2024-08-07 –, Florentine F
Advances in quantum computer technology will pose a threat to many cryptographic principles that have been widely adopted, from IoT and smart devices to cloud computing. I will present the latest advancements in quantum computing and predictions for when a cryptographic relevant quantum computer will be available to disrupt current cryptographic technologies. I will discuss organizational threats such as, “harvest now, decrypt later” attacks. I will finish the presentation with an overview of what can be done now, and what will be needed in the future, to help organizations begin thinking about the change ahead of the industry.
This talk has been developed over the past year as a summary of researching operational impacts of quantum computers to classic computers. Advancements in quantum computers have the potential to provide attacks against the foundation of cyber and data security. There are many more technical talks on the subject that go into the mathematical analysis of algorithms. This talk is designed for the operations teams who implement algorithms and make changes to the technology embedded into the Internet connected world we have created.
While symmetric key encryption is expected to remain secure, even implementations of symmetric key encryption for data protection depend on public key cryptography to transmit key material. While adopting new algorithms and publishing them are not new processes, they are both processor and labor intensive and error prone. These issues lead to a conservative approach for most organizations, as consequences of failure usually result in service outages, and sometimes data loss. This conservative approach leads to long tails of adoption of new encryption methods. With the recent advances in quantum computing technology, we are possibly at the point of crossover, where the timeline to change encryption technology and the timeline to the announcement of a cryptographically relevant quantum computer are expected to converge in the next 5 years.
We discuss operational features of new standards, like TLS 1.3, that may challenge organizational adoption where there is reliance on inspection of encrypted payloads. We will talk about other challenges organizations should be aware of, such as aging and incompatible hardware and software.
Using opensource tools, like LibOQS enabled services and browsers, we will show the various components of a “quantum safe lab” that can help organizations understand the compatibility and challenges they may encounter in their “quantum safe” programs.
James is a Director in Microsoft’s Security, Identity and Compliance Business Development and Strategic Ventures (BDSV) team. At Microsoft, BDSV works to identify and help to capture opportunities that will deliver growth not just today but three, five, even ten years out. BDSV leans on the knowledge of the past and the technology of today to anticipate and shape the future of technology and security.
James has been in information security for more than 25 years. He has a successful record of helping large companies in retail, wholesale, aerospace, defense, and nuclear energy sectors recover and rebuild information security programs after significant security events.
A former CISO, security architect, security operations manager and incident responder, James has focused on helping companies mature their security programs through development of threat, vulnerability, and risk management practices. James has authored and co-authored articles featured in Information Security Magazine on the topics of Nation-State sponsored attacks and vulnerability management program development.