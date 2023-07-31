Identifying and preparing for future risks is core to enterprise cyber-resilience. But it\u2019s not something that CIOs need to manage alone. Technology vendors can provide insights and intelligence to help organisations identify emerging threats.\n\nHP is a case in point. With cyber security products and services, and the research of the HP Security Lab at HP Labs, it provides IT decision makers with leading-edge technology and services to help keep ahead of threats.\n\nJust one of the many threats currently on its radar is the potential risk that quantum computing presents to cryptography. In particular, the threat is to a type of cryptography called asymmetric cryptography which today\u2019s IT systems rely on massively for the security of data encryption solutions as well as digital signature applications. Many security technologies are at risk including TLS, IPsec, X.509, SSH, and most authentication protocols.\n\nAny potential weakness in cryptography is a global threat. Tommy Charles, chief cryptographer at the HP Security Lab, says: \u201cLosing asymmetric cryptography is analogous to a zero-day attack with the power to break almost every element of the enterprise tech stack, from user authentication and code signing, to encrypted storage and secure network communications. The potential scale of the impact is unlike anything we have seen to date.\u201d\n\nToday\u2019s asymmetric cryptography uses one-way functions to secure data via a public key. The mathematical problems underpinning one-way functions make it practically impossible to reverse the process without access to the private key.\n\nQuantum computing threatens to fundamentally undermine this approach by taking advantage of how subatomic particles behave. What\u2019s more, algorithms designed to run on quantum computers ensure probabilities accumulate while they run, making it possible to crack even the most challenging of mathematical puzzles. And while today\u2019s quantum computers are only making a start, it is expected that the technology will mature and give them the speed and power of calculation to threaten cryptography.\n\n \u201cAs quantum computing progresses, cryptographic inversion becomes easier. Threat actors will be able to crunch numbers in huge volumes while also enabling the probabilities for solving the underlying mathematical problem to stack up,\u201d says Thalia Laing, cryptographer and security researcher at the HP Security Lab.\n\nHow likely is it that this threat will materialise? According to a survey of quantum experts by the Global Risk Institute, 50% of respondents believe there\u2019s more than a 30% chance of a cryptographically relevant quantum computer being invented by 2032. For Charles, this is a risk no business should take: \u201cno matter how you look at it, there\u2019s a significant chance that the cryptography your business relies on most is going to be broken. Businesses have an imperative to act,\u201d he says. \n\nFortunately, progress is already being made in the area of new, quantum-safe encryption standards. The US\u2019 National Institute of Standards and Technology (NIST)has led an international collaboration which recently selected four quantum-resistant algorithms that are able to run on standard, binary computers.\n\nThree of these solve the quantum dilemma through \u201cstructured lattices\u201d, which use many more mathematical equations than in legacy asymmetric cryptography which relied on the hard \u201cfactorisation\u201d problem. The new approach adds \u201cnoise\u201d to encryptions through deliberate errors. With structured lattices, recovering values from encrypted text is a near-impossible challenge, even using quantum computing.\n\nHowever, the move to quantum-safe cryptography will take time and involve considerable effort. Laing says: \u201cIt\u2019s likely that cryptographic algorithms in use today will be replaced by a broader suite of quantum-safe alternatives. This will help businesses provide protection for their various use cases with best-fit solutions, while also building resilience by having some fallback options. And with the use of new algorithms, a vulnerability may yet be discovered in how they are used. As such, it is likely that legacy and new algorithms will coexist for a while in a hybrid approach until quantum-safe technology matures.\u201d\n\nHP can already advise businesses on how to plan for a quantum-safe future. For IT leaders who want to understand the risk and be able to act, Charles outlines a number of practical steps:\n\nGiven the magnitude of this potential threat, HP advises IT leaders to demonstrate an abundance of caution. Charles concludes: \u201cWith regard to the quantum challenge, IT leaders should move forward cautiously and in a controlled manner from what we trust now to what we will trust in the future. Implement practical solutions while being aware of the usual vulnerabilities that can come with new systems.\u201d\n\nProtect your business from the threats facing your industry with our in-depth security guide. You can learn more about the HP Security Lab here.\n\nHP has several exciting events coming up this year \u2013 click on each to learn more.