Enterprises need to act now to address the threats future quantum computing advances pose to current encryption standards.
But the transition to post-quantum cryptography can only be achieved by a phased migration rather than a forklift upgrade, advise financial services execs at the forefront of establishing quantum resiliency at their organizations.
Current quantum computers are still limited by high error rates but recent progress suggests that most traditional public key cryptography (PKC) algorithms might soon be vulnerable to attack, possibly within five years. This includes RSA, Diffie-Hellman, and other PKC methods that rely on mathematical problems such as factoring large numbers or computing discrete logarithms to encrypt data.
Sensitive, long-lived data (financial, legal, health, drug discovery, etc.) is particularly vulnerable because attackers may already be collecting encrypted data to crack once quantum computing technology matures, through so-called harvest now, decrypt later attacks.
Phased migration to PQC
To defend against such attacks, enterprises must transition to post-quantum cryptography (PQC) as soon as they can.
In August 2024, the US National Institute of Standards and Technology (NIST) released its first three finalized PQC standards after an extensive, multi-year evaluation process. NIST and other agencies such as the UK’s National Cyber Security Centre have published roadmaps for a phased migration to quantum-secure systems by 2035.
Investing in PQC readiness is both a security necessity and, increasingly, a compliance requirement.
Sudha E Iyer, chief cybersecurity architect for data security and CISO data management at Citi, said that financial resilience is a top order priority for the bank, which started its PQC migration project in 2021.
“Now that NIST has given [ratified] standards, it’s much more easier to implement the mathematics,” Iyer said during a recent webinar for organizations transitioning to PQC, entitled “Your Data Is Not Safe! Quantum Readiness is Urgent.” “But then there are other aspects like the implementation protocols, how the PCI DSS and the other health sector industry standards or low-level standards are available.”
She continued: “So we are looking forward to these standards coming out and reference architectures coming out. And once they are out, it would be easier to implement them.”
Richard Searle, chief AI officer at Fortanix, cautioned CISOs against delaying PQC strategies.
“You’re not going to be able to do this as a single big bang approach,” he said. “If it takes you until 2028 to figure out which legacy systems are not going to be able to support that cryptography or where the impact is going to be, it’s going to be very difficult to then make the transition to PQC-safe algorithms by the dates for deprecation of our legacy cryptography that have been set down by those regulatory agencies that are leading the global effort.”
Missing pieces
Michael Smith, field CTO at DigiCert, noted that the industry is “yet to develop a completely PQC-safe TLS protocol.”
“We have the algorithms for encryption and signatures, but TLS as a protocol doesn’t have a quantum-safe session key exchange and we’re still using Diffie-Hellman variants,” Smith explained. “This is why the US government in their latest Cybersecurity Executive Order required that government agencies move towards TLS1.3 as a crypto agility measure to prepare for a protocol upgrade that would make it PQC-safe.”
David Chapman, director of identity access management at PenFed Credit Union, advised other enterprises to plan for a PQC world despite current gaps in technological development.
“This is not something that can just be kicked down the road until everything is all in place out there in the industry and all the ciphers are out and everybody is fully supporting it,” Chapman advised at the webinar.
Upgrading to quantum-safe cryptography needs to be proceeded by an inventory of all cryptographic assets — known as a cryptographic bill of materials (CBOM) — to determine which are most vulnerable to quantum attacks.
Businesses should prioritize upgrading critical assets to quantum-resistant algorithms, testing updated systems in controlled environments before putting them into production. Combining current and PQC solutions allows phased rollouts and reduces operational risk.
“Even if you’re not doing post-quantum computing, you need a good [cryptographic] inventory because the CAB [Certification Authority Browser Forum] has recently released the fact that your certificate lifetimes are now going to shrink [progressively] from 397 days down to 47 days by March 2029,” PenFed’s Chapman noted.
Achieving crypto agility
Daniel Cuthbert, global head of cybersecurity research at Santander, told CSO: “We need more vendors helping us understand what current crypto capabilities exist in their products. This is where the CBOM really starts to shine and show its importance.”
As things stand, the process of cryptographic discovery is still difficult.
“There are a handful of commercial tools, which are very expensive, and then only a smattering of open-source tools of which myself and Mark Carney have open-sourced from a Santander perspective,” Cuthbert explained. “Until we make these tools as easy to use and available to all, that’s where some of the struggle is occurring in organizations.”
Dr. Ali El Kaafarani, CEO and co-founder of post-quantum cryptography vendor PQShield, and one of the architects of the NIST standards, agreed that upgrading from legacy to PQC-based systems is far from trivial.
“PQC isn’t plug-and-play; there’s serious work needed to identify where vulnerable cryptography lives, what can be swapped, and what needs a more bespoke solution to maintain performance requirements,” Dr. Kaafarani told CSO, noting that PQC requires more computing resources and more memory than legacy encryption technologies.
Enterprise CISOs must also push their vendors on their PQC roadmaps.
“I believe the overwhelming majority of enterprises will find that 80% of their cryptography is in their supply chain, which means a lot of the modernization can take place through conversations with vendors,” Dr. Kaafarani added.
PenFed’s Chapman agreed: “Question your hardware and software vendors: Are you ready for PQC?”
Nigel Edwards, vice president at Hewlett Packard Enterprise (HPE) Labs, said that more customers are asking for PQC-readiness plans for its products.
“We need to sort out [upgrading] the processors, the GPUs, the storage controllers, the network controllers,” Edwards said. “Everything that is loading firmware needs to be migrated to using PQC algorithms to authenticate firmware and the software that it’s loading. This cannot be done after it’s shipped.”
Experts quizzed by CSO consistently argued that early adoption of PQC offers businesses a potential competitive advantage as well as the opportunity to comply with growing regulatory demands.
“The EU have set far more aggressive deadlines compared to the US, but I think this will drive more adoption overall,” Cuthbert told CSO. “Organizations will have to act, even with diminished budget.”