Enterprise Viewpoint Reports: Quantum Security, a Board Perspective
Dave Krauthamer / Enterprise Viewpoint / 23 August 2022
QuSecure is proud to share an article published in Enterprise Viewpoint and written by QuSecure’s CEO, Dave Krauthamer. Dave’s article contains four main sections, in which he elaborates why members of a company’s Board of Directors should concern themselves with their company’s quantum security status.
The article’s four key sections are:
- Being a Cyber Fiduciary: As a board of directors member, you have a fiduciary responsibility to safeguard shareholders’ assets. This extends to intellectual property, corporate data, and IT systems. A significant cyber disruption can also affect customers’ trust in your business. A threat that can cause the value of your data assets and brand to drop precipitously is one worth knowing about.
- Becoming an Educated Consumer: The challenge is distinguishing between different cyber risk levels. Unfortunately, the security industry tends to specialize in the business of over-emphasizing threats to trigger generous spending. This is not helpful; everyone, not just board members, could benefit from becoming an educated consumer of technology and cybersecurity information. Not all cyber risks deserve the same level of investment, but the quantum threat is real. It deserves, at a minimum, immediate focus and a dynamic plan.
- The Quantum Threat, Explained: Understanding the quantum threat requires knowledge of quantum computing. A quantum computer is a device that utilizes quantum physics to perform mathematical operations at speed orders of magnitude faster than even the tightest of today’s supercomputers. A quantum computer could crack modern encryption algorithms with this radically faster speed. A quantum computer could easily breach enterprise systems and data sets secured by conventional cryptography. Digital thieves could get their hands on detailed bank account data, or classified defense secrets. A quantum hack could be an extinction-level event for some organizations.
- Why to Address the Quantum Threat Now: The idea of a quantum hack is not new. Most diligent board members have already encountered it. However, even just a year ago, the emergence of powerful quantum computers was expected to be over a decade in the future. Recent advances in quantum computing and massive investment in the industry by foreign nation-states have made it clear that quantum computing is coming soon. A viable quantum computer is still a few years out, but quantum risk must be addressed now. This is because malicious actors use a “Steal Now, Decrypt Later” strategy, where they actively steal encrypted data to decrypt it when quantum technology is available. The financial and military secrets they steal are incomprehensible to them now. Still, when they crack the encryption keys in the coming years, hackers will have access to all our data, and we will be powerless to do anything. Additionally, it takes time to transition to quantum-secure data processes, which could leave systems vulnerable during migration. This puts a huge impetus on organizations to take immediate action toward quantum security.
The government is taking the quantum threat seriously, and so should board members. The White House issued a National Security Memorandum this May, which mandated that all federal agencies begin the upgrade to post-quantum cybersecurity. In July, NIST (the National Institute of Standards and Technology) also named a set of post-quantum algorithms to standardize post-quantum cryptography. It appears increasingly likely that quantum threat mitigation will become standard policy, especially for businesses that work with the government.
In QuSecure’s view, it should not take a vast array of technical knowledge to grasp the seriousness of the quantum threat. The potential for irreversible, significant damage to enterprises is clear to see. The quantum threat demands attention today, and solutions have emerged that enable organizations to start the process of establishing their quantum-secure future today. Now is the time for board members to investigate post-quantum cyber solutions and drive their organizations to pursue these initiatives.