The Inner Circle

Ok, the kids in our discussion forum may need to consult their history books. I believe at some point in the future we are going to need a broad-based awareness campaign to upgrade technology, such as crypto, to quantum safe alternatives. I think the best historical analogy was the Y2K campaign to upgrade systems susceptible to the Millennium bug. While there was a lot of hype associated with Y2K, there no doubt was a need to raise awareness to fix critical systems.

CSA has obviously been doing quantum research for some time, but I think there is risk in starting a major PR push too early. Does anyone have opinions when we should start and what the quantum deadline should be? Year 2000 problem

Wikipedia		remove preview
Year 2000 problem The Year 2000 problem, also known as the Y2K problem, the Millennium bug, Y2K bug, the Y2K glitch, or Y2K, refers to events related to the formatting and storage of calendar data for dates beginning in the year 2000. View this on Wikipedia >

------------------------------
Jim Reavis CCSK
Cloud Security Alliance
Bellingham WA
------------------------------

Hi @Jim Reavis,

I hope you are doing well today!

I would say that, older or mentoring elderly person, should look back into their books as well... Quantum technology or quantum computation, is far away to be safe so far. We, actually, can't suggest a secure instance with Quantum mechanism simply because cryptocurrency or blockchain based sources (Nodes, Instances, etc) can be reverted, using the same technology, whatever is reverse engineering, or reverse quantum computational calculation. This is clearly possible as of right now, to do both. 

In my opinion, there is one word that I can recall, witch is Diversification. Removing barrier or limitation, will lead to Quantum Technology evolution combined with open-source PR, nothing less. 

As of today, the road as been chaotic, and still, it has remain the same, if not worst, during the current race to the Cloud and Big Data... 

To invest time and effort, on-boarding out-sourced, inclusive, exclusive, I would say that for example, giving away crypto, will clearly not work with the speculated digest. Empowering awareness, will or should work into another manner, witch is to invite people or user to be part of a project, and show to them how they are valuable. I mean, so many projects have goes into the trash, giving away free crypto! 

To me, Cloud Security Alliance, is a great example of user awareness, and starting point using their methodology. 

There is much work to be done I think, to be continued...

I wish you a great afternoon,
Best Regards

------------------------------
Armand Jr Brunelle
------------------------------

Original Message:
Sent: Oct 21, 2020 06:31:06 AM
From: Jim Reavis
Subject: Quantum Safe Security & Y2K

Ok, the kids in our discussion forum may need to consult their history books. I believe at some point in the future we are going to need a broad-based awareness campaign to upgrade technology, such as crypto, to quantum safe alternatives. I think the best historical analogy was the Y2K campaign to upgrade systems susceptible to the Millennium bug. While there was a lot of hype associated with Y2K, there no doubt was a need to raise awareness to fix critical systems.

CSA has obviously been doing quantum research for some time, but I think there is risk in starting a major PR push too early. Does anyone have opinions when we should start and what the quantum deadline should be? Year 2000 problem

Wikipedia		remove preview
Year 2000 problem The Year 2000 problem, also known as the Y2K problem, the Millennium bug, Y2K bug, the Y2K glitch, or Y2K, refers to events related to the formatting and storage of calendar data for dates beginning in the year 2000. View this on Wikipedia >

------------------------------
Jim Reavis CCSK
Cloud Security Alliance
Bellingham WA
------------------------------

I feel like a major PR push has to be linked to either having reasonably available solutions OR changes in standards that result in a requirement to adopt a quantum safe approach.    

The messaging around AES could be a decent historical reference as well.  Y2K is definitely interesting as with the volume of potential business disruption examples of resulting in broad awareness and a push for urgency.  The shift from DES to AES has a parallel in that it wasn't necessary to keep the lights on for services but was linked to address emergent risk; quantum safe approaches will likely see similar resistance to adoption for many of the same reasons.

------------------------------
Fred Budd
Vice President
Mastercard
------------------------------

Original Message:
Sent: Oct 21, 2020 06:31:06 AM
From: Jim Reavis
Subject: Quantum Safe Security & Y2K

Ok, the kids in our discussion forum may need to consult their history books. I believe at some point in the future we are going to need a broad-based awareness campaign to upgrade technology, such as crypto, to quantum safe alternatives. I think the best historical analogy was the Y2K campaign to upgrade systems susceptible to the Millennium bug. While there was a lot of hype associated with Y2K, there no doubt was a need to raise awareness to fix critical systems.

CSA has obviously been doing quantum research for some time, but I think there is risk in starting a major PR push too early. Does anyone have opinions when we should start and what the quantum deadline should be? Year 2000 problem

Wikipedia		remove preview
Year 2000 problem The Year 2000 problem, also known as the Y2K problem, the Millennium bug, Y2K bug, the Y2K glitch, or Y2K, refers to events related to the formatting and storage of calendar data for dates beginning in the year 2000. View this on Wikipedia >

------------------------------
Jim Reavis CCSK
Cloud Security Alliance
Bellingham WA
------------------------------

Hi @Fred Budd,

I hope you are doing good today!

