Singapore’s Cyber Security Agency (CSA) is set to introduce guidelines, starting in 2025, to help organisations prepare for the looming threat posed by quantum computing. Experts predict that by the early 2030s, quantum computers could possess the computational power necessary to break current encryption standards, potentially compromising the security of most of the world’s data and infrastructure.
The quantum threat
Quantum computers, though not yet replacing classical computers in practical use, are advancing rapidly. This progress has raised alarms about their potential to decrypt data that is currently considered secure. In response to this threat, the U.S. National Institute of Standards and Technology (NIST) released its first three official cryptography standards for the quantum age in August, with a fourth standard in the pipeline. These standards are designed to protect data against the capabilities of both quantum and classical computers.
CSA’s proactive measures
The CSA is prioritising essential service providers, including those in health care, telecommunications, finance, and public utilities, as well as select government agencies. The agency’s spokesperson emphasised the importance of preparing for migration to quantum-safe systems, which involves conducting quantum-safe risk assessments, identifying and prioritising key data assets, and making an inventory of where cryptographic algorithms are used and what needs to be migrated.
Complex transition
Transitioning to quantum-safe systems is expected to be a complex and lengthy process. IBM, which is involved in developing the NIST standards, estimates that organisations could take up to 12 years to fully adopt post-quantum cryptography (PQC). This transition will require organisations to implement more sophisticated security measures, such as segmented networks, AI-based authentication, and IT policy-based protection.
Guidance and tools
CSA plans to release guidance progressively, based on organisations’ requirements and the performance and security considerations of available solutions. Enterprises may also consider commercial products, such as hardware security modules, key management services, cryptographic libraries, and digital service providers, to facilitate their migration.
Strategic planning
Professor Alexander Ling, principal investigator at Singapore’s National Quantum-Safe Network, advises businesses to monitor trends and adopt standards endorsed by regulators. He highlights the importance of understanding the value and confidentiality lifespan of data. For data with a short lifespan, businesses might wait for more solutions to become available. However, for data with a long confidentiality lifespan, such as patient data or trade secrets, early action is recommended.
Conclusion
The CSA’s initiative underscores the critical need for organisations to prepare for the quantum era. By staying informed and planning strategically, businesses can better defend their digital communications and data against future quantum threats.
Reed Smith LLP is licensed to operate as a foreign law practice in Singapore under the name and style Reed Smith Pte Ltd (hereafter collectively, "Reed Smith"). Where advice on Singapore law is required, we will refer the matter to and work with Reed Smith's Formal Law Alliance partner in Singapore, Resource Law LLC, where necessary.
Client Alert 2024-243