HP Launches World’s First Business PCs to Protect Against Quantum Hacks – The Six Five On the Road

On this episode of the Six Five – On the Road, hosts Patrick Moorhead and Daniel Newman  are joined by HP’s Ian Pratt, Global Head of Security for Personal Systems. Ian will delve into HP’s groundbreaking announcement on the world’s first business PCs designed to safeguard firmware against quantum computer attacks, a significant step in cybersecurity. The conversation also explores the quantum threat to cryptography and the urgency for organizations to devise countermeasures.

The discussion covers:

  • Understanding the quantum threat to cryptography.
  • Identifying industries at high risk from quantum computing hacks.
  • Strategies for organizations to commence preparations against future quantum threats.

Learn more at HP.

Watch the video above, and be sure to subscribe to our YouTube channel, so you never miss an episode.

Transcript

Patrick Moorhead: The Six Five is on the road at HP Amplify 2024 here in Las Vegas. It’s been an incredible event so far. It’s really the combination of hybrid work and all the awesome things that AI can bring to the table.

Daniel Newman: A and I.

Patrick Moorhead: A and I. I know, I coined a new phrase and then sprinkling services on top and all around it. Dan, it’s been good.

Daniel Newman: Yeah, it has been good. And there is a lot of focus right now on AI. There’s a lot of focus on the device and the PC. There’s a lot of focus on hybrid and new work trends shaping how people will function and be productive in a hybrid era, Pat. And of course, with all these things happening at the same time, there should be a big focus on security.

Patrick Moorhead: That’s right. And it’s interesting, Dan, both of us have quantum swim lanes, advisory swim lanes.

Daniel Newman: We do.

Patrick Moorhead: And one of the trends that we’ve seen, we’ve only seen in the data centers this notion of having a quantum safe security in the Cloud and on-prem the data center. But we’re here to talk about quantum safety related to PCs. And we have here Ian Pratt who runs security for personal systems. Ian, welcome to the Six Five. First time on the show.

Ian Pratt: Yeah, pleasure to be here. Thanks.

Daniel Newman: Yeah, you heard the preamble. We’re busy talking about AI and all this exponential productivity, and all this exponential productivity, and app use, and mobile devices, and AI PCs. You must be as a security person looking at this and going, “Oh, boy. Oh, gosh.”

Ian Pratt: Yep. No, we’re in for some exciting times. That’s for sure. With AI, really, you’re bringing so much more personal data to PC endpoints and the protection, the privacy that we need to provide for them. I think it’s going to be an increasing problem, and we’re already seeing that with the stampede that companies are having to adopt AI, all of the new vulnerabilities that that is creating. It’s certainly an exciting time to be alive in security, that’s for sure.

Patrick Moorhead: Yeah, it is. You announced today what was called a World’s First Congratulations. I may have spilled the beans in the intro, but can you talk a little bit about what quantum and computer hacks and how you’re using firmware to protect that in the future?

Ian Pratt: Yeah, we announced what is the fifth generation of our security controllership, which is some custom silicon that we create, that we build into all of our commercial PCs. And that custom silicon has a number of functions. It’s powered on even when the machine appears to be powered off, watching over the security of the platform. And one of the key things it does is it makes sure that when you press the power button, when the machine boots up, that it’s actually booting firmware which is legitimate, that it hasn’t been tampered with because firmware is absolutely fundamental to the security of the whole platform.

Patrick Moorhead: Sure.

Ian Pratt: If that’s compromised, then all bets are off. You can’t trust anything at that point. And it’s critical that we make sure that it is running legitimate firmware, that it hasn’t been tampered with. And the key thing that we announced today is that this fifth generation security controllership, it is ready for some time in the future when quantum computers are created, which can break the cryptography that we all rely on today that really protects everything, digital signatures, HTTPS and secure transactions all rely on this public key cryptography, which can be broken if somebody creates a quantum computer.

Organizations are now beginning to start thinking how they protect themselves against that coming future. For our PCs, for protecting our firmware, we have built that capability into our custom silicon to use algorithms which are actually resistant to attacks from quantum computers. Folks using our machines, that’ll be one less thing they have to worry about. And it’s a very fundamental thing in the stack.

