18 EU security agencies warn

18 EU security agencies warn
18 EU security agencies warn

The transition to post-quantum cryptography is urgent

“We urge public administration, critical infrastructure providers, IT providers and the entire industry to make the transition to post-quantum cryptography a top priority“, alert the security centers of 18 EU member states, including ANSSI, in a joint statement.

Public key cryptography is at the heart of our daily uses in all sectors. “These include, for example, transferring money from a bank account, signing a digital contract, controlling smart home devices or communication services such as messaging apps“, explains the statement.

If the currently deployed public key schemes were to be broken, the consequences to our public digital infrastructure would be devastating.”It couldn’t be clearer.

Although no cryptographically operational quantum computer currently exists, its development is progressing very rapidly. It could appear within 10 years according to experts. Therefore, quantum threat preparedness should be considered an integral aspect of cybersecurity risk management.

The threats

Agencies fear two scenarios:

Store now, decrypt later: Attackers store encrypted data to decrypt it when quantum computers become available. This scenario puts data requiring long-term protection (e.g. personal data or trade secrets) at risk.

Long migration periods: Complex systems, such as infrastructure and devices with a long lifespan, require years to adopt new technologies. A late transition could expose sensitive communications to attacks. Complex infrastructures need time to adopt hybrid solutions (combination of current and post-quantum schemes), which are also recommended by agencies before migrating completely to post-quantum.

The agencies recommend four measures:

– Perform a quantum threat analysis consisting of an inventory of assets to be protected as well as applications using cryptography.
– Develop a risk-based roadmap to execute the transition, taking into account sensitivity and information protection period.
– Plan the migration, which includes prioritization, involvement of all necessary business processes as well as budgeting for the migration.
– Promote continued broad research into post-quantum cryptography and standardization efforts.
We recommend that systems be protected against “store now, decrypt later” attacks as soon as possible, no later than the end of 2030.

Furthermore, a working group on post-quantum cryptography, co-chaired by , Germany and the Netherlands, was created within the framework of the NIS cooperation group, following a recommendation from the European Commission.

-

-

PREV The euro resists despite the fall of the French government
NEXT These 2 promises from Trump increase the risk of a market crash