By Ian Pratt, Global Head of Security for Personal Systems at HP Inc.
The potential introduction of quantum computers capable of breaking asymmetric cryptography will put the entire digital world at risk and is becoming increasingly plausible every day. This is why today, at our Annual Partner Conference 2024, HP has announced the world’s first business PCs to protect firmware against quantum computer attacks 1.
With our upgraded Endpoint Security Controller (ESC) chip built into select PCs 2, we’re able to offer customers our most advanced security that ensures the manageability and protection of sensitive and regulated data. This protection will become progressively important as the spectre of quantum computer attacks creeps closer every year.
The quantum computing cryptographic conundrum
Research shows that 27% of experts think there is a 50% likelihood of a cryptographically relevant quantum computer (CRQC) by 2033. When that day comes, the security of existing digital signatures on firmware and software will be in question and digital trust will dissolve. (Read more on Anticipating the Quantum threat to Cryptography here).
But migrating our entire digital world to a new cryptographic standard is a huge undertaking. And while software can be updated, hardware can’t. And that includes some of the cryptography that protects PC firmware. With no cryptographic protections in place, no device would be safe – attackers could access and modify the underlying firmware and gain total control.
Momentum is growing to head off these threats. For example, the Dutch government guidance in the Post-Quantum Cryptography (PQC) migration handbook identifies Critical Infrastructure Providers 3 as urgent adopters who can’t wait much longer to start working on migration to PQC.
In the US, the Government has outlined specific recommendations around migrating to quantum-resistant cryptographic algorithms for firmware signing, recommending quantum-resistant cryptography be used from 2025, and be required from 2030, for sensitive systems.
Futureproofing your fleet
By embedding protection against quantum computer hacks at the chip level, HP is today setting a new standard in hardware and firmware security with our 5th generation ESC chip. By isolating the chip from the processor and OS, the ESC provides a hardware platform that reduces the risk of data breaches and improves productivity by preventing downtime.
With typical PC refresh cycles now every 3 to 5 years, and with the wider trend towards extending the life of hardware to improve sustainability, the migration to post-quantum cryptography must start now. With our 2024 ESC upgrade, the hardware will be in place to protect PC firmware integrity with Quantum-Resistant Cryptography, providing a secure foundation ahead of upgrades to software implementations of cryptography on PCs in future.
While HP is introducing this new protection for PC firmware integrity, we recommend customers start to assess how and when to start migrating all other aspects of their information systems to quantum-resistant cryptography. At HP, we are recommending three steps to begin planning:
-
Identify your highest priority use cases.
-
Talk to your technology providers to understand vendor plans for migrating to quantum-resistant protections across the products and solutions you use.
-
Ensure you have a plan to protect against the quantum threat in the timescale you need.
For further information on our 5th generation ESC chip availability see HP ESC Platform Availability Matrix
1 Based on HP’s internal analysis of business PCs with preinstalled encryption, authentication, malware protection, BIOS-level protection and passing MIL-STD testing, finding that no other in-class PC implements a quantum-resistant cryptographic scheme to protect the integrity of UEFI BIOS firmware as of March, 2024.
2 Requires Windows 10 or higher. For supported HP PCs with the latest HP Endpoint Security Controller. See https://h20195.www2.hp.com/v2/GetDocument.aspx?docname=4AA8-3644ENW.
3 The Dutch government lists critical infrastructure providers such as water, electricity, transport, healthcare, communications companies