Cloud CISO Perspectives: Prepare early for PQC to be resilient against tomorrow’s cryptographic threats
Phil Venables
VP, TI Security & CISO, Google Cloud
Christiane Peters
Security Architect, Office of the CISO, Google Cloud
Hear monthly from our Cloud CISO in your inbox
Get the latest on security from Cloud CISO Phil Venables.
SubscribeWelcome to the second Cloud CISO Perspectives for February 2025. Today, Christiane Peters from our Office of the CISO explains why post-quantum cryptography may seem like the future’s problem, but it will soon be ours if IT doesn’t move faster to prepare for it. Here’s what you need to know about how to get your post-quantum cryptography plans started.
As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.
--Phil Venables, VP, TI Security & CISO, Google Cloud
Prepare early for PQC to be resilient against tomorrow’s cryptographic threats
By Christiane Peters, security architect, Office of the CISO, Google Cloud
Post-quantum cryptography adoption is rapidly becoming a reality, and the need for active deployment and implementation is becoming increasingly urgent — sooner than you might think.
We know that eventually, perhaps sooner than expected, cryptographically-relevant quantum computers (CRQC) will be able to break some of the critical cryptography that underpins today’s cybersecurity infrastructure. There are two CRQC risks we can prepare for now (with an in-depth analysis available here):
- Harvest Now, Decrypt Later attacks, where a threat actor steals encrypted data that they anticipate decrypting by an as-yet unbuilt CRQC in the future.
- Threat actors could use a CRQC to forge digital signatures and implant them in compromised firmware or software updates.
However, unless you have national security data, immensely valuable long-term intellectual property, long-term sensitive communications, or a cryptographic architecture where small numbers of keys can unlock all previously encrypted data, then neither of the above is quite as serious a risk as some people would have you think.
The more significant risk for most business leaders and organizations is that implementing post-quantum cryptography (PQC) will take a long time, as Phil Venables’ noted in a recent blog on how executives should take a tactical approach to implementing PQC.
PQC is the industry effort to defend against those risks — a bit like the Y2K movement, but scaled for the 21st century. PQC is defining the cryptographic standards and implementing newly-designed algorithms that are expected to be resistant to attacks by both classical and quantum computers.
Business leaders should be taking a closer look at PQC, and be discussing how to implement it with their security teams. Preparing PQC can help you reduce the risks you’ll face in the future, and make them more resilient to the challenges of evolving technology.
While a decade in the future may seem very far away, the reality is that the work needed will take that long to prepare — and waiting might mean you are already too late.
Many organizations are working on post-quantum cryptography, including the U.S. National Institute of Standards and Technology. NIST published quantum-safe cryptographic standards last summer, and in November suggested a transition timeline to retire some of today’s public-key cryptosystems by 2030, and no later than 2035.
Together, these efforts have begun enabling technology vendors to take steps toward PQC migrations. Crucially, all of NIST’s PQC standards run on the classical computers we currently use.
At Google, we take the post-quantum cryptography risks seriously. As part of our years-long efforts to prepare for the arrival of a CRQC world, last week we introduced quantum-safe digital signatures in preview as part of Google Cloud Key Management Service. This follows strategy and development efforts going back a decade, including PQC tests in Google Chrome in 2016, protecting internal communications with PQC since 2022, and additional quantum-safe protective measures across our products and services.
NIST’s new standards are an important step in the right direction, but PQC migration won’t happen even in 12 months. While a decade in the future may seem very far away, the reality is that the work needed will take that long to prepare — and waiting might mean you are already too late. There are four key steps you can take today to prepare for post-quantum cryptography.
- Develop a plan: CISOs, CIOs, and CTOs should craft a roadmap for implementing quantum-resistant cryptography. This plan should balance cost, risk, and usability, while ensuring the new algorithms are integrated into existing systems.
- Identify and protect: Assess the data and systems most at risk from quantum threats, including all systems using asymmetric encryption and key exchange, systems using digital signatures such as PKI, software and firmware signatures, and authentication mechanisms. Refer back to Google's quantum threat analysis to help determine which changes should be addressed first.
