Thank you.
I think a lot of large organizations are wary of adopting standards that haven't been stress tested. NIST is coming through with a recommendation for post-quantum cryptography. It's rumoured that this will be coming through in the next few weeks or perhaps months.
I think that should be layered on top of RSA because it should be sufficient.... You have to at least have a quantum computer to break RSA, but you should also layer in all of those. For the most secure critical infrastructure, we should have a one-time pad solution. A one-time pad solution means loading up a lot of preloaded keys and actually physically distributing them between the locations we want to secure communications between.
I know that very few organizations are thinking about this. QKD is the other one, but that's a bigger infrastructure play. I think it deserves investment because that's absolutely the future, but it's going to take time. We're not going to be able to deploy it quickly enough before we need to secure our communications.
As I said, the communications that are happening today are being stored to be opened tomorrow.