The National Cyber Security Centre (NCSC) is the UK’s technical authority for cyber security. This year, their NCSC annual review details numerous examples of how their work has helped keep the United Kingdom safe from the complex technological threat landscape, including advanced ransomware, the looming potential of AI, and the quickening challenge of preparing for the age of quantum computing.
The advent of a cryptographically relevant quantum computer poses a significant threat to all our systems, assets, and digital information, and, as NCSC points out, it necessitates proactive planning and strategic migration – from quantum-vulnerable systems (currently ubiquitous and yet fundamental to our digital security) to the new field of algorithms and implementations known as post-quantum cryptography (PQC).
As the review explains, this critical migration process presents the challenge of identifying and understanding existing quantum-vulnerable cryptography, as well as managing the long-term process of transition in a way that maintains confidence amidst potential early vulnerabilities. It also offers opportunities to improve overall cybersecurity practices and system resilience.
Some key highlights from the review are as follows:
- Proactive management is crucial. Delaying PQC migration could lead to costly, potentially insecure implementations in the future.
- Expertise is essential. Successful migration to PQC requires a diverse skill-set encompassing cryptography, systems integration and engineering.
- Phased approach. The NCSC advocates a phased migration, starting with early adopters in key sectors, and learning from the experience.
- Building confidence. It’s important to address early vulnerabilities and communicate transparently in order to maintain public and organizational confidence.
It’s clear that NCSC, in addition to their counterparts around the world, are emphasizing the urgent need for organizations across all sectors to begin planning for PQC migration. This includes conducting thorough system audits to identify cryptographic dependencies, engaging with experts, and proactively seeking guidance from the NCSC and other regulatory bodies.
As a UK-based company, PQShield are certainly at the centre of this effort, and we’re working alongside the NCSC as experts in cryptography and implementation specialists. In this year of PQC acceleration, it’s great to see national security agencies once again raise the profile of the quantum threat, and highlight strategies to help the world migrate cryptographic defenses in order to mitigate against it.
You can read more about the NCSC’s review of 2024, including developments and highlights here.