UK Updates Post-Quantum Crypto Guidance
I have written several times about the need to start thinking about post-quantum crypto.
At this point, “Q-Day” is somewhere between this year and ten years from now. If you believe my blog last week, Q-Day could be today.
NIST has published draft post quantum standards, but there is a lot more to do besides some new algorithms. Selecting these algorithms took seven years alone.
The protocols and services that drive the algorithms have to change as well. Those are “standards”, and the standards process is very challenging.
But on top of that, there are all sorts of “legacy” devices that likely will never be updated.
Many of these “legacy” devices are installed inside critical infrastructure. Those are the ones that attackers will go after. Critical infrastructure is what makes oil flow in pipelines and electric flow over power lines.
There are two possible negative outcomes in this scenario.
One is that these attackers go after corporations – their money and their data. both are attractive to hackers.
The other is that they go after critical infrastructure. That could mean turning the lights off or much worse.
As system owners and users, especially, Internet of Things devices and Industrial Control Systems, those are the ones that are going to be the hardest to change. Most expensive and most difficult. A lot of them will never be changed and system operators will just cross their fingers. Included in Industrial Control Systems are most medical devices. Many of them are connected to the Internet today and more will be tomorrow. Hackers will definitely have the advantage.
In addition, buyers need to start asking questions of vendors – what are the vendor’s plans? Will it even be possible to upgrade. Is there enough CPU and memory capacity in the device to run post quantum crypto.
There is no reason to panic. If you are a high profile target, of course you are more at risk.
Now is the time to start investigating and asking questions. Be proactive.
If you need help, please contact us. Credit: CSO Online