- Anticipate system-wide effects: Analyze the broader risk that a PQC migration could pose to other systems. This could be similar to the Y2K problem where the format of data (for example, larger digital signatures) in databases and applications might need significant software changes beyond the cryptography.
- Learn from experience: Reflect on how your organisation has tackled previous cryptography-related challenges, such as the Heartbleed vulnerability in TLS and retiring SHA1. Build an understanding of what worked well and what improvements were needed to help guide your approach to PQC adoption. Conducting a tabletop exercise with leadership teams can help identify potential challenges early by simulating the migration of cryptographic systems.
Given that we don’t know exactly how far off a cryptographically-relevant quantum computer is, and that we’re facing associated risks today, experience tells us that in the wrong hands quantum computing could be used to compromise the privacy and security of digital communications across industries and borders. Taking action early can help ensure a smooth transition to quantum-resistant cryptography and stay ahead of evolving expectations.
Please visit our post-quantum cryptography hub for more information.
In case you missed it
Here are the latest updates, products, services, and resources from our security teams so far this month:
- Get ready for a unique, immersive security experience at Next ‘25: Here’s why Google Cloud Next is shaping up to be a must-attend event for security experts and the security-curious alike. Read more.
- Next ‘25 can help elevate your cybersecurity skills. Here’s how: From red teaming to tabletop exercises to the SOC Arena, Next '25 has something for security pros and newcomers alike. Read more.
- How Google uses threat intelligence to uncover and track cybercrime: Google Threat Intelligence Group’s Kimberly Goody takes you behind the scenes and explains threat intelligence helps us find and monitor cybercriminals. Read more.
- 5 key cybersecurity strategies for manufacturing executives: Here are five key governance strategies that can help manufacturing executives build a robust cybersecurity posture and better mitigate the evolving risks they face. Read more.
- Announcing quantum-safe digital signatures in Cloud KMS: We’re introducing quantum-safe digital signatures in Cloud KMS, and we’re sharing more on our PQC strategy for Google Cloud encryption products. Read more.
- Collaborate without compromise: Introducing Isolator open source: Isolator is a purpose-built, secure collaboration tool that can enable organizations to work with sensitive data in a controlled environment in Google Cloud. It can help solve the problem of giving collaborators access to restricted data and tools when building solutions that involve sensitive information. Read more.
Please visit the Google Cloud blog for more security stories published this month.
Threat Intelligence news
- Multiple Russia-aligned threat actors targeting Signal: Google Threat Intelligence Group has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia's intelligence services. Read more.
- Phishing campaigns targeting higher-education institutions: Google’s Workspace Trust and Safety team and Mandiant have observed a notable increase in phishing attacks targeting the education industry, specifically U.S.-based universities, as well as a long-term campaign, targeting thousands of educational institution users each month. Read more.
Please visit the Google Cloud blog for more threat intelligence stories published this month.
Now hear this: Google Cloud Security and Mandiant podcasts
- Metrics, challenges, and SecOps hot takes from a modern bank CISO: Dave Hannigan, CISO, Nubank, discusses the ups, downs, and surprises that only CISOs at a cutting-edge financial institution can face, with hosts Anton Chuvakin and Tim Peacock. Listen here.
- Using threat intelligence to decode the underground: Kimberly Goody, cybercrime analysis lead, Google Threat Intelligence Group, takes behind-the-scenes look with Anton and Tim at how GTIG attributes cyberattacks with high confidence, the difficulty of correlating publicly-known tool names with threat actors’ aliases, and how GTIG does threat intelligence differently. Listen here.
- Defender’s Advantage: Signals of trouble: Dan Black, principal analyst, GTIG, joins host Luke McNamara to discuss the research into Russia-aligned threat actors seeking to compromise Signal Messenger. Listen here.
To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in February with more security-related updates from Google Cloud.