I agree for this part or at least using quantum safe approaches for Y2K as of example can be structured and will pro-actively resolve many mistakes.

We just can't let quantum safe algorithm take over everything, but like you said, work in parallel, instead.

Have a great afternoon!

Best regards!​

------------------------------
Armand Jr Brunelle
------------------------------

Original Message:
Sent: Oct 22, 2020 08:43:07 AM
From: Fred Budd
Subject: Quantum Safe Security & Y2K

I feel like a major PR push has to be linked to either having reasonably available solutions OR changes in standards that result in a requirement to adopt a quantum safe approach.

The messaging around AES could be a decent historical reference as well.  Y2K is definitely interesting as with the volume of potential business disruption examples of resulting in broad awareness and a push for urgency.  The shift from DES to AES has a parallel in that it wasn't necessary to keep the lights on for services but was linked to address emergent risk; quantum safe approaches will likely see similar resistance to adoption for many of the same reasons.

------------------------------
Fred Budd
Vice President
Mastercard

Original Message:
Sent: Oct 21, 2020 06:31:06 AM
From: Jim Reavis
Subject: Quantum Safe Security & Y2K

Ok, the kids in our discussion forum may need to consult their history books. I believe at some point in the future we are going to need a broad-based awareness campaign to upgrade technology, such as crypto, to quantum safe alternatives. I think the best historical analogy was the Y2K campaign to upgrade systems susceptible to the Millennium bug. While there was a lot of hype associated with Y2K, there no doubt was a need to raise awareness to fix critical systems.

CSA has obviously been doing quantum research for some time, but I think there is risk in starting a major PR push too early. Does anyone have opinions when we should start and what the quantum deadline should be? Year 2000 problem

Wikipedia		remove preview
Year 2000 problem The Year 2000 problem, also known as the Y2K problem, the Millennium bug, Y2K bug, the Y2K glitch, or Y2K, refers to events related to the formatting and storage of calendar data for dates beginning in the year 2000. View this on Wikipedia >

------------------------------
Jim Reavis CCSK
Cloud Security Alliance
Bellingham WA
------------------------------

I agree with your perspective, an awareness campaign needs to have solutions or at least a decent call to action to be useful. The AES example could be more on point than Y2K, my thinking around using the Y2K example is that I believe we will need to go mainstream rather than staying within our industry. Maybe a hybrid of both.

Our Quantum Safe working group has done some excellent work over the years. At some point I am hoping some timeframes will come into focus so we can think about some proactive "big picture" actions.

https://cloudsecurityalliance.org/research/working-groups/quantum-safe-security/

------------------------------
Jim Reavis CCSK
Cloud Security Alliance
Bellingham WA
------------------------------

Original Message:
Sent: Oct 22, 2020 08:43:07 AM
From: Fred Budd
Subject: Quantum Safe Security & Y2K

I feel like a major PR push has to be linked to either having reasonably available solutions OR changes in standards that result in a requirement to adopt a quantum safe approach.

The messaging around AES could be a decent historical reference as well.  Y2K is definitely interesting as with the volume of potential business disruption examples of resulting in broad awareness and a push for urgency.  The shift from DES to AES has a parallel in that it wasn't necessary to keep the lights on for services but was linked to address emergent risk; quantum safe approaches will likely see similar resistance to adoption for many of the same reasons.

------------------------------
Fred Budd
Vice President
Mastercard

Original Message:
Sent: Oct 21, 2020 06:31:06 AM
From: Jim Reavis
Subject: Quantum Safe Security & Y2K

Ok, the kids in our discussion forum may need to consult their history books. I believe at some point in the future we are going to need a broad-based awareness campaign to upgrade technology, such as crypto, to quantum safe alternatives. I think the best historical analogy was the Y2K campaign to upgrade systems susceptible to the Millennium bug. While there was a lot of hype associated with Y2K, there no doubt was a need to raise awareness to fix critical systems.

CSA has obviously been doing quantum research for some time, but I think there is risk in starting a major PR push too early. Does anyone have opinions when we should start and what the quantum deadline should be? Year 2000 problem

Wikipedia		remove preview
Year 2000 problem The Year 2000 problem, also known as the Y2K problem, the Millennium bug, Y2K bug, the Y2K glitch, or Y2K, refers to events related to the formatting and storage of calendar data for dates beginning in the year 2000. View this on Wikipedia >

------------------------------
Jim Reavis CCSK
Cloud Security Alliance
Bellingham WA
------------------------------