The amount of time that an organization will have to transition its systems to use new quantumsafe cryptography (QSC) depends on three factors: - the migration time: the number of years the organization will need to migrate all of the systems that handle its important data to new quantum-safe cryptography; - the shelf-life time: the number of years that the organization’s important, high-value information needs to be protected; and - the threat timeline: the number of years before relevant threat actors will be able to break the organization’s existing, quantum-vulnerable, cryptography. ^[https://globalriskinstitute.org/publication/2023-quantum-threat-timeline-report/] ![[Pasted image 20241129182843.png]] Worth noting that: - organizations may need many years to migrate to Quantum-safe cryptography; and - many organizations have important information (e.g., trade secrets, customer data, business plans) that they wish to keep confidential for a long time. In the worst case, a threat actor will be able to use a quantum computer to break the encryption protecting important information before that data is protected by QSC. Some threat actors (e.g., nation state level adversaries) are known to be harvesting copies of encrypted information today, and storing it for decryption in the future. Thus, any information that needs to be kept confidential for a long time (e.g., more than 10 years) may already be at risk of “harvest now, decrypt later” attacks. It must be noted that the shelf-life time for critical data and information such as trade secrets can be over 50 years. ![[Pasted image 20241129183245.png]] In the best case, organizations that begin to assess their quantum-readiness now will have time to migrate their most important systems to use quantum-resistant cryptography before threat actors (and business competitors) obtain quantum computers. ^[https://www.technologyreview.com/2021/11/03/1039171/hackers-quantum-computers-us-homeland-security-cryptography/] ^[https://inews.co.uk/news/technology/quantum-computer-can-break-any-password-2343600] ![[Pasted image 20241129183303.png]] ![[Pasted image 20241129182938.png| The opinions (of 37 experts from 15 countries) suggest that the quantum threat will become non-negligible relatively quickly and it could well become concrete sooner than many expect. For example, 20 out of 37 respondents felt the threat was more that 5% likely within a 10-year timeframe, while 17 respondents indicated a likelihood of 50% or more in the same timeframe. ]]