Hi @dcontesti 

The author is pointing out the amount of hype being generated by various other authors and countries such as China.   It is not a real, established scientific or professional term. It relates to the misuse of the word "quantum" as a buzzword in pseudoscience, marketing and pop culture.  

Often the Chinese in particular within their Universities have made claims, but when scruntinised have found to be false and misleading.  There is a significant amount of "Hype" being generated.

The application of quantum principles is a complex and ongoing area of research, but is often cited with fantastic or magical concepts.   So we have to be on the ball so to speak, to realise - trust but verify again, on exactly what their claim is.  Hence the term "Quantum Washing" to illustrate the growing and expanding amount of exaggeration within this fast moving world of Quantum Computing, Mechanics.   It illustrates unsubstantiated claims are being made, which are growing rapidly rather like automated advanced attacks via AI tools.

Regards

Caute_Cautim

Thanks John,

Unfortunately there are too many folks (countries) that stretch the truth.

I only have a beginner's knowledge of quantum and at this point in my career have no interest in gaining more.

Thanks for the explanation, it truly helps

d

@dcontesti 

Well I forecast about five years from now, you will be changing your current system to a Quantum Computer, Quantum Networking and Post Quantum Cryptography will be abound.   

There are some good "free" courses on IBM Skills build (https://skillsbuild.org/) great courses with practical examples, with good certificates via Credibly etc.   Well Recommended - if you change your mind.

It is coming, and it will affect us all no matter how senior or young you are

Keep developing..

Regards

Caute_Cautim

@Caute_cautim Happy to say that I will be taking down my shingle soon.

I realise that Quantum is the way of the future however not sure how Quantum will fit into a manufacturing environment where we cannot even patch.....

Thanks for the link to the course, I will spend sometime going through them

d

HI @dcontesti Well in critical infrastructure, it is even more important given encryption standards will be changing.  More emphasis on the actual equipment vendors themselves to prepare.  In Australia we have the SOCI Act, all critical infrastructure must migrate to PQC by 2030 this is mandated.  

You best way forward is to do a discovery, risk assessment on current systems - what is likely to at risk, and what the impact is likely to be, and then commence preparing a budget with management to resolve it.  In UK, they have similar mandates, along side USA, and Europe.  

The problem is going to be embedded electronics, IoT, IoMT systems, four years appears to be a long run way, it is not.  Prepare now, discovery, risk management and ensure management is educated.

Make sure you have a record, that you did raise it as a problem, they ignore at their own risk.

Regards

Caute_Cautim

Regards

Caute_Cautim

@Caute_cautim We already have a risk manifest with all systems classified along with the impacts.

I believe that some discrete manufacturers will have an issue upgrading some systems......

We have all systems classified in terms of risk, exposure, etc and can see issues in trying to comply to any "law' that states we must move to PQC by 2030,  I do not think these folks have taken a serious look at what they are asking.

some systems will be straight forward, but other systems such as physical sensors or actuators, etc might require a total retrofit of a production line which could cost in the millions/billions   

Not having seen the laws, it is difficult to see how this might affect those systems.  

In Canada, new laws (part of Bill C-8) theCritical Cyber Systems Protection Act (CCSPA) as well as existing guidance from the Canadian Centre for Cyber Security.

https://www.darktrace.com/blog/understanding-the-canadian-critical-cyber-systems-protection-act

d

Hi @dcontesti 

The other one, which I have reported previously on is the CA & Browser Forum mandate to shift:

External Certificates from 398 days expiration to 200 days commencing 15 March 2026

15 March 2027 expiration 100 days

15 March 2029 to 47 days

Domain Certificate Validation (DCV) 15 March 2026 to every 200 days 

DCV 15 March 2027 to every 100 days

DCV 15 March 2029 to every 10 days.

Above required Crypto-Agility for the forth coming PQC revolution.

Been doing a lot of risk assessment, financial assessment on the issues and penalties.

Happy to share my findings privately, if required to justify the rationale, as doing the same here with others too.

One need automation and a full Certificate Lifecycle Management (CLM) at CMM Maturity Level 4 to cope, Level 5 is required for Crypto Agility.

In addition within your risk register record the current specific cryptographic algorithms and mode being used - ideally you need a Cryptographic Bill of Materials similar to a SBOM.

Regards

Caute_Cautim