Quantum Security Risks

🚨 New OMB Report on Post-Quantum Cryptography (PQC)🚨 The Office of Management and Budget (OMB) has released a critical report detailing the strategy for migrating federal information systems to Post-Quantum Cryptography. This report is in response to the growing threat posed by the potential future capabilities of quantum computers to break existing cryptographic systems. **Key Points from the Report:** 🔑 **Start Migration Early**: The report emphasizes the need to begin migration to PQC before quantum computers capable of breaking current encryption become operational. This proactive approach is essential to mitigate risks associated with "record-now-decrypt-later" attacks. 🔑 **Focus on High-Impact Systems**: Priority should be given to high-impact systems and high-value assets. Ensuring these critical components are secure is paramount. 🔑 **Identify Early**: It's crucial to identify systems that cannot support PQC early in the process. This allows for timely planning and avoids migration delays. 🔑 **Cost Estimates**: The estimated cost for this transition is approximately $7.1 billion over the period from 2025 to 2035. This significant investment underscores the scale and importance of the task. 🔑 **Cryptographic Module Validation Program (CMVP)**: To ensure the proper implementation of PQC, the CMVP will play a vital role. This program will validate that the new cryptographic modules meet the necessary standards. The full report outlines a comprehensive strategy and underscores the federal government’s commitment to maintaining robust cybersecurity in the quantum computing era. This is a critical step in safeguarding our digital infrastructure against future threats. #Cybersecurity #PQC #QuantumComputing #FederalGovernment #Cryptography #DigitalSecurity #OMB #NIST

👍 The בנק ישראל Bank of Israel has published a directive addressed to “Banking Corporations and Licensed Payment Service Providers Chairman of the Board and CEO” on requirements related to cyber risks associated to the development of quantum computing. Highlights: 👉 It is important to prepare the banking system for information security and cyber risks related to quantum computing. 👉 Organizations are required, at a minimum, to: 📌 Raise awareness within the banking corporation, continuously monitor developments in quantum computing, and assess the associated cyber risks Inform all relevant parties within the banking corporation, including the board of directors and senior management 📌 This topic should be discussed periodically in line with technological developments, at least once every two years, and include a review of general developments in quantum computing 📌 Continuously monitor ongoing developments in quantum computing that may impact cyber defense 📌 Integrate quantum computing considerations into the cyber risk management process with the supply chain 📌 Avoid reliance on suppliers and manufacturers that are not preparing for the quantum era 👉 Mapping and Managing Encrypted Information Assets 📌 Map encrypted information assets and processes (Discovery and inventory) 📌 Create a transition plan 📌 Metadata to include in the inventory: - Type of encryption algorithm and key length - Information owner’s details - Systems and applications using the algorithm - Duration for which the encrypted information is valid and must remain encrypted - Sensitivity and criticality level of the information 👉 Development of skills and capabilities 📌 Start preparing to build an infrastructure that will enable the banking corporation to be adequately prepared: 📌 Train employees 📌 Define the resources that will be needed 📌 Assess the compatibility with PQC of the existing infrastructure 📌 Prepare for the transition 📌 Identify affected policy documents and procedures, and plan to update and validate them 📌 Define alternative solutions for cases where systems cannot be converted Organizations are required to develop an initial plan addressing these points. The plan should be discussed by the board of directors and management. 📅 This preparedness plan should be submitted to the Banking Supervision Department within one year from the date of the directive (January 7th, 2025).   This directive reminds the advisory published by the Monetary Authority of Singapore (MAS) on February 2024, although it is more execution oriented, including a deadline. Bank of Israel directive: https://lnkd.in/dQj-dyce MAS advisory: https://lnkd.in/dSbpTuYK #cybersecurity #pqc #quantum #cryptography

🗞️ Needed report By CyberArk on a burning issue : identity security. A decisive element that will determine our ability to restore digital trust. 🔹 « Identity is now the primary attack surface. » Defenders must secure every identity — human and machine 🔹 with dynamic privilege controls, automation, and AI-enhanced monitoring 🔹and prepare now for LLM abuse and quantum disruption. Machine identities are the fastest-growing attack surface 🔹Growth outpaces human identities 45:1. 🔹Nearly half of machine identities access sensitive data, yet 2/3of organizations don’t treat them as privileged. Quantum readiness is urgent 🔹Quantum computing will break today’s cryptography (RSA, TLS, identity tokens). 🔹Transition planning to quantum-safe algorithms must start now, even before standards are finalized. Large Language Models include prompt injection, data leakage, and misuse of AI agents. So organizations must treat them as a new class of machine identity requiring monitoring, access controls, and secrets management. 🧰 What can we do? ⚒️ 1/ Implement Zero Standing Privileges (ZSP) • Remove always-on entitlements; grant access dynamically and just-in-time. • Minimize lateral movement by revoking privileges once tasks are complete 👥2/ Secure the full spectrum of identities • Differentiate controls for workforce, IT, developers, and machines. • Prioritize machine identities: vault credentials, rotate secrets, and eliminate hard-coded keys. 🛡️ 3/ Embed intelligent privilege controls • Apply session protection, isolation, and monitoring to high-risk access. • Enforce least privilege on endpoints; block or sandbox unknown apps. • Deploy Identity Threat Detection & Response (ITDR) for continuous monitoring. ♻️ 4/ Automate identity lifecycle management • Use orchestration to onboard, provision, rotate, and deprovision identities at scale. • Relieve staff from manual tasks, counter skill shortages, and improve compliance readiness. 5/ Align security with business and regulatory drivers • Build an “identity fabric” across IAM, PAM, cloud, SaaS, and compliance. • Tie metrics (KPIs, ROI, cyber insurance conditions) to board-level priorities. 6/ Prepare for next-generation threats • Establish AI/LLM security policies: control access, monitor usage, audit logs. • Begin phased adoption of post-quantum cryptography to protect long-lived sensitive data. Enjoy the read

