Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

IBM Delivers Roadmap for Transition to Quantum-safe Cryptography

IBM’s Quantum Safe Roadmap was designed to help federal agencies and business meet the requirements and the deadlines for quantum safe cryptography.

Quantum safe cryptography.

IBM has introduced a quantum-safe roadmap to help the complex organizational transition to post-quantum cryptography at this year’s annual Think conference.

There are deadlines by which federal agencies must complete the transition to quantum-safe cryptography. Business is expected to follow the same path, but it is a long and difficult route. IBM has developed a three-stage solution it calls the IBM Quantum Safe Roadmap.

“This roadmap serves as a commitment to transparency, predictability, and confidence as we guide industries along their journey to post-quantum cryptography. There’s a lot happening at once — new algorithms, standards, best practices, and guidance from federal agencies. We hope that this roadmap will serve as a navigational tool through this complex landscape,” it announced.

The background is the assumption that much of our current cryptography will be easily cracked with the arrival of cryptographically relevant quantum computers, which are expected earlier than general-purpose quantum computers. Even though this may be several or even many years in the future, encrypted confidential data stolen by nation-state or criminal gangs now will become readable at that time. Quantum safety is a pressing concern.

NIST has been running a competition to develop new algorithms capable of withstanding decryption by quantum computers. In July 2022, it announced that it had selected four algorithms for standardization (three of which were developed with IBM involvement). These standards will be published and become official in 2024.

In November 2022, the OMB issued a Memorandum on Migrating to Post-Quantum Cryptography, including details with timelines on the steps required of federal agencies. “This memorandum describes preparatory steps for agencies to undertake as they begin their transition to PQC by conducting a prioritized inventory of cryptographic systems,” it announced.

The IBM Quantum Safe Roadmap is designed to help both federal agencies and business enterprises meet both the requirements and the deadlines for quantum safe cryptography.

The roadmap comprises three separate products – two of which are available now, with the third currently in its first generation but timed to be fully available at the time it is needed. The three products are Quantum Safe Explorer, Quantum Safe Advisor, and Quantum Safe Remediator. These three products correspond to the discover, observe, and transform stages of the roadmap.

Advertisement. Scroll to continue reading.

The Explorer enables organizations to scan source and object code to locate cryptographic assets, dependencies, and vulnerabilities. The result is what IBM calls a cryptography bill of materials (CBOM), aggregating all relevant details into a single location.

The Advisor creates a dynamic view of the cryptographic inventory to guide remediation, and analyzes cryptographic posture and compliance to prioritize risks.

IBM Quantum Safe Roadmap

The Remediator enables organizations to deploy and test best practice-based quantum-safe remediation patterns to understand the potential impacts on systems and assets as they prepare to deploy quantum-safe solutions. “It allows you to work with different quantum-safe algorithms, certificates and key management services,” says IBM. “It also helps you achieve crypto agility so that you can quickly adapt to changing policies and threats without significant operational or budgetary implications.”

In 2025, the NSA will require national security systems to prefer quantum-safe algorithms while configuring their systems. Use of such algorithms will become mandatory for commercial products used in these systems, meaning that within two years, organizations working with the federal government will need to begin their quantum-safe transition. “By then,” says IBM, “Remediator will offer a hybrid approach, enabling traditional as well quantum-safe cryptography.”

The complexity of transitioning to quantum-safe cryptography within prescribed timelines means the urgency is already here. 

“As the era of quantum computing quickly approaches reality, it is imperative that quantum-safe technologies are also deployed to protect today’s classical systems and data,” comments Patrick Moorhead, CEO and founder of Moor Insights and Strategy. “What the world needs to secure data for the quantum age is expertise in world-class quantum technology and advanced cryptography, alongside decades of product development experience for critical infrastructure. These pillars are where I believe IBM excels, and now with a quantum-safe roadmap to lead the industry and new technologies to simplify migration, I look forward to seeing the advancement of quantum-safe journeys globally.” 

Related: Cyber Insights 2023 | Quantum Computing and the Coming Cryptopocalypse

Related: CISA Urges Critical Infrastructure to Prepare for Post-Quantum Cryptography

Related: NIST Post-Quantum Algorithm Finalist Cracked Using a Classical PC

Related: US Gov Issues Security Memo on Quantum Computing Risk

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...