CISA, NSA and NIST Publish New Resource for Migrating to Post-Quantum Cryptography
Insider Brief
- Government agencies just released a factsheet today about the impacts of quantum capabilities.
- The agencies urge all organizations, especially those that support critical infrastructure, to begin early planning for migration to post-quantum cryptographic (PQC) standards.
- The key is developing quantum-readiness roadmap.
PRESS RELEASE — The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and National Institute of Standards and Technology (NIST) published a factsheet today about the impacts of quantum capabilities. The agencies urge all organizations, especially those that support critical infrastructure, to begin early planning for migration to post-quantum cryptographic (PQC) standards by developing their own quantum-readiness roadmap.
The first set of PQC standards to protect against future, potentially adversarial, cryptanalytically-relevant quantum computer capabilities are being developed by NIST and planned for release in 2024. Having a roadmap and inventory enables an organization to begin the quantum risk assessment processes and provides needed visibility of application and functional dependencies on public-key cryptography that exist within their operational environment.
The joint factsheet, “Quantum-Readiness: Migration to Post-Quantum Cryptography” provides necessary steps and guidance to help organizations establish their own quantum-readiness roadmap. The new resource will help organizations understand how to prepare a cryptographic inventory, engage with technology vendors, and assess their supply chain reliance on quantum-vulnerable cryptography in systems and assets.
“It is imperative for all organizations, especially critical infrastructure, to begin preparing now for migration to post-quantum cryptography,” said CISA Director Jen Easterly. “CISA will continue to work with our federal and industry partners to unify and drive efforts to address threats posed by quantum computing. Our collective aim is to ensure that public and private sector organizations have the resources and capabilities necessary to effectively prepare and manage this transition.”
“Post-quantum cryptography is about proactively developing and building capabilities to secure critical information and systems from being compromised through the use of quantum computers,” said Rob Joyce, Director of NSA Cybersecurity. “The transition to a secured quantum computing era is a long-term intensive community effort that will require extensive collaboration between government and industry. The key is to be on this journey today and not wait until the last minute.”
The factsheet also provides recommendations for technology vendors whose products support the use of quantum-vulnerable cryptography, including by reviewing the NIST-published draft PQC standards, ensuring products use post-quantum cryptographic algorithms, and preparing to quickly support forthcoming final NIST PQC standards.
For more information on CISA’s PQC efforts, visit Post-Quantum Cryptography Initiative; for NSA, visit Post-Quantum Cybersecurity Resources; for NIST, visit Post-Quantum Cryptography.