The past year will be remembered for major developments in two emerging technologies: AI and quantum computing. Generative AI was all over the headlines in 2024, appearing in new desktop and mobile products from Apple and other industry heavyweights, shaking up social media interactions, and transforming enterprise processes in every sector. Quantum computing made massive strides as well, with new chips reaching breakthrough performance.
These technologies offer big potential benefits, but they also introduce distinct security and identity challenges for device manufacturers and enterprise organizations. In a recent blog, DigiCert predicted the cybersecurity challenges and opportunities expected in the year ahead.
Post-quantum cryptography will come off the drawing board and into production
Quantum computing will change everything when it comes to digital trust. The same technology that’s capable of solving massive, data-intensive problems will also be capable of breaking the cryptography and public key infrastructures that we depend on.
The good news is that industry and government groups are taking aggressive steps to help enterprises strengthen their cryptography to prepare for new threats. The National Institute of Standards and Technology (NIST) has recently finalized a set of Post-Quantum Cryptography (PQC) standards designed to withstand quantum computing attacks. These new standards are poised to roll out as part of operational solutions.
The first steps of putting PQC into production are happening now, as the U.S. National Security Agency (NSA) prepares to announce post-quantum updates to it’s the Commercial National Security Algorithm Suite (CNSA). These new CNSA 2.0 algorithms will provide protection for critical national security systems (NSS) networks.
More manufacturers and enterprise organizations will rapidly deploy PQC algorithms, incorporating them into business processes, applications, hardware security modules (HSMs), and other devices. Crypto-agility, including certificate automation, will play an important role in deploying out these new algorithms at scale.
Global industry organizations are also making quantum-resistant cryptography a top priority. For example, the Quantum Safe Financial Forum, a consortium of financial institutions, has been organized to drive a coordinated approach to the transition to PQC in the financial sector. We’ll also see PQC evolve to become a regulatory standards imperative.
Content Provenance and Authenticity (C2PA) standard will become commonplace
To strengthen digital trust and confidence in the wake of new AI deepfakes and other challenges, DigiCert also predicts that content provenance standards will also rise to the forefront.
In an era where we can’t be sure of the authenticity of photographs, video, and other media, it’s more important than ever to be able to verify the source of content. The C2PA standard aims to do just that, utilizing a Content Credentials icon to identify authentic content.
Based on PKI, the C2PA standard produces a tamper-evident record that helps media consumers distinguish between real and fake content. If content is altered or edited, the content changes are recorded, which makes it easier to spot manipulated content such as AI deepfakes. Online images will soon carry the C2PA icon, making it easier for consumers and content creators to confirm the authenticity of content.
Change driven from the top
New standards will play a key role in helping organizations meet new challenges, but ultimately digital trust will need to be encouraged by the people within companies. In the coming year, Chief Trust Officers (CTrOs) will become more prevalent in organizations looking to make transparency and digital trust a top business imperative.
Organizations across every industry are digitally transforming the way they work and interact with customers. That means trust has become a key component in customer relationships and business processes. A CTrOs is responsible for making secure digital experiences, data privacy, and ethical use of AI a part of the company culture.
CTrOs help build and sustain trust with customers, regulatory organizations and business partners. They help ensure that their organizations not only comply with regulatory standards but also promote trust as a fundamental business value and asset. The importance of executives who understand the need to align security, technology, and transparency will only grow.
Proactive planning is key
We’re seeing new challenges from quantum computing and AI springing up fast, but it’s not too late for organizations to get out in front of the new challenges they bring. By taking a close look at how and where all cryptographic assets are used within your organization, you can better understand potential risks—and start taking steps to mitigate them.
About the Author
Tim Hollebeek, VP of Industry Standards at DigiCert Timothy Hollebeek has 20+ years of computer security experience, including eight years working on innovative security research funded by the Defense Advanced Research Projects Agency. He remains heavily involved as DigiCert’s primary representative in multiple industry standards bodies, including the CA/Browser Forum, striving for improved information security practices that work with real-world implementations. A mathematician by trade, Tim spends a lot of time considering security approaches to quantum computing. Tim can be reached at [email protected] and at our company website www.digicert.com
