HP has launched what it says are the world's first enterprise-grade PCs designed specifically to protect firmware from quantum-based cyber attacks.
The manufacturer announced the launch of the new range of devices at its annual partner conference in Las Vegas.
Under the plans, select devices will be updated with HP's Endpoint Security Controller (ESC) chip, offering users the “most advanced security that ensures manageability and protection of sensitive and regulated data.”
This additional layer of protection and security works by isolating the chip from the processor and operating system, according to Ian Pratt, global head of personal systems security at HP.
HP said additional protection for these devices will be “progressively important” due to the expected increase in quantum computing attacks in the coming years.
“Research shows that 27% of experts believe there is a 50% chance that there will be a cryptographically relevant quantum computer (CRQC) by 2033. When that day comes, the security of existing digital signatures in the firmware and the Software will be in doubt and digital trust will decrease. dissolve,” Pratt said.
Pratt noted that while software can be updated for the era of quantum computing, hardware cannot, presenting companies with potential long-term challenges.
“That includes some of the cryptography that protects the PC firmware,” he added. “Without cryptographic protections, no device would be safe: attackers could access and modify the underlying firmware and gain full control.”
HP noted that the release of the new quantum mitigation features comes at a critical time for the device manufacturing industry, especially given the pace of quantum development and the added dynamics of device refresh cycles.
Since typical upgrade cycles now occur every three to five years, Pratt said “the migration to post-quantum cryptography must begin now.”
“With our 2024 ESC update, the hardware will be ready to protect the integrity of PC firmware with quantum-resistant cryptography, providing a secure foundation ahead of updates to cryptography software implementations on PCs in the future.”
HP's move comes amid growing concerns about quantum security
Concerns about potential security risks associated with quantum computing have grown in lockstep with the industry's growth.
The Dutch government has published guidance on the matter in the form of its Post-Quantum Cryptography (PQC) migration manual, which urges critical national infrastructure providers to begin efforts to migrate to PQC.
Similarly, the US government has outlined recommendations on migrating to quantum-resistant cryptographic algorithms for firmware signing.
This guidance recommended the use of quantum-resistant cryptography starting in 2025, with a mandatory requirement for these standards by 2030.
