The AIVD calls on organizations to actively think about protecting sensitive data against the quantum computer. The security service is calling on IT security officers to prepare for the impact that quantum computers will have on cryptography.
Experts expect that we are still about 10 to 20 years away from a quantum computer that can crack the current cryptographic standard. The chance that this will happen in the next ten years is small, but according to the AIVD it is important that organizations take appropriate measures now.
Measures are already necessary, according to the AIVD, because quantum computers may be able to crack the current cryptographic standards faster than is currently expected. In addition, the data that is now sent encrypted can be intercepted somewhere and then deciphered years later. That is why the security service wants to point out the precautions they can take with a brochure.
The AIVD mentions ‘post-quantum cryptography’ as a solution. This form of cryptography is based on mathematical problems that are difficult to crack by quantum computers. Good standards of this type of cryptography are ‘not yet mature’, according to the AIVD, but organizations can already prepare their systems for the arrival of these new standards.
Finally, the AIVD advises to protect sensitive data that is not allowed to come out with both a low-level asymmetric cryptography and a low-level symmetric cryptography. It may also be a consideration to take really sensitive data completely offline, according to the security service.
Tests with quantum computers in recent years have already shown that specific calculations can be performed much faster than with an ordinary computer. Until now, the development of these quantum computers has not yet reached a stage where this technology can be used for cracking cryptography, although a new breakthrough is regularly claimed by researchers, for example by Google in 2019 and by China last summer.