At RSA 2019, John Prisco of Quantum Xchange discussed what solutions organizations should consider to protect against quantum threats.
At RSA 2019, TechRepublic Senior Editor Alison DeNisco Rayome spoke with John Prisco of Quantum Xchange about what solutions organizations should consider to protect against quantum threats. The following is an edited transcript of the interview.
Alison DeNisco Rayome: What are some of the biggest cyberthreats involved in quantum computing right now?
John Prisco: Well, quantum computing is going to allow factoring of public keys. So it's actually going to destroy public key cryptography, and every eCommerce transaction or any secure transaction will no longer be secure.
Alison DeNisco Rayome: And what are some policies or tech solutions that companies and governments can look to put in place to stop this from happening?
John Prisco: Well, a ready solution to the quantum threat is quantum key distribution. And the way that works is the key is not made up like an RSA key, it's made of photons. And because it's made of photons, if anyone tries to intercept the key they will change the encoding on that key, and the key will become useless. And that's relying on a law of physics, so it's a fairly unbreakable approach to thwarting the quantum computer threat.
SEE: IT leader's guide to the future of quantum computing (Tech Pro Research)
Alison DeNisco Rayome: And how long do you think we have until the quantum computer threat really is a reality for us?
John Prisco: Well, I think the quantum computer threat has been a reality for us for some years now. And the reason I say that is because nefarious actors are harvesting data, and with the data they're harvesting the key, the RSA key, that is used to transmit it and to encrypt it. And they're storing that data for the time when a quantum computer will be available, then they'll be able to break the key and actually get clear text from the secure communications. So you have to do something about it now, and quantum key distribution is a way to take care of it.
Alison DeNisco Rayome: And do you have any advice for CISOs or any other security practitioners in terms of this threat coming, or how to get started fighting it?
John Prisco: Well, I think the threat is here. There are a number of countries that are advancing in building quantum computers, China, Russia, so in order to stave off that threat try to do some kind of quantum key distribution network. It would be advisable. There's also post quantum cryptography, which is being formulated by MIST. However, they're predicting that there won't be a standard for another four or five years.
SEE: Quantum computing: An insider's guide (TechRepublic download)
So it's not so much the question of let's not worry about this until quantum computers that can factor these large key numbers are available, the problem is here now, because people are stealing data, they're steal the key, it's only a matter of time before they'll be able to crack that key, and then decrypt the secure information.
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Phishing attacks: A guide for IT pros (TechRepublic download)
- Information security policy (Tech Pro Research)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- The best password managers of 2019 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)