November 5, 2024 at 09:13AM
Becky Bracken and Kelly Jackson Higgins discuss the implications of quantum computing on cybersecurity in the podcast “Quantum Has Landed: So Now What?” The episode emphasizes the urgency for organizations to prepare for quantum threats, shifting from reactive to proactive measures in encryption and cyber risk management.
**Meeting Takeaways: Dark Reading Podcast Episode: “Quantum Has Landed: So Now What?”**
1. **Introduction of Topic:**
– Host Becky Bracken introduced the importance of discussing quantum computing and its implications for cybersecurity, particularly in relation to encryption vulnerabilities.
2. **Current State of Quantum Computing:**
– Editor-in-chief Kelly Jackson Higgins emphasized that while quantum computing isn’t widely operational, its potential for breaking current encryption standards (like RSA and ECC) poses significant future threats.
3. **Challenges in Cybersecurity Community:**
– Difficulty in finding practitioners discussing quantum topics highlights a lack of comfort and understanding within the cybersecurity community, leading to a need for comprehensive education.
4. **Guest Experts:**
– Dr. Matthew McFadden from GDIT and Professor Thomas Scanlon from Carnegie Mellon joined to discuss strategies that organizations should adopt to prepare for quantum computing.
5. **Quantum Computing Overview:**
– Jim Donahue provided a primer on quantum computing, explaining its potential to outperform classical computers and the challenges related to creating and managing qubits.
6. **Urgency for Migration:**
– Matthew McFadden stressed the need for organizations to migrate to post-quantum cryptography standards, emphasizing the importance of prioritizing high-risk systems.
7. **Role of Governance and Compliance:**
– Discussions pointed out that compliance will be a driving force for many organizations in navigating the transition to quantum-resistant standards.
8. **Risk Management Insights:**
– A proposed multi-threaded approach includes discovery, assessment, and management of cryptographic assets to achieve “crypto agility.”
9. **Industry Readiness and Hesitance:**
– Organizations are hesitant to take the first step due to uncertainty and lack of established best practices, waiting instead for others to lead by example.
10. **Recommendations for Organizations:**
– Understand the attack surface and perform threat modeling to identify vulnerabilities related to cryptography.
– Pay attention to contract language with vendors regarding their plans for adopting post-quantum cryptographic practices.
11. **Conclusion:**
– The importance of education and clear governance to manage the transition to secure quantum-resistant systems was reiterated. The podcast aims to provide clarification and guidance for cybersecurity practitioners confronting these future challenges.
Overall, the podcast provided a deep dive into the implications of quantum computing on cybersecurity, emphasizing the need for proactive measures, education, and strategic planning in organizations.