A public-private agency that helps Canadian organizations shift to technologies that protect their encrypted data from being broken by quantum computers has been given a federal grant of $675,000 to help its work.
Public Safety Canada said Tuesday that the money going to Quantum-Safe Canada will support its work to prepare the country’s critical infrastructure for the quantum threat.
Organizations that hold encrypted data include governments, financial institutions, energy providers, research facilities, telcos, and manufacturers of sensitive products.
Quantum computers capable of breaking current encryption may be years away but organizations have to start preparing now, agency executive director Michele Mosca said in an interview.
And ‘now’ means they should have their transition plans to quantum-safe solutions finished by next year. That’s because standardized quantum-resistant encryption algorithms are expected to be approved by the U.S. National Institute of Standards and Technology (NIST) in 2024, so high-risk organizations can begin their transition. That will include selecting solution providers and testing their solutions.
“The top critical infrastructures with a big IT footprint really should be wrapping up their preparation and assessment phase in a year or so and be starting the roadmapping by 2024. By that year, things will start kicking into gear on the solutions side. The standardized algorithms will be ready and there will be no need to delay,” Mosca noted.
Countries not necessarily friendly to the West, including China and Russia, are pouring hundreds of millions into quantum computing research. No one is quite sure when they will be able to produce a machine that can crack current encryption.
But, Mosca said, given the time it will take for organizations to migrate to quantum-resistant solutions, they can’t wait until one is churning away.
“You have to at least tentatively pick a date by which you want your systems ready. You have to look at your risk tolerance, and if it’s less than 10 per cent” — meaning a 10 per cent chance of broken encryption will cause the firm serious damage — “you really want to have migrated within 10 years.
“Some people may not want even a one per cent chance, in which case they have to do something faster,” he added.
Major governments are aiming to transition their critical applications by the early 2030s, he pointed out. That may be nine years away, but Mosca warned it will take a lot of work to upgrade systems.
Don’t forget, he added, the Canadian, U.S. and other governments have already decided to migrate their systems to quantum-safe solutions.
Quantum-Safe Canada is a not-for-profit whose governing board includes Sami Khoury, head of the federal government’s Canadian Centre for Cyber Security; Robert Gordon, former executive director and currently strategic advisor of the Canadian Cyber Threat Exchange; Vanda Vicars, chief operating officer of the Global Risk Institute in Financial Services; and consultant Brian O’Higgins, an expert in public-key infrastructure.
Mosca, who also sits on the board, is a co-founder of the Institute for Quantum Computing and a professor at the University of Waterloo, as well as a co-founder of a quantum software startup called EvolutionQ.
There are four steps to quantum readiness, he said: Understanding what the problem is, understanding what it means to the organization and its peers, planning and testing quantum-safe solutions and, finally, deploying the solutions.
The funds announced Tuesday are small compared to the monies available in the public and private sectors for fundamental quantum research, he said. But money for awareness is vital.
This particular grant will help the energy and finance sectors understand the “early preparation steps we neglect and wish [later] we had done.”
The funds will also be spent to help identify the skills needed for the transition and implementation stages so vendors, colleges and universities can train and expand the workforce.
“It’s not just a few computer science programmers writing code that will be needed,” he stressed. Project planners, managers, system integrators, experts in risk assessments, business analysts and more will be needed. And it wouldn’t necessarily mean years of training. It could mean adding an extra course to a college degree,” he added.
The federal funds come from Ottawa’s Cyber Security Co-operation Program, which was launched in 2019 under the National Cyber Security Strategy. Through the program, $10.3 million in funding was allocated to support projects that contribute to positioning Canada as a global leader in cyber security.