IBM has announced the launch of Quantum Safe technology, a set of tools and capabilities designed to provide an end-to-end, quantum-safe solution for organisations and governmental agencies. The company has combined cryptography and critical infrastructure expertise to address potential security risks arising from the quantum computing era. The technology solution was unveiled at this year’s Think conference in Orlando, Florida. Quantum Safe technology aims to help its clients prepare for the post-quantum era in three key ways, as stated in the company’s press release. The IBM Quantum Safe Explorer is used to scan source and object code to locate cryptographic assets, dependencies, vulnerabilities, and build a cryptography bill of materials to bring potential risks into focus. Meanwhile, the IBM Quantum Safe Advisor allows the creation of a dynamic or operational view of cryptographic inventory to guide remediation, analyzing cryptographic posture and compliance to prioritize risks. Finally, the IBM Quantum Safe Remediator enables organizations to deploy and test best practice-based quantum-safe remediation patterns to understand potential impacts on systems and assets as they prepare to deploy quantum-safe solutions.
Quantum computers have been known to threaten the cybersecurity industry, making organizations, technology providers, and internet standards transition to quantum-safe encryption, as quantum computers may break commonly used encryption methods, rendering email, secure banking, cryptocurrencies, and communication systems vulnerable to significant cybersecurity threats. For instance, NATO has already begun testing quantum-safe solutions to investigate the feasibility and practicality of such technology’s real-world implementations, while the US National Institute of Standards and Technology (NIST) launched a competition to identify and standardize quantum-safe encryption algorithms.
The US National Security Agency (NSA) also announced new requirements for national security systems to transition to quantum-safe algorithms by 2025, while the White House released requirements for federal agencies to submit a cryptographic inventory of systems that could be vulnerable to cryptographically relevant quantum computers. With these quantum-based cybersecurity threats looming large, IBM’s Quantum Safe technology is seen as the solution to the pertinent problems ahead.
The Quantum Safe Roadmap also charts milestones toward advanced quantum-safe technology, engineered to help organizations address anticipated cryptographic standards and requirements and protect systems against emerging vulnerabilities. IBM’s Quantum Safe Roadmap has three key objectives. The first as to identify cryptography usage, analyzing dependencies, and generating a cryptography bill of materials; the second objective is to analyze the cryptography posture of vulnerabilities and prioritize remediation based on risks. Finally, the third objective is to remediate and mitigate with crypto-agility, i.e., the ability to switch quickly between encryption mechanisms such as algorithms and cryptographic primitives while minimizing the impact on other systems, and built-in automation.
Organizations are well advised to get ahead of the quantum-safe encryption curve, starting with understanding what data has the longest life and how this might be at risk from future threats. Companies that struggle should focus on identity, even if they secure all their encryption if someone can access their identity system, then anyone can gain “legitimate” access to systems and infrastructure. Setting up years-to-quantum migration as a bespoke project and giving it the firepower it needs to ensure success and a smooth transition is another important step toward ensuring quantum-safe cybersecurity. In addition, organizations should use solutions that keep the tried and tested classical cryptography used today, alongside one or more post-quantum algorithms, offering greater assurance against both traditional attacks and future threats.