The CXO’s guide to Quantum Security Customers often tell me that the migration to post-quantum cryptography (PQC) will take them years, and some assets won’t ever be upgraded. While quantum’s long-term threat is clear, security leaders are grappling with the practical, multiyear journey of upgrading potentially thousands of devices, applications and data stores to be quantum-resistant. The “harvest now, decrypt later” threat raises the stakes. Nation-state actors are siphoning and stockpiling encrypted data today, waiting for the arrival of quantum computers to retroactively break it. The implication? Sensitive data may already be in the wrong hands and it’s only a matter of time before it can be put to use. What CXOs need is a clear path forward: Discover - Complete a comprehensive crypto inventory across your environment. You cannot protect what you cannot see. Protect - Achieve post-quantum decryption at scale with NGFW that have crypto-agility built right in, enabling your security as standards evolve.   Accelerate - Leverage segmentation along with emerging new capabilities, like cipher translation, to instantly upgrade legacy devices and applications to secure your data now while your organization upgrades devices and applications.  Read more https://bit.ly/4nVkurw

The (possible) future of Cyber security… Where Quantum Key Distribution (QKD) has completely replaced today’s Public Key Infrastructure (PKI), and within 5-15 years asymetric cryptographic algorithms are rendered entirely or partially unusable (Forrester)… but it’s not Armageddon, we can be prepared 😅 Thank you Yvette Lejins and ADAPT for a fantastic ’fireside chat’ and discussion about what CIOs and CSIOs can do now to prepare for Quantum: 🔒 Know your risk appetite: what is your migration time (to new cryptography or QKD); Security/ Data Shelf Life (time data needs to be protected); Risk exposure timeframe (I.e. when will Quantum computing crack Shores’ algorithm - take your pick of expert probabilities!) 🔒Re-design your infrastructure for cryptographic agility. Reduce the number of data encryption/decryption points to reduce the threat surface and complexity of cryptographic migration processes. 🔒 Implement post-quantum algorithms. Adopt algorithms that have been approved by NIST or an equivalent standards body to ensure the smoothest transition. 🔒Invest in capability. Less than 50% of quantum computing jobs expected to be filled by 2025 (McKinsey & Company) Tenar Larsen Jim Berry Matt Boon Maushumi (Maya) Mazid Jenny Francis David Gee GAICD Nick Haigh Jayden Cooke Gabby Fredkin #adaptsecurityedge #cyberrisk #riskappetite #quantumcomputing

The rapid advancements in quantum computing are pushing businesses to rethink data protection, requiring swift adaptation to new encryption techniques and infrastructure to stay secure in an increasingly vulnerable digital landscape. Quantum computing, utilizing qubits, can perform computations far faster than traditional computers, presenting challenges for standard cryptographic systems like RSA and ECC, which are vulnerable to quantum attacks. Businesses must assess risks, update their infrastructure with post-quantum cryptography, and train personnel accordingly. Adopting a hybrid strategy combining traditional and quantum-resistant cryptography ensures smoother transitions. Continuous monitoring of technological advancements and compliance with updated regulations is essential for safeguarding sensitive data in the quantum era. #QuantumComputing #cryptography #DataProtection

"Unbreakable? Defending Data in A Quantum-powered World" In my article in this month’s issue of Cyber Defense Magazine, I discuss how quantum computing challenges traditional encryption methods and the urgent need to address emerging cybersecurity risks. As quantum technology evolves, CISOs and IT security professionals must proactively adapt. To stay ahead of quantum-powered threats, I recommend focusing on: 🛡️ Evaluating quantum vulnerabilities 🔒 Transitioning to quantum-safe encryption 🚀 Leveraging quantum-enhanced tools 🤝 Collaborating with experts in the industry 🔗 Read the full article and the entire issue here: https://lnkd.in/gTAtvtFx Terra Quantum AG #QuantumIsNow #DataProtection #PostQuantumCryptography #Cybersecurity

Letter Q: Quantum Computing Threats: A Strong Upcoming Risk for Organizations Our "A to Z of Cybersecurity" ventures into Quantum Computing (QC) - a revolutionary technology with the potential to crack current encryption methods. While still in its early stages, QC poses a significant future threat. The Looming Storm: · Breaking Encryption: QC could potentially break the encryption algorithms that safeguard our data today. · Vulnerable Infrastructure: Critical infrastructure protected by current encryption could become exposed. · Long-term Threat Landscape: The impact of QC might not be immediate, but proactive planning is essential. Shielding Your Digital Stronghold: · Post-Quantum Cryptography (PQC): Standardization efforts are underway to develop new encryption algorithms resistant to QC attacks. · Risk Assessment & Inventory: Identify and prioritize data assets that could be most vulnerable to QC attacks. · Phased Security Transition: Develop a long-term plan to migrate to PQC algorithms as they become available. The Time to Prepare is Now: Quantum computing is not a science fiction threat. By staying informed, adopting PQC solutions when available, and planning for a smooth transition, organizations can start building defenses against this future risk. #Cybersecurity #QuantumComputing #A2ZofCybersecurity