In recent discussions about cybersecurity, Post-QuantumComputing (PQC) has become a hot topic, often sharing the spotlight with advancements in Artificial Intelligence (AI). If you’ve attended any cybersecurity event recently, you’ve probably heard about the potential impact of quantum computing on traditional cryptographic methods. One comment that resonated with me compared it to the Y2K problem, except this time, we don’t have a clear deadline.
Why PQC Matters in the World of PKI
For those in the Public Key Infrastructure (PKI) space, PQC represents a seismic shift. PKI, which underpins many of our day-to-day digital transactions and infrastructure, is built on cryptographic foundations—particularly RSA and ECC asymmetric algorithms. The idea that a sufficiently powerful quantum computer could crack these algorithms is, frankly, daunting.
While PKI may be considered "old-school tech," its role in securing digital communication and identity remains critical. It was designed to withstand attacks from classical computers, but the advent of quantum computing poses a new and formidable challenge. Yet, for now, it’s important to note that fully operational quantum computers capable of breaking current cryptography do not yet exist.
Early quantum systems are expected to be slow, with some estimates stating only capable of breaking fewer than ten codes per day. For most organisations, this means that widespread quantum threats are still not on the horizon.
What Can Be Done Today?
Even though the immediate threat of PQC is not yet upon us, proactive preparation is essential. NIST’s recent publication of its Post-Quantum Cryptography (PQC) Standards is a great starting point. The challenge lies in balancing the need to address immediate information and cyber security concerns with planning for future developments. Here are some actionable steps:
Gain Visibility:
- Take stock of your entire IT estate. Identify legacy systems, outdated firmware, and applications that may not be ready for the post-quantum world.
- Document your landscape thoroughly to understand where vulnerabilities might exist.
Stakeholder Engagement:
- Education of PQC and its risks and opportunities need to be understood in both engineering and leadership spaces. Only through such engagement will a full understanding of the threat landscape and acceptable risk appetite be understood.
- PQC will present as a seismic shift in capabilities of initially sophisticated threat actors, but in time less sophisticated events. This shift will require a matched effort to reshape and refocus technology in your business to ensure that your business will stay ahead of the moving threat landscape.
Update and Upgrade:
- Outdated systems are the weakest link. Begin upgrading firmware, software, and hardware to build a secure foundation.
- This ensures that your infrastructure is not only more resilient today but also adaptable for the future.
Adopt Secure by Design Principles:
- Integrate security into the design phase of every system or application. This ensures that security is not an afterthought but a core component.
- Empower engineers and technicians with the tools and information to establish secure-by-design concepts at the coal face. Secure engineering should not be a stage of release but a effective and standard mindset. Acknowledge and recognise team members who own and champion such standards.
Prepare for a PKI Overhaul:
- PKI systems, especially older infrastructures and Hardware Security Modules (HSMs) built decades ago, will face their biggest challenges yet.
- The transition to post-quantum secure algorithms will require significant updates, potentially the largest overhaul PKI has seen since its inception.
The Role of Aretiico in the PQC Era
As the newest entrant in the PKI space, Aretiico isuniquely positioned to address the challenges posed by PQC. Our technology stack is designed with modern needs in mind:
- Built on ‘as code’: This ensures security is automated and consistently applied. This as-code approach allows for a strict and effective development and deployment process that enforces secure standards and processes. Allowing for ongoing audit and approval on the full life cycle of code and its associated infrastructure. Nimble and Flexible Services: Unlike older players with legacy systems, our offerings are agile, ready to adapt to new cryptographic standards.
- Secure by Design: Our solutions are designed from the ground up to incorporate the latest security best practices.
As organisations prepare for the quantum era, Aretiico provides the tools and expertise to navigate this transformation with confidence.
Final Thoughts
While the full impact of PQC is still years away, the ground work laid today will determine how smoothly the transition unfolds. Organisations that start preparing now by enhancing visibility, updating systems, and embracing secure design principles—will be well-positioned to thrive in the post-quantum world.
