Source URL: https://www.theregister.com/2025/03/20/ncsc_post_quantum_cryptogrpahy/
Source: The Register
Title: The post-quantum cryptography apocalypse will be televised in 10 years, says UK’s NCSC
Feedly Summary: Wow, a government project that could be on time for once … cos it’s gonna be wayyyy more than a decade
The UK’s National Cyber Security Centre (NCSC) today started the post-quantum cryptography (PQC) countdown clock by claiming organizations have ten years to migrate to a safer future.…
AI Summary and Description: Yes
Summary: The UK’s NCSC highlights the urgency for organizations to prepare for post-quantum cryptography (PQC) in light of future quantum computing threats. The strategy outlines critical milestones over the next decade, emphasizing that organizations must prioritize their migration goals to ensure the integrity of sensitive data against potential quantum attacks.
Detailed Description:
The UK’s National Cyber Security Centre (NCSC) has initiated a countdown towards a significant shift from traditional encryption methods to post-quantum cryptography (PQC), addressing the impending risks posed by quantum computing advancements. Here are the major points highlighted in the guidance:
– **Ten-Year Migration Timeline**: Organizations have a decade, until 2035, to transition to PQC, with defined milestones to ensure preparedness for quantum threats.
– **Key Milestones**:
– **By 2028**: Organizations must set migration goals, identify systems requiring upgrades, and develop initial plans for transition.
– **By 2031**: Complete the highest-priority migrations and refine initial plans to ensure a clear pathway to full PQC adoption.
– **By 2035**: Complete all PQC migrations across systems, products, and services.
– **Sector-specific Guidance**: The NCSC acknowledges varying levels of dependency on encryption across industries. Financial institutions and telecommunication businesses may face stricter deadlines, while small and medium enterprises relying on commodity IT will have less complexity, as vendors manage transitions for them.
– **Complex Migration Considerations**:
– Organizations with critical national infrastructure (CNI) may face additional challenges due to complex systems.
– Operational technology (OT) organizations will need to secure internet-connected devices specifically, with challenges relating to device upgrades and replacements.
– **Financial Implications**: The NCSC emphasizes the need for organizations to budget for both the preparatory work leading up to the migration and the migration itself, as significant costs are expected.
– **Security Risks**: As quantum computing evolves, existing public key cryptography (PKC) will become inadequate for protecting sensitive information. Organizations need to prepare for the adoption of new algorithms, as relying solely on current methods will leave them vulnerable.
– **Industry Predictions**: Experts have differing opinions on when practical quantum computing will materialize, which complicates the urgency for migration. The NCSC’s timeline is considered cautious amidst growing discussions of rapid advancements in quantum technology.
– **Future Standards**: The National Institute of Standards and Technology (NIST) has published PQC standards that organizations can begin to implement. However, a simultaneous operation of both PKC and PQC will likely be necessary during the migration phase.
Overall, the NCSC’s guidance underscores the critical importance of proactive planning and execution in transitioning to new cryptographic standards, highlighting opportunities for enhancing security frameworks against evolving cyber threats posed by quantum computing. This migration not only serves as a necessary defense but also as a means to significantly bolster an organization’s overall cybersecurity posture.