At its Annual Partner Conference 2024, HP announced the world’s first business PCs to protect firmware against quantum computer attacks.
This Issue
As highlighted by Global Risk Institute research, 27 per cent of experts think there is a 50 per cent likelihood of a cryptographically relevant quantum computer (CRQC) by 2033. HP says that “when that day comes, the security of existing digital signatures on firmware and software will be in question and digital trust will dissolve.”
If quantum computers reach a point where they can crack our current cryptographic protections, the implications for businesses, societies, and individuals could be profound and wide-ranging. For example, the consequences could include:
– Massive data breaches and privacy loss, compromising everything from financial records to private communications.
– The undermining of financial systems, enabling unauthorised access to financial accounts, manipulation of transactions, and theft of funds. This, in turn, could erode trust in digital banking and financial systems, leading to widespread economic instability.
– National security communications being exposed, thereby compromising state secrets, military operations, plus critical infrastructure, potentially altering the balance of power on a global scale.
– Disruption of digital trust systems like digital signatures and SSL certificates, which underpin the security of online communications and commerce, thereby disrupting e-commerce, undermining the integrity of digital contracts, and eroding trust in online services.
New Cryptographic Standard?
In response to these potential threats, the security community has been actively developing and standardising quantum-resistant cryptographic algorithms. These Post-Quantum Cryptography (PQC) algorithms aim to secure cryptographic systems against quantum attacks by relying on mathematical problems that are believed to be difficult for quantum computers to solve.
However, HP says that migrating our entire digital world to a new cryptographic standard is a huge undertaking and that while software can be updated, hardware can’t. This includes some of the cryptography that protects PC firmware. HP points out that “with no cryptographic protections in place, no device would be safe – attackers could access and modify the underlying firmware and gain total control.”
HP’s Answer
HP’s future-proofing answer is embedding protection against quantum computer hacks in PCs at the chip level via its 5th-generation ESC chip. By isolating the chip from the processor and OS, HP says the ESC provides a hardware platform that reduces the risk of data breaches and improves productivity by preventing downtime.
Start Now Says HP
HP points out that with typical PC refresh cycles now every 3 to 5 years (and with the wider trend towards extending the life of hardware to improve sustainability), the migration to post-quantum cryptography should ideally start now. HP says that with its 2024 ESC upgrade, the hardware will be in place to protect PC firmware-integrity with Quantum-Resistant Cryptography, thereby delivering a secure foundation ahead of upgrades to software implementations of cryptography within PCs in the future.
What Does This Mean For Your Business?
The potential of quantum computers being capable of breaking asymmetric cryptography is placing the entire digital world at an increasing risk. For UK businesses, this threat represents both a challenge and a call to action. Research suggests that the arrival of cryptographically relevant quantum computing is not a question of if, but when, with a significant number of experts anticipating its emergence by 2033. This reality necessitates a proactive approach to cybersecurity, particularly in safeguarding digital signatures on firmware and software that underpin the trust and integrity of our digital interactions and transactions.
Currently, the security community is responding by developing and standardising quantum-resistant cryptographic algorithms / Post-Quantum Cryptography (PQC) solutions. These could secure against both classical and quantum computing threats, thereby safeguarding digital assets and communications in the quantum era. However, as HP points out, transitioning our digital infrastructure to a new cryptographic standard is a potentially monumental task, complicated further by the limitations of hardware adaptation.
For UK businesses, this means that relying solely on software updates for future protection may be insufficient. Hardware (particularly PC firmware) that is less frequently updated and often overlooked in cybersecurity strategies, presents a critical vulnerability. This is why HP believes the introduction of the world’s first business PCs designed to protect firmware against quantum computer attacks is a significant development. HP’s idea of embedding protection at the chip level through its 5th generation ESC chip could offer businesses a solution that anticipates the quantum threat and addresses the challenges of hardware security at the same time.
HP also believes its approach of isolating the chip from the processor and operating system could create a more secure hardware platform. This idea may be particularly relevant for UK businesses, where the trend towards extending the lifecycle of hardware for sustainability purposes further exacerbates the vulnerability to future quantum attacks. With the threat apparently just a few years away, HP’s suggestion of starting the migration to quantum-resistant cryptographic solutions now, as part of the typical PC refresh cycle, sounds like it could be a sensible move for businesses.
In short, the message for UK businesses is that the threat of quantum computing to cybersecurity is real and approaching fast and preparing for this issue means adopting a holistic view of cybersecurity that includes both software and hardware considerations. Although HP’s new solution offers one potential answer to quantum threats, there will most likely be other innovative solutions offered by other companies in the near future and it will be a case of businesses choosing the one with the best fit for their individual needs and budget.