Daniel Newman: Quantum is still pretty much in its infancy in many ways, especially as it pertains to commercialization. Having said that, you’re sitting here saying quantum machines could be the enabler to create a lot of risk, a lot of hacks, and you’re addressing it very early. Speak a little bit about what the quantum threat is, just because I don’t think most people even understand quantum and maybe just a little background would help.

Ian Pratt: Sure. There are a lot of different groups across the world trying to build quantum computers, and we can build small ones. They’re really just toys, but it’s a combination of physics and engineering to scale that up. And these quantum computers work in a very different way from the computers we have today. They are good for a particular set of algorithms for particular tasks. You’re not going to run Microsoft Word on a quantum computer, but one of the things which it does enable is something called Shor’s algorithm, which you can use to factor prime numbers.

Take a very large number and figure out what two things were multiplied together to make it. Now, the fact that that is difficult is something which underpins all of the cryptography we rely on today. And if someone manages to build one of these quantum computers and can factor these large prime numbers, they can break all of the cryptography that we use today when we’re accessing a website or for verifying digital signatures. At that point you can trust nothing. You need a pretty big quantum computer to be able to do that where no one’s close to having one today. But if you project out, it’s quite likely that someone is going to create one in the not too distant future. And we have to start preparing for that eventuality that everything we rely on today is going to have to change.

Patrick Moorhead: In characterizing the threat, is this a critical infrastructure, energy, education, finance, military, telecommunications, or is it broader than that?

Ian Pratt: Well, we all rely on the same cryptography. Whenever you visit a website, you are relying on it. But if you think about who creates one of these quantum computers, what are they going to use it for first?

Patrick Moorhead: Where the money is.

Ian Pratt: And it’s going to probably be a nation state that creates it. And they’re probably going to be looking to use it to embed themselves in critical infrastructure to decode secrets of government communication, et cetera. Those are certainly the places where they’re going to have to worry about it first. But ultimately all of the encryption we use is going to have to move to quantum resistant varieties because once one of these computers exist, I don’t suppose there’s only going to be one of them for long. We’re going to see others and then eventually we might even see criminal organizations getting access to them. And we have to have migrated off the cryptography we use today ahead of them.

Daniel Newman: There’s a real cat and mouse game. Every new technology.

Patrick Moorhead: What’s it called, spy versus spy type of thing.

Daniel Newman: We don’t want to pick on cats or mice, but every new technology that comes out, it’s an opportunity to harden. And then at the same time, the black hats and the nation states figure out how to use that same technology for more mischief and to create more chaos. And I guess that leaves us with a very logical question, Ian, which is how do you, in your role and as HP recommend to your companies and to your partners to prepare with all this that’s going on specific to the announcement today, but maybe more broadly too, against bigger cyber threats?

Ian Pratt: Yeah. Well, we already see that it’s something that governments are beginning to worry about and beginning to start talking about putting purchasing rules in place to favor buying systems, which are using quantum resistant cryptography. At least for critical infrastructure that may be in place in the US as soon as 2025. But as I go around talking to folks at Global 2000 companies, many of them now do have an individual identified in that organization that’s responsible for managing their transition to quantum resistant cryptography. And it is something which organizations are beginning to start paying serious attention to. Obviously it’s looking at how they use cryptography themselves, but also looking at all of the systems and infrastructure they rely on and then working with their vendors to make sure that that is quantum resistant in time.

And I think in particular, when you are talking about systems which are very difficult or perhaps impossible to upgrade quickly like for things which are just software, we can just download a software patch and move to a new cryptography scheme. But for things like PCs where that verification has to be done in hardware, you can’t patch silicon and you need to buy a machine that has got that quantum resistant crypto built into the silicon. And some of those PCs that people are buying this year, certainly in critical infrastructure, they’re going to be in use for many years to come as we need to take into account.

Daniel Newman: Yes. Well Ian, I want to thank you so much for joining us here on the Six Five. It’s been great having you. This is going to be a big topic, Pat. I do not think we’ve heard the last from Ian. Let’s bring you back soon.

Ian Pratt: Great. Well thanks. Good talking.

Daniel Newman: All right, everyone out there, hit that subscribe button. Join Patrick and I here for all of the episodes of Six Five at HP Amplify 2024 here in Las Vegas. But for this episode, it’s time for us to say goodbye. We’ll see you all later.

Other Categories