It’s time to start the inventory process now and lay the groundwork for the measures to be taken
Quantum computers pose a real threat to traditional encryption. Given the detrimental effects, Proximus experts Peter Spiegeleer and Kristof Spriet emphasize the need to switch to post-quantum cryptography in good time.
Encryption algorithms protect confidential data and communications, whether emails, medical records, or financial statements. “Cryptography is one of the foundations of any security architecture,” explains Peter Spiegeleer, Enterprise Security Architect, Proximus.
“It is present in all technical security controls: either the security service relies directly on cryptography, or the components of the service communicate with each other using underlying encryption algorithms. Threats or new vulnerabilities in cryptography affect all organizations, as they have a direct impact on data confidentiality and integrity or the authentication of interacting parties. “
Anticipating future threats
A secure SD-WAN and SASE architecture uses classic cryptographic algorithms, such as ECC and RSA-2048. These are based on mathematical problems that are difficult to solve. ”For example, RSA encryption relies on the factorization of large numbers,” says Peter Spiegeleer.
Asymmetric algorithms are difficult to solve, but not impossible to decrypt. “Thirty years ago, academics Peter Shor and Lov Grover developed algorithms capable of compromising commonly used cryptographic algorithms,” recalls Peter Spiegeleer. Current quantum computers are not yet capable of decrypting this information, but the threat is becoming more apparent. “ Gartner predicts that asymmetric cryptography will become insecure by 2029 and obsolete by 2034.
Data integrity in quantum computing
“Quantum computers use qubits that can perform certain mathematical calculations much more efficiently than conventional supercomputers,” explains Kristof Spriet. “A hacker with a quantum computer could decrypt information, compromise digital signatures, and compromise the integrity of communications. Hackers are already storing current information to decrypt it later.” This tactic requires immediate action.
Peter Spiegeleer: “The NIST indicates that by 2030, most public key cryptography standards will be obsolete, and prohibited from 2035 onwards. The SRI 2 directive will also impose specific rules. So remaining inactive is not an option!”
Post-quantum encryption algorithms
The key lies in implementing post-quantum algorithms for hardware and software. NIST launched a project in 2016 to develop unbreakable algorithms. “After a third round in 2024, NIST selected three algorithms: ML-KEM, ML-DSA, and SLH-DSA,” explains Peter Spiegeleer.
Quantum Readiness Assessment
This step provided a framework for preparing for migration. Proximus launched its internal process with a quantum readiness assessment. “This resulted in a quantum security density map, areas for action, and a roadmap,” says Peter Spiegeleer.
In the second phase, experts translate this knowledge into architectural and technical migration models. The Cryptographic Bill of Materials (cBOM) lists the cryptographic components used. “Based on this, an impact analysis determines the priorities,” emphasizes Kristof Spriet. “We use automation tools and analyze network traffic to identify vulnerabilities.”
cBOM and cryptographic agility
The cBOM encompasses all cryptographic resources. It helps ensure compliance with standards. The infrastructure is constantly evolving, so risks must be managed on an ongoing basis.
Kristof Spriet emphasizes cryptographic agility. “The three algorithms selected are the most secure according to current knowledge. But they could evolve. Agility makes it easy to adapt systems. “
Valuable information
Proximus’ post-quantum project has identified vulnerabilities. ”Suppliers must also be audited to ensure they are aligned with the CPQ strategy,” explains Peter Spiegeleer. For example, preventing an SD-WAN supplier from continuing to use obsolete algorithms. Continuity must also be sought in hybrid and cloud environments. “
Conclusion
Both experts agree that the path to quantum security and cryptographic agility requires considerable effort. ”However, doing nothing is not an option. I advise companies and organizations to start the inventory process now and lay the groundwork for the measures to be taken. This is an approach in which we, as Proximus NXT, can leverage our experience to offer best practices.”
Read the full interview with Peter Spiegeleer and Kristof Spriet and find out why CPQ is becoming essential today.
On November 27, Peter Spiegeleer will host the thematic session “Approaching Q-Day: closing the cybersecurity gap” at Think NXT. Attend and find out how to prepare your data security for the future.
