Challenges in the Transition towards a Quantum-safe Government

Abstract

The computation power of quantum computers introduces new security threats in Public Key Infrastructure (PKI), a system used by many governments to secure their digital public services and communication. This calls for an inevitable need for governments to be quantum-safe (QS) by modifying their PKI systems to be resistant to the attacks of quantum computers. However, there is limited academic literature on a QS PKI system, and in this limited literature, the transition challenges are perceived as exclusively technological. This paper aims to create a structured overview of challenges when transitioning to a QS PKI system. We do this by reviewing literature and classifying the challenges using Technology-Organization-Environment (TOE) framework and using an expert workshop to explore the challenges in the context of the PKI system in the Dutch government. The main challenges in the technological context include no universal QS solution, legacy system, complex PKI interoperability, and vulnerable Root CA. The main challenges in the organizational context include knowledge gap, unclear governance, lack of urgency, and in-house management support. Furthermore, the main challenges in the environmental context include institutional void, stakeholder collaboration, lack of awareness, and policy guidance. The results indicate that the QS transition from the current PKI system is complex, and the challenges are socio-Technical. For policy-makers, this implies that they should start early to prepare, whereas organizations are hardly aware of the process of QS transition and the topic of quantum computing is yet to develop the urgency in organizations.