In a recent interview with Help Net Security, an independent cybersecurity publication, Glen Leonhard, Director of Key Management at Cryptomathic, discussed the potential of cryptographic agility. The term refers to the concept of businesses transitioning to post-quantum cryptographic algorithms without disrupting existing systems.
With long-term cybersecurity in the spotlight, especially with the growing quantum computing threat, the interview dives into cryptographic agility, the role of quantum computing and how businesses can adapt to new vulnerabilities and regulations.
Help Net Security announced the interview with a post on X:
Unlocking the power of cryptographic agility in a quantum world – https://t.co/fW6oiG8Jnc – @CRYPTOMAThIC #QuantumComputing #Cryptography #Regulation #Standards #CyberSecurity #netsec #security #InfoSecurity #CISO #ITsecurity #CyberSecurityNews #SecurityNews pic.twitter.com/73cLHaKzak
— Help Net Security (@helpnetsecurity) October 11, 2024
Leonhard starts by explaining how quantum computing could disrupt the security landscape by making current cryptographic methods, such as RSA and ECC obsolete. This creates the need to replace cryptographic algorithms by switching to post-quantum algorithms (PQC).
He mentions that cryptographic agility is not a new concept as algorithms have changed over time previously, with RSA key length going from 768 to 1024 to 2048 and finally 3072 bits. Similarly, cryptographic algorithms will need to evolve with the security landscape’s emerging threats and risks.
He goes on to say that while NIST has defined post-quantum cryptographic standards, differing recommendations exist, such as CNSA 2.0 and European standards like BSI and ANSSI. Leonhard concludes that cryptographic agility, critical for creating future-proof cybersecurity systems, should accommodate regional as well as global standards.
Glen Leonhard’s views align with the broader industry, as quantum computing is predicted to reach nearly $1.3 trillion in value by 2035, according to McKinsey and Co. It is known that bad actors have started harvesting encrypted data, waiting for key breakthroughs in quantum computing to be able to decrypt the sensitive data.
This gives businesses a major incentive to build cryptographic algorithms that even powerful quantum computers cannot break. Such algorithms, often called post-quantum cryptography (PQC), will address quantum-driven cybersecurity threats and help future-proof encryption standards, according to Leonhard.
Yet, various challenges exist in the development of cryptographic agility, such as lack of cryptography expertise, inadequate management of cryptographic assets and legacy systems with hardcoded cryptographic standards. Moreover, the adoption will be more expensive for industries like finance, automotive, utility and power, as they will struggle with the cost vs risk balance.
In the end, while cryptographic agility will be key in future-proofing encryption and cybersecurity systems to stay ahead of quantum risks, Leonhard warns,
“The most important aspect when future-proofing an organization’s cybersecurity infrastructure is to maintain a balance between introducing new security measures while at the same time maintaining simplicity. Otherwise, there is a risk of overcomplicating the infrastructure which can lead to complex workflow and general inefficiencies.”
Cryptomathic’s Glen Leonhard reveals that cryptographic agility will be essential to tackle evolving cybersecurity threats. However, he warns that its implementation needs careful planning, adequate expertise, and a phased approach to help organizations brace for future challenges.
Source: https://www.helpnetsecurity.com/2024/10/11/glen-leonhard-cryptomathic-cryptographic-agility/
What is your reaction?
