World Economic Forum features QuSecure case study in groundbreaking report on migrating to Post-Quantum
Jeremy Jurgens / World Economic Forum / 12 Sept 2022
The World Economic Forum in collaboration with Deloitte and QuSecure present a white paper on Transitioning to a Quantum-Secure Economy. Authors and contributors Jeremy Jurgens, Isaac Kohn, Colin Soutar and Rebecca Krauthamer write about how quantum technologies and their applications have the potential to transform our lives.
Key points from the white paper include:
- Advances in quantum computing will introduce significant risks via the potential threat of disruption to some widely used encryption standards. Organizations must act now to evaluate their readiness to adapt to the quantum threat which is expected to have a large and disruptive impact on the current digitally dependent economy. The unknown timeline of this quantum risk – which could lead to a “not me, not now” response – may impose a more significant impact than is necessary.
- Guidance is provided for a secure quantum transition which organizations need to embrace now to avoid playing catch-up with the technology. To achieve this transition, organizations need to:
- Build awareness around the quantum threat, by educating senior leaders on the systemic impact. The quantum threat feels far away and largely abstract for many organizations. To combat this, organizations will need to face what is known, but also accept there are implications that are still unknown. Conducting initial quantum readiness assessments will help leaders determine the specific threats their organizations face. Executive buy-in is key to ensure the quantum transition attracts appropriate investment and prioritization.
- Plan and prepare by adopting a quantum-safe strategy and transition roadmap. Addressing the quantum threat requires organizations to plan and create a timeline that sequences immediate, near-term (3-5 years) and longer-term actions. Organizations should consider adopting a “crypto-agile” posture, enabling them to readily transition cryptographic capability. This will help them prioritize a transition to quantum security as technology advancements and threat knowledge continue to evolve.
- Initiate the transition, leveraging hybrid solutions. Organizations adopting quantum resistant security will more than likely leverage hybrid solutions that integrate both classical and quantum-ready approaches. This will give organizations some assurance that existing security remains intact, while overlaying that security with relatively new post-quantum cryptography algorithms.
- An example of how to run a phased approach deployment to address quantum risk for a healthcare provider was developed by QuSecure’s Chief Product Officer Rebecca Krauthamer:
- “Healthcare data remains relevant for years – and often decades. This puts the healthcare industry at risk of “harvest now, decrypt later” attacks. After learning about the quantum threat, the leadership at a large healthcare provider sought help to start a phased approach to adopting post-quantum cryptographic standards. A network of clinics within the company has transmitted patient records between physical locations continuously for the past two decades. Given the mix of legacy and modern equipment, any proposed solution should: 1) overlay legacy network infrastructure, 2) support expected network performance and 3) maintain communication with non-upgraded equipment. To begin the phased approach, a combination of quantum random number generator, postquantum cryptosystems, protocols and traffic monitoring software was deployed in a single pilot clinic to demonstrate quantum-resilient data transmission. After successful testing, the healthcare provider is now rolling out the solution to a broader number of clinics to ensure a phased and complete transition.”