-optimized.jpg){kind=avatar}
Most of the internet remains unprepared for quantum threats, according to Forescout Research. Within enterprises, readiness is even more uneven, particularly across cyber-physical systems, according to the researchers.
Post-quantum cryptography (PQC) readiness depends on upgrading the underlying protocols that secure how systems communicate, including SSH (used for remote access to systems) and TLS (used to protect data in transit across applications and websites). Our research shows that while PQC adoption is increasing across both, progress toward quantum-safe security remains uneven, according to the firm.
โEnterprise security teams are being asked to prove awareness, governance, and progress on post-quantum cryptography well before large-scale migration is feasible,โ said Paul Kao, Chief Product Officer at Forescout. โGlobal guidance from governments and standards bodies consistently points to inventory and PQC exposure assessment as the first required steps.”
Visit:ย https://www.forescout.com/solutions/post-quantum-cryptography-risk/.
As for when quantum computing may come, some see the threat of quantum computing as far in the future, yet the technology has been advancing. Governments and the tech sector are concerned that a quantum computer could break traditional asymmetric encryption in the next few years. While post-quantum cryptography (PQC), which is designed to resist quantum attacks, already exists, IT users need to migrate their assets to this new tech.
Presidential order
The advent of large-scale quantum computers, particularly in the hands of adversaries, will pose a significant threat to widely used cryptographic security systems, according to an executive order by President Trump, on ‘securing the nation against advanced cryptographic attacks’.ย Ali King, VP of Government Affairs at Forescout commented that US acceleration will influence vendor PQC adoption and readiness, so in a global market and supply chain, the EU and UK will receive downstream benefits from that momentum regardless of any formal changes to their own timelines.ย “The UK is already well aligned with NIST standards and US timelines, so I donโt anticipate much changing there. The need for global interoperability, particularly with US allies, will likely influence both UK and EUto eventually converge with US timelines.”
NCSC
For guidance on migration to post-quantum cryptography visit the UK official National Cyber Security Centre (NCSC) website.
Comment
Kieran B., Head of Security Engineering at the cyber firm Bridewell says that Forescout’s finding that the overwhelming majority of systems remain quantum-unsafe is concerning, but it should not be a surprise. “It aligns closely with what we see in the field and with our own research into the critical national infrastructure sector, where the gap between perceived and actual readiness is stark: around 90 per cent of organisations describe themselves as moderately, highly or extremely prepared, yet 54% have either not reviewed or did not understand the government guidance on the subject. In other words, many organisations have yet to grasp the true scale of the challenge โ which makes assessments like this a useful prompt for honest reflection rather than alarm.
“The single most important step is to start with discovery, because you cannot protect or upgrade what you do not know exists. We recommend building a cryptographic asset register as the foundation. That analysis should go beyond simply cataloguing the algorithms in use today; it should capture what each one protects, the value and sensitivity of that data, and how long the protection genuinely needs to hold. Together these factors allow organisations to produce a prioritised, risk-led migration plan. Encouragingly, this journey does not require a wave of new procurement to begin. Existing network monitoring platforms such as Forescout and Nozomi, alongside software inventory and CMDB tooling, can surface much of what is needed, and open-source scanners for TLS readiness and static code analysis can be used alongside the commercial software organisations have already deployed.
“Expectations should be managed, however: remediation may be difficult and costly work, and progress will not be uniform. Legacy systems, operational technology and IoT devices are likely to prove the hardest to migrate โ many will not support a direct algorithm upgrade at all and may ultimately need to be replaced. That is precisely why starting sooner matters. Understanding the scale of the task is itself a significant undertaking, and with advances in both cryptographic algorithms and quantum processor development moving quickly, the day a cryptographically relevant quantum computer arrives is likely to come sooner than many expect. The organisations that begin their discovery work now will be the ones best placed to act in time.”
