The UK’s National Cyber Security Centre (NCSC) just rolled out crucial guidance to help organizations tackle the IT security challenges posed by quantum computing. This leap in technology comes with exciting possibilities, but it also threatens to upend current encryption methods that keep our sensitive data safe.
We’re in a race to create and implement post-quantum cryptography (PQC). If we can get this right, it will offer encryption methods resilient enough to withstand the power of future quantum computers. The NCSC lays out a clear three-step timeline to help key sectors and organizations adopt quantum-resistant encryption by 2035.
The agency insists that getting a head start on this transition will lead to a smoother migration, minimizing rushed implementations and potential security holes. NCSC’s chief technical officer, Ollie Whitehouse, emphasized the importance of this work by saying that quantum computing could revolutionize technology, but it also introduces serious risks to our current encryption methods. The guidance creates a roadmap to help organizations secure their data against future threats, ensuring that today’s confidential info stays protected down the line.
For smaller businesses, migrating to PQC might be fairly straightforward, especially through managed security services providers. However, larger organizations and those in critical sectors will face a more complex journey, requiring thorough planning and investment.
The NCSC outlines some clear steps for organizations to follow. First, they should identify which cryptographic services need updating and develop a migration plan, aiming for completion by 2028. Next, from 2028 to 2031, these organizations need to prioritize upgrades and adjust their plans as PQC tech progresses. Finally, between 2031 and 2035, the goal is a full shift to PQC across all systems and services.
Looking ahead, 2025 stands out as a pivotal year. Greg Wetmore, vice president of product development at Entrust, noted the uncertainty around when quantum computing will become scalable. He warned that if we’re not prepared, we could face an overwhelming vulnerability for all sensitive information. Unlike past deadlines like Y2K, we won’t get a heads-up for ‘Y2Q.’
Wetmore stressed that organizations are starting to lay down the foundation for quantum-safe infrastructure, and regulators are starting to recognize the importance of PQC. He added that it’s not just about preparation for the arrival of quantum computing; it’s also about guarding against today’s threats, where malicious actors could steal encrypted data now and decrypt it later. He pointed out that some businesses might already be victims of cyber breaches without even realizing it. Adopting quantum-safe standards and infrastructure is essential in preventing this.