@dcontesti It will take time, they will have to change over to Quantum Key Management (QKM) and test every application before the migrate. A degree of crypto agility will be required, because there may be interim stages and systems are tested and new algorithms released. The main issue initially will be to create the CBOM, on exactly what the existing system use, the keys, the owner etc. This will be important, and then to go into testing phase, which will take time to conduct steadily. It will take years.
Recent, developments state 2026 will be a 1 in 7 chance of RSA being broken, but others are predicting this may happen before this. The main issue, is the preparation, planning and testing and developing crypto agility to be able to switch as necessary. Unfortunately many state nations are now conducting testing on OT systems especially on the USA systems, to see what they can gain - or test their ability to enter such systems and cause general disruption if possible. It is easy to think, it will not happen, but human beings are often human beings, they make mistakes, different priorities arise, and things get put aside and forgotten.
Yes, I understand the distinction between Engineers and safeguarding OT systems, pumps, and systems which are meant to last 30 years plus. With the advent of AI, and the use of constantly testing systems, from afar, may actually find identify weaknesses, which were previously not seen to be at risk.
Imagine, having to find all the IoT systems, within a medical infrastructure, where often these are expected to last for many years without having to be upgraded or change the underlying crypto algorithms or key managements systems. If the Payments Industry rebelled when SSL V3 was stated as being under attack, and asked for a two year delay, even when it was known such systems were under threat, what hope for systems, where they are deeply embedded using traditional algorithms and systems? Next year 2024, should be an insightful year, and many issues will arise, whether they are compliance, regulations or whether your data needs to be kept encrypted for 100 years in the case of the Japanese health regulations - average life of a human people in Japan etc. Once, Shor's algorithm, has formally been proven and vindicated with the first Quantum Computer able to actually break 2048-bit RSA, then it may actually be a wake up call for action. For some, it may actually be too late, given that NIST issued their guidance in 2022 previously. With the addition of AI capabilities assisting the bad actors, I think things will become highly lively in the near future.
But we can only wait and see at the present time.
It is coming, and we just need to be prepared and manage it all.
Happy Christmas and a happy New year to all
Regards
Caute_Cautim
