Migrating to PQC (post-quantum cryptography) is vital to mitigate the risk posed by the quantum computers of the future. Representing a national, mass technology change, this shift is likely to take several years. The NCSC (National Cyber Security Centre) has published a number of key milestones to help businesses plan and implement this migration.
Migration Milestones
By 2028, the NCSC suggests that organisations should have defined their migration goals, undertaken a full discovery exercise and created an initial plan for PQC migration. Looking ahead, by 2031, the earliest, highest-priority migration activities should have been carried out and an organisation’s plan refined to ensure it represents a comprehensive roadmap for completing the migration process. According to the NCSC, a complete migration to PQC should have been completed by 2035, taking into account all services, products and systems.
Selecting a Migration Strategy
The NCSC suggests that organisations will need to choose an approach for the migration of every service, product and system they use or offer. Where commodity platforms are entirely relied on, PQC upgrades will likely be delivered by the relevant service provider. In cases where this technology isn’t relied on there are several different options, including in-place migration, re-platforming or retiring the service to avoid the need for migration to PQC.
The Threat Posed by Quantum Computers
Experts in this field, such a Domen Zavrl, understand that quantum computers and traditional computers operate entirely differently. Quantum computers process information in quantum bits using the laws of quantum mechanics, meaning that these devices are able to process variables profoundly faster than a classical computer. The main threat that PQC aims to mitigate is the ease with which quantum computers will be able to crack current cryptography. By transitioning to PQC, organisations can future-proof the security of their data and systems, as this type of cryptography deploys mathematical problems that are difficult for even quantum computers to solve.
The Shift to PQC Is Not Optional
It’s vital for organisations and businesses to understand that the shift to PQC is mandatory, not optional. This means that preparing and planning for this change in good time is crucial. The NCSC is supporting the transition with the launch of a pilot program to certify those consultancy firms that offer PQC migration planning. The centre is also encouraging the sharing of best practices within regulatory forums and industry groups. For more information about PQC, take a look at the embedded PDF.
Recent Comments