COVER STORY
What I’m worried
about from an
infosec point of
view, is that when
we have a quantum
computer, it’s
going to effectively
render our current
encryption schemes
for public key
cryptography moot.
to prepare themselves, she says. First
is to increase the key length of current
algorithms, second is to use quantum
key distribution in specific parts of the
network and third is to look at new post
quantum cryptographic algorithms.
when we have a quantum computer, it’s
going to effectively render our current
encryption schemes for public key
cryptography moot. based on difficult maths problems that
our current computing architectures
cannot solve in a reasonable amount of
time,” said Baloo.
“So if we see an evolution where only
certain countries will be able to possess
this kind of technology, all of the other
countries will be in this ‘digital divide’
that the UN always talks about. “However, a quantum computer which
has a completely different architecture
than a classical computer is capable
of solving these inherently difficult
cryptographic challenges in an
exponentially shorter amount of time.
As a result, it will be able to potentially
compromise the security of not only
everything that we will encrypt, but also
have encrypted, and transferred between
each other.
“I do quite a bit of evangelising and just
try to educate CISOs about the potential
quantum threat and the measures we
need to take, because I think that even
in Europe we don’t really understand
how little time we have and how much
work we’ve got in front of us.”
On the impact of
quantum computing
“Think about it, governments, humans
who have a bank account, we all use
public key cryptography regularly and
the reason we use it is because it is
www.intelligentciso.com
|
Issue 07
“So if you have an attacker in the
background just capturing all of this
communication, even the encrypted
traffic, it’s just a matter of time before
the quantum computer arrives and they
can decrypt that traffic at will.”
There are three specific things which
businesses and organisations can do
Advice to aspiring CISOs or
security professionals
“I know there’s a lot of people that
eventually become security generalists
and have to let go of some of the
technical background that they
originally had because of a strong
desire to be a CISO, but I think it’s
something you should never completely
let go of,” said Baloo. “The thing
that makes a good CISO unique and
competent is a fundamental ability
to grasp the underlying technology
and potential risk behind the thing
that you’re trying to secure. The ideal
CISO is T-shaped. They have a core
competency and can go very deep into
one technical area, then have one arm
with a permanent link to the business
and another intrinsic link to their team
of security specialists.
“But keeping that core competence
sharp and adding to the knowledge base
is essential.” u
53