Quantum computing advancements are prompting security experts to warn Australian and New Zealand organisations to take immediate steps towards quantum readiness.
Dr. Amit Sinha, Chief Executive Officer of DigiCert, cautioned that the arrival of quantum computing will likely cause a disruption akin to the transformative impact seen by ChatGPT in artificial intelligence.
“One day you’ll wake up and realise the disruption has already happened. The big tech firms like Google, Microsoft, and AWS are racing for quantum supremacy, and the pace of advancement is staggering.”
Dr. Sinha addressed the reality of quantum timelines and emphasised the psychological and organisational hurdles companies face during such transformation. “Moving to quantum is a huge change for organisations, and whenever people and organisations are faced with a big change, they usually go through the five stages of grief: denial, bargaining, anger, depression, and acceptance. Today, 24% of organisations are still in denial about the risks of quantum computing. Our goal with the Quantum Readiness Day event is to help them move toward acceptance, because this is the year that shift must happen,” he stated.
The urgency of preparation
Industry, government, and academic experts present at DigiCert’s World Quantum Readiness Day highlighted the necessity for quick and concerted action. The timing of these warnings aligns with regulatory pace in Australia, as authorities increase focus on deadlines and standards for post-quantum cryptography (PQC).
Lakshmi Hanspal, Chief Trust Officer at DigiCert, underscored the compounding risk and cost of delay. “Every month you delay the transition, the risks compound. The expense of emergency migration under pressure will far outweigh the investment of starting early,” said Hanspal.
Colin Soutar, Deloitte’s Global Quantum Cyber Readiness Lead, reinforced this perspective: “Organisations that wait will end up paying more, financially, operationally, and reputationally.”
Guidance on migration
Deepika Chauhan, Chief Product Officer at DigiCert, provided pragmatic recommendations for organisations at the early stages of quantum transition.
“First, focus on creating a thorough inventory of your cryptographic assets, but don’t wait for that process to be complete before getting started. Second, assign clear owners to those assets, because ultimately they will be the ones responsible for driving the transition. And third, begin thinking about automation from the outset, as it will be critical to managing the scale and complexity of migration.”
The experts suggested that a proactive approach offers organisations the best chance to manage the scope and pace of change associated with quantum computing.
PQC algorithm milestones
Discussion also turned to the ML-DSA algorithm, which received approval as the first standardised PQC algorithm by NIST the previous year. William Whyte, Senior Director of Technical Standards at Qualcomm, explained ML-DSA’s relevance, noting that it is not vulnerable to quantum attacks and is poised to become a prominent replacement for existing RSA encryption.
Dr. Taher Elgamal, recognised as the originator of SSL, advised against complacency regarding single-algorithm solutions: “The migration from RSA to ML-DSA will not be the last. Agility is the way forward.”
APAC sector and government involvement
The development and adoption of post-quantum cryptography remains a key priority for government and industry stakeholders in the Asia-Pacific region. Daniel Sutherland, DigiCert Regional Vice President for ANZ, commented on collaborative initiatives and the Australian Cyber Security Strategy’s stance on quantum threats.
“Our team at DigiCert aligns with the Australian Government’s 2023–2030 Cyber Security Strategy, which identifies quantum threats as a resilience priority, and we are encouraged by the broader ecosystem’s progress in advancing PQC through research and pilots that will accelerate sector-wide adoption.”
DigiCert reiterated its confidence in meeting the needs of organisations during this transition, supported by its DigiCert ONE platform. The solution is positioned to provide flexible adaptation as cryptographic standards progress and offers features for managing the PQC migration process.