Quantum insiders warn PQC changeover could take 12 years: "This is not Y2K all over again"
Warning: the upcoming post-quantum encryption (PQC) changeover (to prevent a dreaded Q-Day apocalypse) could take as long as twelve years, say those who witnessed Y2K from the IT trenches. Should we be frightened? Probably, quantum insiders tell Cybernews.
-
Q-Day could arrive as early as 2029, but the transition to post-quantum cryptography (PQC) is predicted to take over a decade, leaving many organizations unprepared.
-
Experts say the SHA-1 to SHA-2 changeover in the early 2000s foreshadows how long the PQC upgrade will take most organizations to complete.
-
Unlike Y2K, Q-Day won’t bring instant chaos, but a quiet surge in data theft from cybercriminals already 'harvesting now' to 'decrypt later.'
Not too long ago, this journalist attended a dinner with several quantum heavyweights to discuss the impending Q-Day and the lagging challenges that cybersec professionals are scrambling (or not) to achieve a timely post-quantum cryptography (PQC) transition.
Hosted by Keyfactor, one of the foremost leaders in digital trust and pushing post-quantum preparedness, the main takeaway from the evening is that Q-day is coming, and probably sooner than you think.
“When people ask me when Q-Day is… my immediate answer is yesterday because we just don't know. Nobody does,” said Chris Hickman, Chief Security Officer (CSO) at Keyfactor.
“So what are you doing to prepare for that, to put your organization in a good place? You can't boil the ocean,” Hickman said.
Last month, Keyfactor released guidelines on how companies can prepare a cryptographic inventory, one of the first steps required for a PQC transition.
Q-Day predicted by 2029
Q-Day is the proverbial day when quantum computers can break current encryption algorithms, such as the widely used public-key cryptography algorithm RSA-2048, one of the most secure algorithms in use today.
Considered the “cornerstone of modern cybersecurity”, RSA-2048 is used for secure online transactions, including digital signatures, key exchange protocols, file sharing, secure web browsing (SSL/TLS protocols), email encryption, and other forms of digital communication.
According to the latest Q-Day predictions, most recently made by IBM, Google, and Gartner, that timeframe could be as soon as 2029, just four years away.
“One of the things we worry about is 'Harvest now, Decrypt later,'” Hickman said, referring to the nation-state threat actors and cybercriminal groups already hoarding encrypted data in anticipation.
Thus, there is an urgency for system administrators worldwide to adopt the NIST-approved, newly released post-quantum encryption algorithms before Q-day arrives to keep their data secure.
But for overworked CISOs playing whack-a-mole with cyberattacks coming from every direction, the complex process to implement a PQC transition, while daunting at best, is somehow getting stuck on the back burner.
“It's a space that's really moving on us," Hickman said.
“We see the momentum. And we’re scratching our heads, asking, ‘Why are we yelling from the hilltops? Why are our customers still standing and watching the natural disaster come at them?”
Many industry experts believe, unlike the Y2K fears of a front-facing full-blown IT meltdown, when Q-Day happens, life will go on as normal. There will be no sirens, no pre-warning stickers displayed on your company desktop, just a data-stealing free-for-all for any cybercriminal willing to participate.
The CSO explained that the company is seeing customers who traditionally have never had to manage cryptography before, mainly because it just worked, built into software, firmware, applications, devices, etc.
“Now they have to go and actively manage it. And there's a lot of pain points associated with that,” Hickman said.
Why the nonchalance?
“The whole world seems to be focused not on when is Q-day, but when we should be done being ready for Q-day. And that’s by 2030,” said Tom Patterson, Global Lead for Emerging Technology Security at Accenture.
Keyfactor CTO and co-founder Ted Shorter agreed. “When security people tell the business people about it [Q-Day], they look at it and say, 'This sounds like Y2K all over again. It’s not a priority.'”
The difference here is that no one really knows when Q-Day will hit.
“It could be six months, could be five years. And the business side is like, well, if it's more than two and a half years, I don't care,” Shorter pointed out.
Making a comparison to the Enigma machine being made to break the Nazi codes, Hickman explained, “They didn't put out a press release and say, ‘Hey, you know. We just broke the code.”
“We expect our adversaries will function the same way. Once I have your data. Do I care if it takes six minutes or six months?” Hickman said.
Satellites and encryption make strange bedfellows
The post-quantum experts further mention the data retention variables that can impact different companies.
“What are your keys to the kingdom that are sensitive today and will also be sensitive five, six, seven years from now?” questioned Patterson, adding that some organizations have all sorts of things that come to mind, and some don't have as many.
In one example, Patterson talks about a project he personally worked on – launching the first quantum satellite into space.
Noting that cryptography is not the first thing that comes to mind when you think about satellites, Patterson says it's a “classic example of something we're going to put up in space, and it's going to be there for a long, long time.”
“And if we don't think about the problem now, we can't just go and pick it out of space and bring it back.”
In a more grounded example, most jurisdictions require the retention of financial records for seven years (way past four years), but the insiders point out that some of that data could have a much longer life than 10 or 20 years, like your bank account number.
The 12-year itch: how worried should we be?
So, where does that leave the roughly 50% of companies that – according to a recent Keyfactor report gaining insight from 450 cybersecurity leaders – are “unprepared to confront the urgent challenges posed by quantum computing?”
Released on July 30th, the “Digital Trust Digest: Quantum Readiness Edition” states that while “awareness is growing, action is lagging.”
Hickman says the transition to post-quantum will be a “massive uplift” for many organizations, in that they just don't have the people to do it manually.
