WEF report on transitioning to a quantum secure economy
In September 2022, in collaboration with Deloitte, the World Economic Forum (WEF) published a white paper outlining a roadmap for organizations achieving a quantum secure economy and seeking to maximize the opportunities, and minimize the risks, represented by the arrival of quantum computers.
The 35-page report contains guidance for a secure transition to a quantum secure economy and a resilient stance is derived from discussions amongst senior members of the quantum security working group – part of the quantum computing network or the World Economic Forum.
To safely navigate the transition to a quantum secure state, the WEF recommends a three-stage approach:
- Build awareness of the quantum threat
- Devise a quantum safe strategy and transition roadmap
- Start the transition early by adopting hybrid solutions
Why prioritize economic quantum security?
The potential of quantum computers, both from a positive and negative perspective, has been well publicized in recent years. The radical increase in computing power will empower innovation across many industry sectors, but also represents a clear and present danger to the security of public key infrastructure. The report recognizes that timelines for the arrival of a viable quantum computer are still vague, but most expert agree that the tipping point will be reached within a 10 to 15-year timeframe.
How to begin the transition to a quantum secure economy
The WEF estimates that something in the region of 20 billion devices will need to be upgraded or replaced to meet the demands of post-quantum security. So how can organizations start the transition? The journey begins with an understanding of the quantum threat. This includes an assessment of those areas of operations that will be impacted and an appreciation of the useful lifetime of various data types. The report advocates a review of cryptographic governance and a detailed readiness assessment, plus the move towards a more crypto-agile stance.
Quantum risk management
Transitioning to a quantum resilient state is all about risk management. The WEF advocates a clearly defined vision for your future state, the identification of key drivers for change and the ability to execute effectively on your roadmap. The whitepaper goes into detail on what it describes as a quantum secure transition framework. The highlighted drivers for change include regulatory pressures, market dynamics and cryptographic management requirements.
What technologies are available to address the threat?
As a part of the roadmap, the WEF highlights three specific quantum security technologies:
- Quantum Resistant Algorithms (QRE)
- Quantum Key Distribution (QKD)
- Quantum Random Number Generation (QRNG)
QRE, or post-quantum cryptography, is a software solution that can be implemented within existing infrastructure. QKD offers immediate protection against harvest now, decrypt later attacks and can be used in conjunction with other technologies to provide an additional layer of security. The strength of any cryptographic system is governed by the security of its keys. The strength of a key is directly influenced by the degree of entropy (randomness) used in its generation. QRNG is used as a source of genuine randomness.
The evolution of the quantum computer and the timeline for transitioning to a quantum secure state are in a virtual race to the finish. Whilst a commercially viable quantum computer may still be 10-15 years away, there is no room for complacency.
“Quantum computing will take time to mature, but that is no excuse to delay preparations. Take prudent action now to start your transition to a quantum safe future”.