Connects decision-makers and solutions creators to what's next in quantum computing
World Quantum Readiness Day Urges Organizations to Secure Systems
Organizations need to prepare for a quantum-secure future with digital certification including for IoT devices
The inaugural World Quantum Readiness Day takes place on Sept. 26, aiming to highlight the urgent need for current security infrastructures to adapt to the impending quantum computing era.
A recent Forrester study predicts that quantum computers could break all current cryptosystems within the next five to 30 years, with 70% of this happening in the next five years. World Quantum Readiness Day encourages enterprises and governments to evaluate their readiness for the quantum age.
The day centers around a virtual event and was initiated by digital security company DigiCert. Speakers include Peter Shor, the inventor of Shor's algorithm, which shows how quantum computers can break many of today’s cryptographic systems, and Taher Elgamal, the “father of SSL” security technology.
In this Q&A, Deepika Chauhan, chief product officer at DigiCert explains the need for the event, what organizations need to do to prepare for a quantum-secure future and the importance of digital certification for IoT devices.
Enter Quantum: NIST released its first three post-quantum cryptography algorithms on August 13. DigiCert has already implemented them. What does that mean for the company and its customers?
Deepika Chauhan: DigiCert offers services for quantum in a product and advisory capacity as well as experimentation. Customers are on different maturity curves; some don't know how to begin the journey toward quantum and some customers are ahead.
Our experts help guide customers to think about how to start breaking down the problem because, for many large organizations, it's going to be a multi-year journey. From a product point of view, they also want to be able to test using a sandbox and know what the implications are.
Digital certificates provide encryption and today, they are using RSA and ECC encryption algorithms that have worked beautifully for the last 20-plus years. Organizations like DigiCert provide the capability for customers to issue certificates using NIST’s quantum-safe algorithms and test them for different use cases.
Organizations can have hundreds and thousands of crypto assets so we start with discovery to find the digital certificates associated with all the different crypto assets—which can be servers, clients or software— so that you know what landscape and can break down the problem and start transitioning. Once you have that, you can issue certificates for that use case.
What are the challenges for upgrading security certification to NIST standards for IoT technology?
IoT devices are one of the first use cases to make quantum secure. Nowadays, even the smallest home device has some software running on it, so we need to make sure that those are compensated and that starts on the assembly line.
Software goes on a device when it is being manufactured and a software trust solution scans it for malware and certifies it as safe. Every television in Europe comes off the production line with a digital certificate.
But then when a device is out in the field, say, a medical infusion pump, you have to manage it through its lifecycle and protect against vulnerabilities through over-the-air updates by providing a certificate.
Once you can manage the device lifecycle, you can protect IoT devices with a composite certificate, which provides support for RSA and ECC as well as for quantum safe. Once the device is out in the field, having device trust management capabilities allows you to update the certificate provisioning as well.
About the Author
You May Also Like