Simultaneous development in quantum cryptography, hybrid cloud and generative AI will be a decade-defining trifecta for enterprises, predicted CEO Arvind Krishna during the company's Think Conference this week in Orlando, Florida.
While cryptographically relevant quantum computers do not yet exist, as the technology rapidly advances, they may soon reach an ability to break the most widely used security protocols globally and pose a serious impending threat to governments’ and businesses’ classical data systems — prompting the quantum query: will security systems be quantum-ready in time?
The quantum transition
Last year, the National Institute of Standards and Technology (NIST) selected four quantum-safe cryptography algorithms for standardization.
“However, the challenge is in the transition to these quantum-safe cryptography protocols. More tools and resources are needed to help organizations prepare for this post-quantum era,” IBM VP and Fellow Ray Harishankar explained to Silverlinings.
The IBM Quantum Safe technology announced today aims to provide these tools for end-to-end security in a post-quantum era.
According to Harishinkar, a “hack now, harvest later” approach may be taken by bad actors to steal information “which may be encrypted by today’s standards, in hopes of somehow having access to a future, cryptographically-relevant quantum computer capable of hacking into the information they stole.”
“IBM Quantum Safe technology is designed to protect today’s critical, classical data and systems from this threat of future quantum decryption,” he continued.
The key capabilities announced include: Quantum Safe Explorer, a scanning tool to source and locate cryptographic assets and vulnerabilities to then construct a cryptography bill of materials (CBOM); Quantum Safe Advisor, an inventory and guide for remediation and risk prioritization; and Quantum Safe Remediator, a tool to test quantum-safe remediations in order to prepare for full solution deployments.
Along with its toolkit, the company revealed its IBM Quantum Safe Roadmap in efforts to support enterprise customers through their transition, with “technology milestones” to a progressively quantum-safe status, according to the release.
The roadmap notes three phases: Discover, a phase dedicated to dependency analysis and generating a CBOM; Observe, a move to analyze vulnerabilities and establish remediation priorities; and Transform, the final phase for remediation and mitigation. The roadmap “will help with this transition to prepare clients for the post-quantum era. By identifying their cryptography usage and understanding and mitigating risks now, organizations can get ahead of current and future threats related to quantum decryption,” Harishnakar explained.
“We are in a race against time to ensure quantum-safe cryptography adoption keeps up,” he continued. “With new requirements from the NSA [National Security Agency] and White House already starting the journey to quantum readiness for the federal government and national security systems, we hope these new IBM Quantum Safe technology will empower governmental agencies and all other industry organizations everywhere to start their quantum-safe transition.”
Along with the NIST, Harishnakar references the NSA’s announced requirements for national security systems to transition to quantum-safe algorithms by 2025. The White House also released requirements for federal agencies to submit a cryptographic inventory of possible vulnerable systems.