Microsoft has recently written to organizations suggesting that the time is now to begin preparations for potential future quantum based cyberattacks. An additional aim of this initiative is to gain a deeper understanding of the preparedness and relevance of various firms towards this possible risk. Microsoft is urging companies to complete a questionnaire that could help both the software giant and the organizations understand the current cybersecurity status, the areas needing attention, and how it could possibly support them, including the availability of experts for assistance.
Cutting Edge Software Tools and Initiatives
Microsoft is investing in the development of CodeQL, a software tool dedicated to the analysis of program code. This tool has the potential to deliver what Microsoft refers to as a “cryptographic bill of materials” and to identify areas in legacy cryptographic technology that needs to be upgraded or improved. Alongside this, Microsoft introduced the Crypto Experience for Azure Quantum Resource Estimator, which is designed to assess the security level of currently utilized public keys. This tool offers the advantage of seamlessly integrating with Copilot, Microsoft´s AI offering that is equipped with features under the umbrella of Azure Quantum.
The Quantum Factor in Cybersecurity
Quantum computing has the potential to disrupt traditional methods of encryption. Currently deployed systems can still continue to leverage symmetric algorithms like the Advanced Encryption Standard (AES) and hash functions like the Secure Hash Algorithm (SHA), since they have been found to be resistant against potential quantum attacks. This information was included in the announcement from Microsoft, citing the already active application of protocols based on symmetric encryption within Microsoft itself.
Microsoft's EVP for security, Charlie Bell, had pointed out back in May how quantum computing could overturn encryption methods. Explaining in layman's terms, he highlighted that the existing encryption is founded on the RSA algorithm that has been in use since the 70s, which functions by compelling computers to discover the factors of enormous numbers to penetrate the encryption. This is a task that would need a millennium for standard computers to solve. Nevertheless, quantum computers armed with Shor's algorithm could resolve this in minutes.
An Urgency to Act
In tandem with this prediction of quantum computing abilities, Bell mentioned that presently existing quantum computers are not yet capable of breaking the encryption due to a requirement of handling more than a million stable qubits, thousands of times more than the current capacity of quantum computers. However, he has also cautioned that sophisticated machines might well be on the horizon, and could potentially fall into the wrong hands. This concern is further reinforced by the fact that Microsoft itself plans to offer quantum computing services via its Azure datacenters, while vowing to implement controls for preventing misuse.
Subsequent to their recent warnings, both Microsoft and Bell expressed concern that cyber attackers might already be preparing for the advent of quantum breakthroughs by practising “harvest now, decrypt later” strategies. These factors underpin the urgency for immediate action since the process to become quantum safe could be time-consuming for most firms. Bell suggests organizations should begin by putting together a list of key data and cryptographic technologies. Microsoft has already begun assisting several customers and partners, notably in risk-sensitive industries, to devise strategies for transitioning to become quantum safe.