Quantum computing is currently a major topic of discussion in scientific and technological circles. Many believe that within the next decade, quantum computers could emerge with their full potential. This could create unprecedented opportunities in fields ranging from drug discovery to financial modeling. However, it will also bring significant changes and risks to cybersecurity. There are concerns that quantum-capable hackers or state-level adversaries will be able to easily break current encryption methods. For this reason, the National Institute of Standards and Technology (NIST) in the United States is conducting intensive research and developing standards for quantum-resistant or “post-quantum” cryptography.
First Step Towards Quantum Security: NIST’s Role
For nearly a decade, NIST has been researching and evaluating post-quantum cryptography algorithms. Finally, this summer (most likely), they are set to release a definitive standard that will provide the necessary foundation for quantum-secure encryption and digital signatures. This standard may be made mandatory for U.S. federal agencies, and later, other organizations—especially those in regulated industries or managing critical infrastructure—are expected to follow suit. Colin Soutar, Managing Director of Risk and Financial Advisory at Deloitte, remarks, “This is actually the start of the race, not the end. Once standards become mandatory at the federal level, the commercial sector will also begin to comply. However, those responsible for critical infrastructure should not wait for laws or regulations—they should start preparing now.”
Why Start So Early?
Once quantum computers gain the ability to break current public key cryptography, there will be significant security risks on a large scale. Chief among these is the threat of the “Harvest Now, Decrypt Later” attack—that is, encrypted data collected today could be easily decrypted in the future using a quantum computer. Information that must remain secret today could cause substantial harm if exposed a few years down the line. It’s not just encryption that is at risk; digital signatures could also be vulnerable to quantum attacks. Scott Buchholz, Deloitte’s Quantum Computing Lead, notes, “The scariest part about digital signatures is: if someone can forge or tamper with a signature, it becomes extremely difficult to distinguish between genuine and fake. It could become very hard to verify what is true and what is false.”
Harvest Now, Decrypt Later
20 Billion Devices and the Need for Massive Change
Studies have shown that there are around 20 billion digital devices worldwide, all of which will need to be upgraded or replaced with quantum-secure methods within the next 20 years. If you consider it, encryption is used everywhere—from phones, computers, and servers to network devices. Incorporating post-quantum algorithms or replacing existing ones in these contexts is no easy task. Furthermore, new algorithms will require changes at the levels of hardware, firmware, operating systems, and network protocols. That is why adequate preparation for this massive undertaking is essential. As Soutar says, “If anyone thinks ‘Quantum is still far off—there’s no need to do anything now,’ that would be a big mistake. Preparation itself takes a long time, often five to ten years. So if you don’t start getting ready now, you risk falling behind in the future.”
Risk Assessment and Roadmap
This change in cybersecurity should not be approached merely as “something to comply with under regulatory pressure,” but with a risk-based plan. It is important to consider which tasks should be prioritized, where more investment is needed, and how to integrate with legacy systems. According to Deloitte expert Ethan Burms, “Since quantum-ready algorithms are deeply embedded in technology, widespread changes and integration will be needed in the future. This will also require coordination across supply chains and partner service organizations. It’s not just your own company—an entire ecosystem must be harmonized.”
No Advance Warning
There will be no clock-ticking, public announcement on the day quantum computing is able to break these encryption methods. Once someone succeeds, cyberattacks will begin covertly. Without adequate preparation, organizations could face massive losses at an unexpected moment. Soutar from Deloitte says, “We won’t even realize when a state-level or research institution stands up the first truly effective quantum computer. By then, there might not even be a chance to build up defenses.”
A Long Road Ahead
Like other major technological transformations, this change will not be easy. Encryption standards have been changed several times in the past, but today the reach of encryption technology is far broader. Every device, OS, browser, server, and application is now involved with encryption. That’s why experts are advising early preparation. From the World Economic Forum to various public and private organizations, awareness about quantum security is being emphasized. This preparatory stage for quantum security should not be considered a short sprint—it is truly a marathon. Planning, knowledge sharing, mutual assistance, and patience will all be essential along the journey.
Conclusion
It may take five to ten years for the power of quantum computing to become commercially mature, but preparations must begin well before then. Without coordinated collaboration among governments, regulatory bodies, corporations, and various tech companies, this vast undertaking will be difficult. The post-quantum standard from NIST will mark the “starting bell” for the upcoming quantum security marathon. Now, the key question is how quickly the public and private sectors can plan and implement measures. With timely action, we can enjoy the benefits of the quantum revolution safely. Otherwise, the risks of cyberattacks and security breaches will continue to increase.
References (in English):
- NIST, “Post-Quantum Cryptography,” updated June 03, 2024.
- Catherine P. Foley et al., “Is your cybersecurity ready to take the quantum leap?” World Economic Forum, May 7, 2021.
- Global Risk Institute, “2023 Quantum Threat Timeline Report,” Dec. 22, 2023.
- NIST, “Cybersecurity.”
- William Barker and Murugiah Souppaya, “Crypto agility: Considerations for migrating to post-quantum cryptographic algorithms,” NCCoE and NIST, June 2021.
- World Economic Forum, “Quantum Readiness Toolkit: Building a Quantum-Secure Economy,” June 29, 2023.
Written by
Dr. Mashiur Rahman – https://drmashiur.com/
Leave a comment