intel Cybersecurity and Intel Compute Life Cycle (CLA).