The UK’s National Cyber Security Centre (NCSC) has published new guidelines which aim to help the country migrate to post-quantum cryptography (PQC), a cyber security safety standard aimed at preventing threats from future advances in quantum computing.

According to the Centre, the guidelines are “a mass technology change that will take a number of years,” with the aim to fully implement them by 2035.

The NCSC says the guidelines are “primarily aimed at technical decision-makers and risk owners of large organisations, operators of critical national infrastructure systems including industrial control systems, and companies that have bespoke IT.”

The need to upgrade and reform current cyber security standards and practices arises from the fact that, in the near future, large-scale, fault-tolerant quantum computers can undermine the cryptography that keeps information and operation networks secure.

Systems and networks

To avoid this risk, systems and networks need “to migrate to post-quantum cryptography (PQC); cryptography based on mathematical problems that quantum computers cannot solve efficiently,” the NCSC has said.

The Centre has also advised sectors to put in place an appropriate budget for migration to PQC, as the costs involved in the preparatory and the actual migration stage could be significant.

And in terms of timeframes for implementing the guidelines, the Centre expects governments, financial firms and other sectors to:

1. By 2028
   • Define migration goals.
   • Carry out a full discovery exercise (assessing your estate to understand which services and infrastructure that depend on cryptography need to be upgraded to PQC).
   • Build an initial plan for migration.
2. By 2031
   • Carry out early, highest-priority PQC migration activities.
   • Refine your plan so that you have a thorough roadmap for completing migration.
3. By 2035
   • Complete migration to PQC of all your systems, services and products.

Being ready

The subject of quantum computing, in which the qualities of sub-atomic particles can be used to solve current encryption method and access sensitive data, is still new to many.

However, in the background, there is a global race for supremacy in the sector, just as there is with other advanced technologies such as artificial intelligence.

Experts have already warned that the UK might be lagging behind global rivals in the quantum computing sector, pointing to a lack of government funding and support as a primary reason.

Last October, the UK government announced the opening of a the new National Quantum Computing Centre (NQCC), which it said “will be home to new quantum computers, designed to push the boundaries of what is possible with the technology.”

The facility, based at Harwell in Oxfordshire, will be home to 12 quantum computers, and “brings together businesses, academics, and government to unlock the full potential of quantum computing,” a government statement said.

The NQCC facility is available for use by anyone, and is not restricted to government only. But individuals or firms will need to provide and prove a valid use case.

According to science minister Lord Vallance, the NQCC will solve “solve some of the biggest challenges we face, whether it’s delivering advances in healthcare, enhancing energy efficiency, tackling climate change, or inventing new materials.”