The UK’s National Cyber Security Centre (NCSC) today started the post-quantum cryptography (PQC) countdown clock by claiming organizations have ten years to migrate to a safer future.
The guidance defines three key milestones that NCSC claims organizations must be aware of as quantum computers – perceived to be the next major technological change, and yet one that’s still in the early stage of development – will pose a threat to current encryption standards.
The first comes in just three years: by 2028, organizations need to have defined their PQC migration goals, pinpointed systems to be upgraded and developed an initial plan for this shift.
Different sectors have varying levels of cryptographic maturity and reliance on encryption, meaning the workload will differ for each organization, NCSC says.
By 2031, the highest-priority PQC migrations should be completed and that initial plan three years earlier must be refined and show a clearer pathway to full PQC resilience.
By 2035, the full PQC migration should be complete across all systems, products, and services.
Given that real-world quantum computers capable of practical use are still estimated to be decades away, the ten-year deadline would put UK organizations well ahead of the curve. The Register wants to wish central Governments, many of which are not known for smooth IT project delivery, the best of British luck. They – and we – may need it.
The guidance sheet states: “The NCSC believes that ten years is a sufficient period for a rich set of PQC standards to appear, for an ecosystem of products that uses them to be developed, and for uptake to become widespread, which will enable the deprecation of most quantum-vulnerable traditional PKC [Public Key Cryptography]. This leads to a target date of 2035 for completing migration to post-quantum cryptography.
“While there is likely to be a tail of technologies for which migration will take longer, it is reasonable to expect all organizations to focus on this 2035 target, prioritizing those systems which process business and personally sensitive data, or which manage critical communications and systems.
“The activities described in planning your migration are substantial, and is critical to reducing cyber risks. Migration will happen, globally. It will not be possible to avoid PQC migration, so preparing and planning now will mean you can migrate securely and in an orderly fashion.”
The NCSC’s decision to release the guidance shouldn’t be interpreted as a sign of quantum computing becoming mainstream within ten years. There is nothing to suggest the technology will be effective until much later. But, when it does finally arrive, modern public key cryptography won’t be sufficient to protect sensitive assets.
Different organizations may also have to tweak these milestones depending on the sectors in which they operate. Those whose market activity is truly global, like some financial institutions and telecoms businesses, may want to bring delivery dates forward.
For those involved in industrial control systems, industrial IoT, and other operational technology, the roadmap might not be as straightforward as it is for organizations with fewer nationally or economically significant responsibilities.
The same PQC migration activities undertaken by a single-market business, such as ensuring remote system access is PQC-compliant, will still apply to OT organizations, but they’ll also need to consider beefing up the security of internet-connected field devices like sensors, too.
NCSC says organizations must consider how to bring these devices up to PQC standards, knowing they might be neither upgradeable nor replaceable and could be embedded in hard-to-maintain locations.
On the opposite end of the scale, small and medium businesses, which largely rely on commodity IT, won’t have to tackle many of these complex problems themselves since the vendors on which they rely will be doing the heavy lifting.
Larger organizations and those operating critical national infrastructure (CNI) will have more on their plates. The overall transition to PQC will span years, may require multiple rounds of investment, and potentially numerous leadership changeovers.
The NCSC warned: “Like any major IT or OT upgrade, the total financial cost of PQC migration could be significant, so it’s essential that organizations budget accordingly, including for preparatory activities as well as the actual migration.”
Regardless of how involved a given organization will be, the PQC migration is everyone’s responsibility and it should be viewed as an opportunity to build greater defenses against cyber threats.
“Quantum computing is set to revolutionize technology, but it also poses significant risks to current encryption methods,” claimed Ollie Whitehouse, CTO at the NCSC.
“As quantum technology advances, upgrading our collective security is not just important – it’s essential.”
PQC and the threat it presents
Quantum computing has been on the horizon for some time now, although its estimates times of arrival vary significantly.
Google’s quantum AI chief, Hartmut Neven, predicted recently the first real-world use cases are perhaps five years away, teeing up some excitement amid the widespread belief that the industry was far less mature than his comments would suggest.
Microsoft also made a major claim earlier this month, saying it created the world’s first topoconductor – a new material to produce more reliable qubits that underpin quantum computing. However, its paper on the matter was widely shunned by experts for omitting key details, ultimately being dubbed “unreliable” by one academic.
Nvidia CEO Jensen Huang offered a more measured take in January, saying quantum computing was more likely to be around 20 years away, which, if accurate, would make the NCSC’s ten-year deadline highly cautious.
Cautious or not, quantum may be coming to the masses at some point to herald digital security challenges. PKC, the more excited among us warn, will no longer be an effective encryption standard, as quantum computing power will break its underlying algorithms.
That means new algorithms to be adopted. While there were once myriad competing proposals, only a few now remain in contention. NIST recently published three complete standards to replace current equivalents, claiming that quantum computers capable of breaking PKC could exist within ten years.
These standards are available for organizations to adopt now. Whether they will be useful when, or if, quantum computing becomes a rewality is another matter.
NCSC says most organizations will have to run PKC and PQC simultaneously for some time as part of a staged migration to PQC. It may involve developing a parallel public key infrastructure using new PQC algorithms to run alongside PKC. That’s the simplest way of doing things, the agency mentioned in its guidance today.
Perceived wisdom is that symmetric cryptography won’t be affected to any significant degree by quantum, and as long as algorithms with at least 128-bit keys are deployed, they can remain in use. The same goes for hash functions like SHA-256. ®
