The National Cyber Security Centre (NCSC) has published a timeline for organisations to ensure they can efficiently protect themselves against quantum-based cyber hacks.
The security agency, which is part of GCHQ, emphasised the importance of post-quantum cryptography (PQC), a new type of encryption designed to safeguard sensitive information from future risks posed by quantum computers.
The organisation says that by 2028, companies should both identify the cryptographic services that need upgrades and build a migration plan.
From 2028 to 2031, the NCSC said firms should execute high-priority upgrades and refine plans as PQC evolves.
By the third phase of the timeline from 2031 to 2035, all organisations should have completed migration to PQC for all systems, services and products.
Current encryption programmes rely on mathematical problems that current-generation computers struggle to solve. Quantum computers have the potential to solve these problems much faster, making current encryption methods insecure.
The NCSC said that migrating to PQC will help organisations stay ahead of this threat by deploying quantum-resistant algorithms before would-be attackers have the chance to exploit vulnerabilities.
New guidance from the organisation aims to ensure that migration is smooth and controlled to avoid rushing and potential gaps in security.
The NCSC said that for many SMEs, migration to PQC will be routine, as service and technology providers will deliver it as part of their normal upgrades.
However, for some larger organisations, PQC will require planning and significant investment.
NCSC chief technical officer Ollie Whitehouse said that as quantum technology advances, upgrading collective security is “essential.”
“Quantum computing is set to revolutionise technology, but it also poses significant risks to current encryption methods,” he added. “Our new guidance on post-quantum cryptography provides a clear roadmap for organisations to safeguard their data against these future threats, helping to ensure that today’s confidential information remains secure in years to come.”
