CISA: Prepare for a New Cryptographic Standard to Protect Against Future Quantum-Based Threats
Prepare for a New Cryptographic Standard to Protect Against Future Quantum-Based Threats
The National Institute of Standards and Technology (NIST) has announced that a new post-quantum cryptographic standard will replace current public-key cryptography, which is vulnerable to quantum-based attacks. Note: the term “post-quantum cryptography” is often referred to as “quantum-resistant cryptography” and includes, “cryptographic algorithms or methods that are assessed not to be specifically vulnerable to attack by either a CRQC [cryptanalytically relevant quantum computer] or classical computer.” (See the National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems for more information).
Although NIST will not publish the new post-quantum cryptographic standard for use by commercial products until 2024, CISA and NIST strongly recommend organizations start preparing for the transition now by following the Post-Quantum Cryptography Roadmap, which includes:
- Inventorying your organization’s systems for applications that use public-key cryptography.
- Testing the new post-quantum cryptographic standard in a lab environment; however, organizations should wait until the official release to implement the new standard in a production environment.
- Creating a plan for transitioning your organization’s systems to the new cryptographic standard that includes:
- Performing an interdependence analysis, which should reveal issues that may impact the order of systems transition;
- Decommissioning old technology that will become unsupported upon publication of the new standard; and
- Ensuring validation and testing of products that incorporate the new standard.
- Creating acquisition policies regarding post-quantum cryptography. This process should include:
- Setting new service levels for the transition.
- Surveying vendors to determine possible integration into your organization’s roadmap and to identify needed foundational technologies.
- Alerting your organization’s IT departments and vendors about the upcoming transition.
- Educating your organization’s workforce about the upcoming transition and providing any applicable training.
For additional guidance and background, CISA and NIST strongly encourage users and administrators to review:
- NIST press release, NIST Announces First Four Quantum-Resistant Cryptographic Algorithms.
- The NIST and Post-Quantum Cryptography, Post-Quantum Cryptography Standardization, and Migration to Post-Quantum Cryptography websites.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.