DHS Issues Roadmap for Transition to Post-Quantum Cryptography

A growing concern among US government officials is the development of Cryptographically Relevant Quantum Computers (CRQCs): quantum computers capable of breaking current cryptography. Dustin Moody, a mathematician at the National Institute for Standards and Technology (NIST), warns that the possibility of a nation-state adversary using a quantum computer to access sensitive information is very real. Already, nation-state actors are stealing encrypted data to retroactively decrypt the data once a CRQC is available, an attack campaign known as ‘steal now decrypt later.’

Although it is unknown exactly when such a computer will become available, NIST treats quantum computing as a current threat. Since 2016, NIST has been developing new post-quantum cryptography (PQC) standards to protect against the quantum threat. The rapid adoption of these standards will be critical in ensuring our data security before CRQCs become operational.

US government agencies outside of NIST have also been preparing for the arrival of CRQCs. In particular, the Department of Homeland Security (DHS) is leading the way for a transition to the PQC plan. The DHS recently released a roadmap outlining a transition strategy that calls for government and commercial agencies to catalog their most sensitive information and prioritize upgrading their systems accordingly. Federal initiatives, such as the DHS roadmap, will help accelerate the adoption of PQC in both the commercial and government sectors.

Failure to adhere to the transition strategy promptly poses a significant security risk. Tim Mauer, the Senior Counselor for the Cybersecurity and Emerging Technology to the Secretary of Homeland Security, warns that it is too easy to ignore the task of transitioning to PQC until it is too late. A single technological breakthrough in quantum computing could drastically accelerate the arrival of a CRQC. Organizations need to be prepared for the transition to PQC well ahead of time. “If organizations aren’t thinking about the transition now,” says Maurer, “and then they become overwhelmed by the time the NIST process has been completed, and the sense of urgency is there, it increases the risk of accidental incidents … Rushing any such transition is never a good idea.” The roadmap provided by the DHS serves as helpful guidance for organizations to begin the transition to PQC before NIST finalizes its PQC standards in 2024. According to Vadim Lyubashevsky, a cryptographer at IBM, the risk is that organizations will rush this transition and implement the weakest solution put forth by NIST, thereby creating further cyber vulnerabilities in the future. This is precisely the situation that national security officials and DHS hope to avoid.

Innovative PQC companies, such as QuSecure, will play a vital role in the transition to PQC. Government and commercial require a practical cybersecurity solution that provides quantum resilience with minimal disruption to existing systems. QuSecure utilizes NIST-candidate post-quantum algorithms in an architecture that can be easily integrated with existing systems. Companies like QuSecure, along with government agencies like NIST and DHS, will help expedite this critical transition to post-quantum cryptography.

Reference Article: https://www.technologyreview.com/2021/11/03/1039171/hackers-quantum-computers-us-homeland-security-cryptography/

#technology, #cybersecurity, #cyberdefense #ciso, #quantumcomputing, #cyberattacks, #quantum, #cto, #cisos, #technologynews, #quantumtechnology, #quantumphysics, #cybersecuritythreats, #ctos, #quantumtechnologies, #cyberresiliency, #quantumtech, #quantumsecurity, #quantumcommunication, #quantumsoftware, #quantumiscoming