“Anyone who thinks that they can actually make the transition in just three to five years with the amount of stuff they have to change, I think they're deceiving themselves,” said Shorter.
Citing the changeover from SHA-1 to SHA-2 (also known as SHA-256) starting around 2007, Shorter explained that even though the process was “much, much more benign. It still took 12 years.”
“From the time that SHA2 became a standard to the time that most organizations were actually able to replace everything and get off SHA1, was about 12 years,” Shorter said, adding that they heard that number quoted in an IBM seminar.
“Because if you deploy something that doesn't understand SHA-2, you're going to break anything that doesn't understand it,” he said.
Shorter noted that, nearly 20 years later, they still have companies asking them to run SHA-1 for them because they still have things that are not working right.
There's still some hope left
Still, there may be some hope peeking out of all the PQC doom and gloom.
The insiders say the PQC transition is starting to get boardroom attention. “It’s starting to land on the cybersecurity and cyber insurance radar. The business implications are coming to light, taking the PQC transition out of the technical realm and into the business risk realm," Hickman said.
Shorter says there may also be some smaller companies without the technical skills that will just wait it out to replace all their infrastructure.
“These companies may take advantage of the next iteration of quantum encryption already built into the system. So they'll take that one off the list,” Shorter said.
Another scenario will be if a company has all its infrastructure in a cloud hyperscaler, the cloud hosting company will move it for them.
Finally, the insiders say compliance will likely push the PQC transition forward, including government, large financials, banks, telcos, etc. “They're paying attention. They're asking us what our quantum roadmap is,” Shorrter said.
PQC guru Marin Ivezic, who has been heavily entrenched in following Q-Day prediction developments, says cracking RSA-2048 “may still be about the megawatts.”
“The energy cost of such a feat will be enormous,” Ivezic states in his 'Post-Quantum' blog.
“This is somewhat good news for cybersecurity professionals. Even once a cryptographically relevant quantum computer (CRQC) exists, breaking RSA-2048 won’t be trivial in practice – It will likely be an expensive, specialized endeavor," said Ivezic, also the co-founder of the quantum security firm Applied Quantum.
“So while a future CRQC could crack a single RSA key in, say, 3-7 days, it won’t be cracking thousands of keys on a whim without significant upgrades in throughput,” he added.
Y2K hype: fact or fiction?
For those who weren't born in the 1900s or were too young to remember, in a nutshell, the Y2K (Year 2000) debacle stemmed from an industry-wide prediction that a coding bug, which abbreviated the four-digit year using only two digits, would cause computer systems around the world to malfunction at the stroke of midnight on January 1st, 2000.
It was believed that all hardware and software programs would be unable to recognize “00” as the year 2000, and instead interpret the year as 1900, causing worldwide pandemonium.
The most vulnerable systems, identified as government, banking, insurance, and critical infrastructure sectors, including transportation, power grids, and even nuclear facilities, had IT professionals scrambling to upgrade everything from mainframe computers to chip-embedded medical equipment – all before the New Year's deadline, costing an estimated $300 billion worldwide to do so.
Meantime, two decades later, another predicted date-related software glitch, mainly causing parking meters and payment systems to go offline in 2020, was said to be the result of some IT professionals implementing a “lazy fix” during the Y2K era, known as windowing.
The secondary Y2K-fueled bug (Y2020) again reared its ugly head – this time on social media.
Legendary cybersecurity guru and current Chief Information Officer at DARPA, Peiter Zatko, better known in the industry as “Mudge,” posted about his time in the Y2K trenches on an X thread back in 2019.
“I spent New Year’s Eve on a call with the White House as I and National Security Council members ticked away time zones rolling into Y2K.”
“People worked really hard on that issue, which is partly why it was a non-issue... and why a lot of source trees were able to be stolen,” Mudge said.
I spent New Year’s Eve on a call with the White House as I and National Security Council members ticked away time zones rolling into Y2K.
undefined Mudge (@dotMudge) April 22, 2019
People worked really hard on that issue, which is partly why it was a non-issue... and why a lot of source trees were able to be stolen. https://t.co/kqww4KGj3Y
Also posting on X to echo the sentiment was Richard Westmoreland, Chief Security Architect at SilverSky.
“Y2K is a great example of a catastrophic issue that was fixed behind the scenes by every variation of IT professional and programmer, and then completely underappreciated because ‘nothing happened,’" Westmoreland said.
But as they say, it's all about perspective.
Some say the panic that ensued (also creating an entire subclass of Y2K preppers ready for the world to descend into chaos) was all for nought, as countries like Russia and South Korea, which did very little prep to prevent the forewarned doomsday scenario, experienced minimal impact.
“It was real, but also overhyped," posted Jon Gorenflo, founder of cybersecurity company AttackD and principal instructor at the SANS Institute.
“There were people saying cars wouldn’t start and small electronics would stop working. Nothing in my life broke. Nothing. But we had 50 gallons of water stored up just in case,” Gorenflo said.
Still, many industry experts believe, unlike the Y2K fears of a front-facing full-blown IT meltdown, when Q-Day happens, life will go on as normal. There will be no sirens, no pre-warning stickers displayed on your company desktop, just a data-stealing free-for-all for any cybercriminal willing to participate.
Wait, what's this about 2038?
Ironically, another computer bug related to misreading dates is expected to hit the world in 2038.
Affectionately called Y2038, the Unix Y2K Bug, or the Epochalypse, according to year2038problem.com – a website devoted to the subject – “When these dates reach 1 second after 03:14:07 UTC on 19th January 2038, they could have an error or incorrectly store the wrong date (in some cases 20:45:52 on Friday, 13th December 1901).
But that’s a problem for another day.
