CIOs must prepare their organizations today for quantum-safe cryptography

Quantum computers are emerging from the pure research phase and becoming useful tools. They are used across industries and organizations to explore the frontiers of challenges in healthcare and life sciences, high energy physics, materials development, optimization and sustainability. However, as quantum computers scale, they will also be able to solve certain hard mathematical problems on which today's public key cryptography relies. A future cryptographically relevant quantum computer (CRQC) might break globally used asymmetric cryptography algorithms that currently help ensure the confidentiality and integrity of data and the authenticity of systems access.

The risks imposed by a CRQC are far-reaching: possible data breaches, digital infrastructure disruptions and even widescale global manipulation. These future quantum computers will be among the biggest risks to the digital economy and pose a significant cyber risk to businesses.

There is already an active risk today. Cybercriminals are collecting encrypted data today with the goal of decrypting this data later when a CRQC is at their disposal, a threat known as "harvest now, decrypt later." If they have access to a CRQC, they can retroactively decrypt the data, gaining unauthorized access to highly sensitive information.

Post-quantum cryptography to the rescue

Fortunately, post-quantum cryptography (PQC) algorithms, capable of protecting today's systems and data, have been standardized. The National Institute of Standards and Technology (NIST) recently released the first set of three standards:

• ML-KEM: a key encapsulation mechanism selected for general encryption, such as for accessing secured websites
• ML-DSA: a lattice-based algorithm chosen for general-purpose digital signature protocols
• SLH-DSA: a stateless hash-based digital signature scheme

Two of the standards (ML-KEM and ML-DSA) were developed by IBM® with external collaborators, and the third (SLH-DSA) was co-developed by a scientist who has since joined IBM.

Those algorithms will be adopted by governments and industries around the world as part of security protocols such as "Transport Layer Security" (TLS) and many others.

The good news is that these algorithms are at our disposal to protect against the quantum risk. The bad news is that enterprises must migrate their estate to adopt these new PQC standards.

Previous cryptography algorithm migration programs took years to complete. Ask yourself as an organization: how long was your SHA1 to SHA2 migration program? What about your public key infrastructure (PKI) upgrade program where you increased the PKI trust chain key size from 1024-bit to 2048-bit keys or 3072-bits or 4096-bit keys? How long did all that take to roll out across your complex enterprise environment? Several years?

The impact from quantum computing and the implementation of the PQC standards is vast, covering a comprehensive estate of your organization. The quantum computing risk affects many more systems, security tools and services, applications and network infrastructure. Your organization needs to immediately transition toward PQC standards to safeguard your assets and data.

Start adopting quantum-safe cryptography today

To protect your organization against "harvest now, decrypt later" risks, we advise you to run a quantum-safe transformation program. Start adopting tools and use services that allow you to roll out the recently announced PQC encryption standards.

IBM has developed a comprehensive quantum-safe program methodology, which is currently running across dozens of clients, spread across key industries and dozens of countries, including national governments.

We advise clients to adopt a program with the following key phases:

• Phase 1: Prepare your cyber teams by delivering quantum risk awareness and identifying your priorities across the organization.
• Phase 2: Prepare and transform your organization for migration to PQC.
• Phase 3: Run your organization's migration to PQC.

Phase 1: Prepare your teams

In phase 1 of the program journey, focus on key areas, such as creating an awareness campaign across the organization to educate stakeholders and security subject matter experts (SMEs) on the quantum risk. Establish quantum-safe "ambassadors" or "champions" who stay on top of the quantum risk and quantum-safe evolution and act as central contact for the program and help shape the enterprise strategy.

Next conduct risk assessments regarding the quantum risk against your organization's cryptographically relevant business assets-which is any asset that uses or relies on cryptography in general.* For example, your risk and impact assessment should assess the business relevance of the asset, its environment complexity and migration difficulty, among other areas of assessment. Identify vulnerabilities within the business assets, including any urgent actions, and produce a report highlighting the findings to key stakeholders, helping them understand the organizational quantum risk posture. This can also serve as a baseline for developing your enterprise's cryptography inventory.

Phase 2: Prepare your organization

In phase 2, guide your stakeholders on how to address the identified priority areas and potential cryptographic weaknesses and quantum risks. Then, detail remediation actions, such as highlighting systems that might not be able to support PQC algorithms. Finally, express the objectives of the migration program.

In this stage, IBM helps clients outline a quantum-safe migration roadmap that details the quantum-safe initiatives required for your organization to reach its objectives.

As we advise our clients: Consider critical initiatives in your roadmaps, such as developing a governance framework for cryptography, prioritizing systems and data for PQC migration. Update your secure software development practices and guidelines to use PQC by design and produce Cryptography Bills of Material (CBOMs). Work with your suppliers to understand third-party dependencies and cryptography artifacts. Update your procurement processes to focus on solutions and services that support PQC to prevent the creation of new cryptographic debt or new legacy.

One of the key required capabilities is 'cryptographic observability,' a cryptographic inventory that allows stakeholders to monitor the progress of adoption of PQC throughout your quantum-safe journey. Such an inventory should be supported by automatic data gathering, data analysis and risk and compliance posture management.

