The world has entered an era in which we must upgrade the cybersecurity we all use every day. Public Key Infrastructure, or PKI, was invented in the late 1970s and uses the same cryptographic format now as it did 50 years ago. The only significant difference is that we have increased key sizes to stay ahead of increased computing power.
Large commercial and federal organizations are keenly aware of the upgrade driven by the quantum computing threat, so they have begun researching and testing quantum-resilient solutions (also called Post-Quantum Cybersecurity or PQC). However, this global cryptography upgrade is not just about the quantum danger, but rather the need to move to agile, innovative (think AI), and backward-compatible cryptography. The manufacturing industry should start researching PQC as this critical infrastructure represents a prime target for cyberattack.
Quantum computers are slated to do amazing things for the manufacturing industry. These advanced and powerful quantum systems can more efficiently and effectively help with chemical discovery, product development, and process optimization.
However, well before quantum computers are online with enough power to create major efficiencies for the manufacturing industry, they will be weaponized to crack current encryption, and could be used to take control of networks and SCADA systems. The fact is that manufacturing (just like the rest of the world) uses standard encryption to protect its data and systems. Quantum computers, due to their processing characteristics using subatomic properties, can easily break this encryption once they have enough power.
Recognizing the threat, in December the U.S. federal government passed a law forcing all federal agencies to upgrade to post quantum cryptography.
The reason quantum computing is threatening to our networks and data is a specific algorithm, Shor’s Algorithm. Today’s PQC encryption methods are mathematically proven to be resistant to Shor’s algorithm. Each encryption method uses a different protection method, so new encryption algorithms will be safe unless corresponding decryption methods are found.
This is a possibility, since quantum computing is a young field and there are still many algorithms to discover. If vulnerabilities are found in today’s PQC standard, cryptography would have to move to a new encryption algorithm. As manufacturing leadership considers how to begin the upgrade to stronger encryption, it is recommended that they start right away, as threat vectors are getting more powerful and broad-based (due to factors like AI).
What to do Next
Here are some steps that we can take to bolster our defenses:
- Start with a cryptographic assessment to determine which cryptographic schemes are used, where they are located, and which ones are most vulnerable to AI and quantum attacks. This can help in identifying any weaknesses or vulnerabilities in these algorithms or deployments, leading to the development of more secure cryptographic techniques.
- Think in terms of cryptographic agility. This means you have an effortless way to change cryptography if it is breached, or for any other reason. Cryptographic agility, powered by AI, could have the potential to stay one step ahead of attackers by shifting algorithms and keys so hackers see no consistent patterns. Given that there are multiple post-quantum algorithms being proposed and developed, AI can assist in determining which of these algorithms is best suited for a particular use case, based on factors such as security, performance, and available resources.
- Switch to post quantum cryptography (PQC) wherever possible. You can learn more about this by going to the National Institute of standards and technology (NIST) website.
- Deploy PQC across the entire network including servers, cloud, and edge. Think of phones, laptops, equipment behind the firewall, ITS/SCADA devices, cloud-based servers, and even satellites. For rapid scalable rely on PQC that can be deployed without installing anything on edge devices. This will make it much easier and quicker as there is no change to the endpoint or user experience.
- Get smart about cybersecurity. AI can be used to manage and dynamically update security policies based on the threat landscape. Think of active defense and active attack mitigation to ensure that you are set for the future.