Post-Quantum Crisis in the ICT Supply Chain (Q02c)
CMMC requires employing approved cryptographic solutions to protect the confidentiality of CUI. However, within 10 years (and perhaps much sooner), current cryptographic solutions may become obsolete due to advancements in quantum computing. This talk will examine the current state of quantum computing as a means to breaking public-key cryptosystems (e.g., 2048-bit RSA) and highlight a recent research paper that could indicate factoring large prime number equations could take fewer qubits (quantum bits) than previously thought. This means our adversaries could crack the security used to protect the privacy of CUI in the ICT supply chain. Worse yet, the methods described in the paper were applied to lattice-based cryptosystems, which were considered “quantum-resistant” algorithms by NIST. We will conclude by providing advice on some practical steps organizations can take, today, to prepare for the post-quantum world – which may be coming sooner than we think.