With the rise of Quantum Computing, and its incredible power to decrypt various ciphers used for WIFI, VPNs and TLS based communication, what is the exposure and timeline for this, and what should you do as a CIO.
Almost all secure communication today uses math for encryption that is vulnerable to decryption by Quantum Computing, using algorithms like Shor’s and Grover’s. You really don’t need to understand how that works. Very few people do.
NIST and other security organisations work day in and day out trying to ascertain which algorithms are vulnerable and making recommendations for what ciphers to use in the future. Likely the recommended list of ciphers will change over time as new Quantum decryption algorithms appear.
So, what is the exposure, really?
Well, think about your corporate network as layers. At the bottom layer you have physical security. Ports, switches, cables etc. Either that part of your network is secure, or it’s not. If it’s not, it’s possible that your physical network has been exposed to cyberthreat risks, meaning that someone could inject or listen to your communications.
If that’s the case, your communication is still likely secure at the transport/application layer, using TLS or similar protocols. So that means hackers could be listening to your traffic, but all they see is IP headers, volumetrics, etc. The application layer that includes your usernames, passwords, and sensitive payload is still secure.
Same if your WIFI is being monitored. WIFI security like WPA2 is the first layer security. Anyone could be sniffing your RF, but WPA2 security hides the inner frames. Inside of the WPA2 security would again be the TLS security.
Same on your VPN or IPSEC tunnels. Likely two layers of encryption at play, like belts and suspenders.
Quantum Decryption would break both of these. WPA2 is vulnerable, as is generally TLS.
All of this is changing, as the world is waking up to the risks of Quantum Decryption. So in the future, new WIFI protocols and new TLS ciphers will be increasingly hard to decrypt.
But, if someone is listening NOW, and either storing packets for later decryption or decrypting them today, they will be able to extract usernames, passwords and sensitive information from the networks.
And here comes the real challenge, as the new secure methods are introduced, it will take a really long time to deploy this across all of your devices, users and sites.
And how do you even know what parts of your communication is vulnerable and what is at risk?
How many endpoints are in your network?
How many BYOB devices?
How many CCTV cameras?
How many switches, routers, proxies, firewalls, etc?
How many servers and laptops?
How many SaaS endpoints or other corporate cloud resources?
It’s clear that the long-term fix here is to continuously follow recommendations from NIST and make sure that all endpoints in your network exclusively use ciphers that are Quantum Decryption secure. But how do you do that?
As it stands today, the recommended protocols are CRYSTALS-Kyber for encryption and Dilithium for authentication.
The answer, as always with AppLogic Networks is that it starts by understanding your network and your traffic.
By monitoring your network traffic, and highlighting the ciphers used by every endpoint where they are vulnerable to Quantum decryption.
Any device, user, application and flow could be vulnerable. So, you need to monitor all traffic, 24/7, to make sure you’re not exposed.
Likely IoT devices will be the longest pole in the tent here. Legacy IoT devices that are on your network, but the vendor may be slow to update their software stacks, or stuck on legacy protocols where no secure protocols exist.
For now, it’s fairly unlikely that your network will be compromised by quantum decryption. Quantum Computing devices are still rare and expensive. But that won’t be true for long. This is the time to act.
Start the journey to take vulnerable ciphers and protocols out of your network. And to do that, you need to start monitoring your network to highlight the ciphers used. That’s where AppLogic Networks can really help you.
Only by monitoring every flow of your network communication can you be sure that you are not vulnerable to Quantum Decryption attacks.
To learn more or to see a demonstration, please contact us here.
Download a copy of the 2025 Global Internet Phenomena Report here.
Follow our ongoing product developments on LinkedIn here.
Follow Alexander Haväng on LinkedIn here.