What Are the Implications of the New Federal Cybersecurity Act for Businesses?
Password decryption using quantum computing is becoming an increasingly likely threat. The Quantum Computing Cybersecurity Preparedness Act was signed into law by the US President Joe Biden on December 21, 2022. The new law is intended to facilitate a proactive transition to a post-quantum security posture on the part of federal agencies. The Office of Management and Budget (OMB) has been tasked by the Act to prioritise the adoption of post-quantum cryptography standards, and agencies have until May 4, 2023, to submit an inventory of potentially vulnerable systems.
The government’s efforts to deal with new quantum risks are the digital equivalent of canaries in coal mines for businesses. There’s imminent danger, so now is the time to take precautions.
Observable Effects on a Quantum Level
The benefits of quantum computing are still largely theoretical despite ongoing investment, research, and development. However, as efforts move closer to practical applications, businesses need to be aware of the ways in which quantum technology may benefit or hinder their operations.
In a nutshell, quantum computers greatly enhance processing power by expanding the binary states of 1 and 0 beyond those two limits. In contrast to classical computers, which store bits of information as either 1 or 0, quantum bits (qubits) allow particles to exist in several states at once. As such, a qubit is neither 1 nor 0, but rather lies on a continuum between the two. There’s more to it than meets the eye in simplistic explanations, particularly when it comes to the role of probability and particle interaction. The move away from binary is the crucial component, however, for the purposes of quantum computing power.
While early studies focused on developing methods for establishing and maintaining these qubit states, more recent efforts have aimed to increase the total number of qubits in a computer. For instance, in 2021, the 127-qubit Eagle processor will be replaced by the much more powerful 433-qubit Osprey computer, which has just been unveiled by IBM researchers.
Issues and Concerns of Cryptography
In the face of determined attackers, passwords tend to fail. As a result of users’ continued adoption of weak passwords like “123456” and the perennial favourite “password,” company IT departments are always on the lookout for innovative approaches to strengthen security. As a result of quantum computing, encryption now has to take into account a whole new set of challenges. The problem is not with passwords per se but with the cryptographic method by which they are encrypted. The keys generated by today’s technologies are simple to verify but extremely difficult to crack because they are based on mathematical procedures.
How hard is it? Using a conventional computer to crack modern asymmetrical algorithms like RSA or ECDSA might take billions or trillions of years. But, if one were to use a quantum gadget, that identical procedure might be completed in as little as 8 hours.
While the key lengths of symmetric solutions like AES may make them more secure against quantum assaults, there is no absolute guarantee of this. This is because quantum computers use a method called Grover’s, which drastically shortens the time required to break a symmetric password (by the square root of the password length).
If it takes a conventional computer a trillion years on average to crack a key, a quantum computer could do it in a million years, but that’s still too long to be practical. However, the capacity of quantum computers to crack the strongest symmetric encryption could improve as the number of available qubits grows.
However, the real danger isn’t that a quantum computer will eventually “guess” the correct password. Their ability to crack encryption is cause for concern. Often known as a brute-force attack, this is far more worrying than merely guessing the correct solution to a password problem because it renders the underlying encryption worthless for any future attempts.
What Companies Must Do Right Now
The encryption keys are still secure from quantum computers. However, businesses shouldn’t wait around for the stability and increased capacity of quantum devices.
Here are four immediate steps businesses can take to lessen their exposure to quantum risk.
1. Management of Risk in Inventory
A good starting point for post-quantum security is provided by federal legislation: Develop a list of vulnerable infrastructure/ at-risk systems. Businesses can get ready for the next phase of digital protection by taking stock of current password-protected apps and services that aren’t up to quantum security standards.
2. Put defensive measures in place in pairs.
Above, we saw that symmetric standards like AES-256 provide superior defence against quantum attacks. As quantum computing becomes more widespread, adopting longer bit lengths will likely prove to be a stopgap measure at best. As quantum security tools advance, however, it’s a good way to protect existing investments.
3. You Should Find Quantum-Safety Allies
Most businesses lack the resources to implement quantum security measures in-house. Therefore, it is beneficial to find collaborators with knowledge in this area to aid in the transition to greater security.
4. Utilize Quantum Cryptography
Advances in quantum cryptography make use of quantum systems’ inherent properties to provide superior security. Since quantum particles are inherently entangled, any change in their state is inherently the result of an observation. Therefore, if an adversary wanted to snoop on a quantum-encrypted communication, they would have to alter the position of the photons being exchanged. To counter this, security measures would need to be adjusted.
5. Securer Communication
Quantum security issues are no longer purely theoretical. Recent government legislation demonstrates how the future of cryptography is in danger.
Because quantum computers are currently incapable of breaking current state-of-the-art encryption, businesses can take advantage of the current security landscape. Companies can improve their security one qubit at a time by taking precautions before a threat gets worse.
Conclusion
The new Federal Cybersecurity Act emphasizes the need for businesses to take proactive measures to transition to post-quantum security standards in response to the growing threat of quantum computing. The implications of quantum computing on cybersecurity are becoming increasingly relevant, and businesses need to understand how it may impact their operations. Although quantum computing’s benefits are still largely theoretical, companies must take immediate steps to reduce their exposure to quantum risk, such as creating an inventory of vulnerable systems, adopting quantum-safe tools, finding quantum-security allies, and utilizing quantum cryptography. By implementing these precautions, businesses can improve their cybersecurity and prepare for the digital threats of the future.
As a company, Exponential Digital Solutions (10xDS) is dedicated to helping businesses implement cyber security solutions by recommending and providing the best possible assistance in this area. Talk to our experts and seasoned professionals to know more.