Long lifecycles of existing IT systems: Systems in critical infrastructures are often in use for decades. The operation of these systems could become insecure as soon as powerful quantum computers become available.
Long-term encrypted data sets: Legally archived data (10+ years) could be compromised by quantum attacks if quantum-safe procedures are not introduced.
Insufficient preparation for quantum-safe standards: Although new, quantum-safe cryptography standards have been published (e.g. NIST standards), plans for migrating existing systems are lacking in many places.
Strategic risk analysis and inventory: Organisations should review the security requirements for data assets and systems that have a long service life and consider introducing quantum security procedures.
Promotion of quantum-safe technologies: When developing or procuring new software solutions, care should be taken to either directly utilise new, quantum-safe cryptography standards or use cryptographic algorithms that can be easily replaced by quantum-safe alternatives.
With these measures, Switzerland can secure its technological sovereignty and address the risks of quantum computing at an early stage.
Umberto Annino, Microsoft | Raphael Reischuk, Zühlke Engineering AG | Bernhard Tellenbach, armasuisse | Andreas Wespi, IBM Research
Endre Bangerter, BFH | Alain Beuchat, Banque Lombard Odier & Cie SA | Matthias Bossardt, KPMG | Dani Caduff, AWS | Adolf Doerig, Doerig & Partner | Stefan Frei, ETH Zurich | Roger Halbheer, Microsoft | Katja Dörlemann, Switch | Pascal Lamia, BACS | Martin Leuthold, Switch | Hannes Lubich, Board of Directors and Consultant | Luka Malisa, SIX Digital Exchange | Adrian Perrig, ETH Zurich | Ruedi Rytz, BACS | Riccardo Sibilia, DDPS | Daniel Walther, Swatch Group Services