Phase 3: Run your migration

In phase 3, your organization runs the quantum-safe migration program by implementing initiatives based on priority systems/risk/cost, strategic objectives, delivery capacity, etc. Develop a quantum-safe strategy enforced through your organizational information security standards and policies.

Run the technology migration by using standardized, tested and proven reference architectures and migration patterns, journeys and blueprints.

Include the enablement of cryptographic agility within the development and migration solutions and implement cryptographic decoupling by abstracting local cryptography processing to centralized, governed and easily adaptable platform services.

Include in your program a feedback loop with lessons learned. Allow for the innovation and rapid testing of new approaches and solutions to support the migration program in the years ahead.

Challenges to expect during your PQC transition

Many elements are challenging to migrate. For example, fundamental components of internet infrastructure, such as wide area networks (WANs), local area networks (LANs), VPN concentrators and Site-2-Site links, will be more complex to migrate. Therefore, these elements require more attention than those that have limited use within the organization. Core cryptography services such as PKI, key management systems, secure payment systems, cryptography applications or backends such as HSMs, link encryptors and mainframes are all complex to migrate. You need to consider the dependencies on different applications and hardware, including technology interoperability issues.

You should also consider performance testing the PQC standards against your in-house systems and data workflows to help ensure compatibility and performance acceptability and identify any concerns. For example, PQC sometimes requires longer key sizes, ciphertext or signature sizes compared to currently used algorithms, which will need to be accounted for in integration and performance testing. Some organization-critical technologies still rely on legacy cryptography and might find it difficult or even impossible to migrate to PQC standards. Application refactoring and redesign might be required.

Other challenges include lack of skills or lack of documentations, which have created knowledge gaps within your enterprise. Hardcoded information within systems/config files/scripts, etc., will make it even more complex to migrate.

Make sure that your encryption keys and digital certificates are accurately tracked and managed. Poor management will further complicate the migration.

Not all use cases will be tested by international PQC working groups. There will be many combinations or configuration of technologies unique to your organizations, and you need to thoroughly test your systems from an end-to-end workflow perspective.

Don't wait for regulations to catch up

Now that NIST has released a first set of PQC standards, we need to anticipate that regulation outside of the US will follow quickly. Examples in the context of the financial industry are:

• In the EU, the Digital Operations Resilience Act (DORA) explicitly mentions quantum risks in a regulatory technical standard in the context of ICT risk management.
• The Monetary Authority of Singapore (MAS) has called out a need that "senior management and relevant third-party vendors understand the potential threats of quantum technology." It also mentions the need for "identifying and maintaining an inventory of cryptographic solutions."
• The Payment Card Industry Data Security Standard (PCI DSS) v4.0.1 now contains a control point that requires "an up-to-date inventory of all cryptographic cipher suites and protocols in use, including purpose and where used."

Therefore, we advise you to focus on developing your cryptography governance framework, which includes the development of a quantum-safe strategy for your organization. It should be aligned to your business strategic goals and vision and target timescales. A center of excellence should support and advise as part of the transformation program. The governance framework should focus on core pillars such as your organization's regulatory oversight, cryptographic assurance and risk management, delivery capacity building and PQC education. It should support adoption of best practices within your application development and supply security architecture patterns and technical design review boards.

The transformation program is going to be long and complex. It requires numerous cross-departmental engagement and a wide range of skills. Ensure you manage and observe team morale and consider your organization's working culture and change management practices to help ensure program cohesion across the many years of delivery.

Also, consider partnership development, as many organizations depend on many vendors specific to their industry and ecosystem. Collaborate with others within your industry to learn and share ideas to address the quantum risk and PQC migration together through working groups and user groups.

From an operational perspective, help ensure you have a traceability catalog of key enterprise and business services mapped to regulations and laws and start planning a timeline for transition around each.

How IBM helps organizations with their quantum-safe journey

IBM helps implement quantum-safe migration for clients in financial services, insurance, telecommunication, retail, energy and other industries. We help clients understand their quantum risks, improving their cryptographic maturity and agility, defining their quantum-safe targets and implementing various transformation initiatives, supported by a broad set of technology assets.

At the same time, we are helping to start industry consortia to drive adoption of quantum-safe cryptography, such as:

• In 2022, together with the GSMA and Vodafone, IBM started the Post Quantum Telco Network Taskforce (PQTN) to help the telco industry with adoption of PQC.
• In 2023, IBM, together with industry partners, started the PQC Coalition with MITRE to accelerate adoption of PQC in commercial and open source. In 2024, IBM helped set up the Post-Quantum Cryptography Alliance to drive PQC adoption forward as part of the Linux foundation.

Now that the first set of PQC standards have been released, organizations are expected to have a proper quantum-safe migration program in place. A solid program should include thorough risk and impact assessments, quantum-safe objectives and the right level of stakeholder attention. Prepare now for the adoption of quantum-safe standards and use technology to accelerate your journey.

* Note: in many cases even the usage of symmetric cryptography will rely on some form of public key cryptography for example key exchange.