How Communications Companies Can Prepare for Q-Day

After a grueling eight years of testing, the National Institute of Standards and Technology (NIST) has finalized the first three algorithms that will form the backbone of the world's strategy to counter the potential threats of quantum computing. We have the first post-quantum cryptography (PQC) algorithms to defend against the inevitable attacks on "Q-Day," when a cryptographically relevant quantum computer (CRQC) comes online. Defense and government institutions have already begun integrating these algorithms into the security protocols of specific applications and services due to the long-term sensitivity of their data. Conversely, symmetric-key cryptographic algorithms are generally not directly affected by quantum computing advancements and can continue to be used, with potentially straightforward increases to key size to stay ahead of quantum-boosted brute-forcing attacks. The migration to PQC is unique in the history of modern digital cryptography in that neither traditional nor post-quantum algorithms are fully trusted to protect data for the required lifetimes. At first, they will likely use hybrid approaches to security, using both classical and post-quantum encryption schemes, as Apple and Amazon have done. Now that we have the essential first algorithms to build our arsenal against quantum computing threats, the next steps for the ICT industry will be critical. Like any security protocol, PQC must be implemented consistently across all exposed elements in the network chain because any link that isn't quantum-safe will become the focal point of any data harvesting attack. It's vital to deploy a defense-in-depth strategy — one that includes physics-based solutions like preshared keys with symmetric distribution and quantum key distribution (QKD) — but PQC will be a powerful security tool. His research interests span cryptography, quantum technologies, security, privacy-preserving technologies, and machine learning trends. They must adopt hybrid solutions now to combat harvest-now-decrypt-later attacks; embrace crypto agility, interoperability, and rigorous testing; and deploy a defense-in-depth strategy. Yet we know that any asymmetric cryptographic algorithm based on integer factorization, finite field discrete logarithms, or elliptic curve discrete logarithms will be vulnerable to attacks from a CRQC using Shor's algorithm. Large-scale proliferation of PQC is coming, as global standards bodies, such as 3GPP and IETF, have already begun incorporating them into the security protocols of future standards releases. Attention to interoperability will be key here, as crypto agility will ease the migration to pure quantum-safe algorithms in the future. Copyright © 2024 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.

This Cyber News was published on www.darkreading.com. Publication date: Thu, 03 Oct 2024 13:20:24 +0000


Cyber News related to How Communications Companies Can Prepare for Q-Day

What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
2 months ago Cyberdefensemagazine.com
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
11 months ago Techtarget.com
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
7 months ago Securityaffairs.com
Cybersecurity funding in 2024: Survival of the financially fittest - Attacker tactics, techniques, and procedures always evolve, which means companies will need new cybersecurity tools with improved capabilities. Cybersecurity startups raised massive rounds of funding with sometimes exorbitant valuations. ...
1 year ago Scmagazine.com
Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance ...
1 year ago Bleepingcomputer.com
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
11 months ago Darkreading.com
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own - Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. The company addressed the security flaw on systems running macOS Monterey and macOS ...
7 months ago Bleepingcomputer.com
SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022 - MSSPs took the lead in cybersecurity M&A in 2022 with twice as many deals as in 2021. An analysis conducted by SecurityWeek shows that more than 450 cybersecurity-related mergers and acquisitions were announced in 2022. In 2022, we tracked a total of ...
1 year ago Securityweek.com
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro ...
1 year ago Bleepingcomputer.com
CISA Updates Toolkit with Nine New Resources to Promote Public Safety Communications and Cyber Resiliency - The Cybersecurity and Infrastructure Security Agency collaborates with public safety, national security, and emergency preparedness communities to enhance seamless and secure communications to keep America safe, secure, and resilient. Any ...
7 months ago Cisa.gov
CISOs and Their Companies Struggle to Comply With SEC Disclosure Rules - About six months ago, CISO Steve Cobb noticed that the contract language proposed by public companies had some notable additions. In the case of a breach, publicly traded companies wanted more control over how their third-party providers responded to ...
7 months ago Darkreading.com
Worried about job security, cyber teams hide security incidents - Between a growing talent shortage, alert fatigue, and new sophisticated attack methods, companies are more susceptible than ever. The research reveals that 40% of cyber teams have not reported a cyber incident out of fear of losing their jobs - a ...
7 months ago Helpnetsecurity.com
Securities and Exchange Commission Cyber Disclosure Rules: How to Prepare for December Deadlines - Starting Dec. 18, publicly traded companies will need to report material cyber threats to the SEC. Deloitte offers business leaders tips on how to prepare for these new SEC rules. The U.S. Securities and Exchange Commission’s new rules around ...
1 year ago Techrepublic.com
SEC Shares Important Clarifications as New Cyber Incident Disclosure Rules Come Into Effect - The US Securities and Exchange Commission has shared some important clarifications on its new cyber incident disclosure requirements, which come into effect on Monday, December 18. The SEC announced in late July that it had adopted new cybersecurity ...
1 year ago Securityweek.com
Tracking Cybersecurity Progress at Industrial Companies - Although cybersecurity has become a priority at many manufacturing companies, risks have increased at the same time. To better understand how companies are addressing heightened risks, Manufacturers Alliance and Fortinet partnered to study the ...
1 year ago Feeds.fortinet.com
Cisco discloses new IOS XE zero-day exploited to deploy malware implant - Cisco disclosed a new high-severity zero-day today, actively exploited to deploy malicious implants on IOS XE devices compromised using the CVE-2023-20198 zero-day unveiled earlier this week. The company said it found a fix for both vulnerabilities ...
1 year ago Bleepingcomputer.com
The Cybersecurity Bridge: A Necessary Connection for IT and Communications - With the increasing unpredictability and sophistication of cyber threats, IT and communications departments must align and build a joint cybersecurity strategy to protect client information and stakeholders from costly negative impacts. To further ...
10 months ago Cyberdefensemagazine.com
5 Steps for Preventing and Mitigating Corporate Espionage - Here are five key strategies companies should implement to prevent and mitigate corporate espionage. The absence of an NDA can expose a company to significant risks, including unauthorized disclosure and misuse of confidential information. Companies ...
11 months ago Darkreading.com
Nation-State Threats and the Rise of Cyber Mercenaries: Exploring the Microsoft Digital Defense Report - To illuminate the evolving digital threat landscape and help the cyber community understand today's most pressing threats, we released our annual Microsoft Digital Defense Report. This year's report focuses on five key topics: cybercrime, ...
1 year ago Csoonline.com
The Imperative for Robust Security Design in the Health Industry - COMMENTARY. In an era dominated by digital innovation and technological advancements, healthcare companies find themselves at the intersection of immense opportunity and equally unprecedented risk. The digitalization of patient records, electronic ...
10 months ago Darkreading.com
The Evolving Threat Landscape: Where Out-of-Band Communications Fit - On August 10, 2023, the Cyber Safety Review Board publicly released a critical report detailing cyberattacks perpetrated by Lapsus$ and related threat groups. The report came approximately a year and a half after Microsoft first warned about the ...
11 months ago Securityboulevard.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
8 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
8 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
8 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
8 months ago Cybersecurity-insiders.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)