Threat from quantum computers
Experts believe that quantum computers will be able to break the asymmetric cryptosystems currently in use (including RSA, ECC, public key systems) by the end of the next decade. What is not yet a threat for smartphones and other smart devices due to their short life cycle, looks quite different for vehicles or industrial facilities, for example: A vehicle produced today runs the risk that the security measures used will no longer be secure in the future and the risk of becoming a victim of hacking attacks will increase significantly.
This means that especially in the areas of IIoT (Industrial Internet of Things), Software Defined Vehicle (cf. in particular CSMS, UN/ECE R155, ISO21434) and KRITIS (critical infrastructures) we should already be looking for secure alternatives today.
Since 2017, the National Institute of Standards and Technology (NIST) in the USA has already been working on the evaluation of quantum computer-resistant asymmetric algorithms. However, standardization of the first algorithms from this evaluation process is not expected before next year.
Even if the standardization of quantum computer-resistant algorithms has not yet been completed, it is still advisable to gain experience with the use of the new algorithms now and to prepare IIoT products and vehicles for them through crypto-agility. This is because a system's high level of crypto-agility can enable it to switch to new secure algorithms quickly and cost-effectively.
Valuable insights into PQC
With our Post-Quantum Cryptography (PQC) whitepaper you can quickly dive deeper into the topic. We give you a condensed introduction to post-quantum cryptography and the current state of development. We also show possible migration scenarios towards PQC for your products.
To prepare you for the challenges posed by quantum computing, we provide consulting and assessment regarding the threats posed by quantum cryptography to your IIoT and vehicles. Using our harmonized six-step approach, we analyze your current situation and provide recommendations for your migration plan. In doing so, we take existing IT security or CSMS documentation as a starting point for the assessment or, if required, we can start the assessment without any existing preparatory work at all.
Six steps to the PQC action plan
Assets are functions, communication channels, functional architecture and data that are vulnerable to QC attacks. We analyze the assets of your IIoT devices at different stages of their lifecycle:
- Devices in production
- Devices under development
- Products that are at the idea, concept or design stage
- Based on the assets, we perform a risk analysis to identify threats and vulnerabilities and assess the risks.
-
We work with you to define your cybersecurity goals and identify the relevant cybersecurity controls for PQC.
-
We support you in prioritizing the cybersecurity goals (cost-benefit ratio).
-
We evaluate the crypto-agility of your systems with regard to hardware, software, protocols and standard products.
-
Finally, we propose measures to achieve the cybersecurity goals and develop a plan with you for their implementation.
-
After carrying out our analysis, you will know the points in your systems’ architecture where action is required with regard to PQC, and the associated risk. In addition, we will give you a cost indication for the implementation of the planned measures so that you can make a qualified decision about the next steps towards post-quantum cryptography based on the results from our consulting product.
For more information on cybersecurity and the Software Defined Vehicle (SDV), click here.