White House National Security Memorandum on Improving Cybersecurity
Reference Article: https://www.forbes.com/sites/arthurherman/2022/01/21/the-biden-white-house-gets-quantum-right-at-last/?sh=6319d643598a
On Wednesday, January 19th, President Biden signed a National Security Memorandum on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems. This is the first time that any White House national security directive has mentioned quantum-resilient cryptography in the context of federal cybersecurity planning and is a monumental step in the right direction toward quantum cybersecurity.
A key provision in the memorandum states that federal agencies have 180 days to identify encryption instances, not in compliance with NSA-approved quantum resilient algorithms. While the importance of this memorandum cannot be stressed enough, there are critical components left out of the message that still needs to be addressed. Firstly, quantum cybersecurity needs to be an international effort – a single US ally that is not prepared for the quantum threat puts the US at risk. Secondly, the private sector must now take the initiative to update its encryption standards with the experience that the federal government has just outlined. There is no reason to wait for NIST to finalize its quantum-resilient algorithms; now, action needs to be taken to secure the private sector. Lastly, quantum-resilient cryptography solutions are available now, such as QuSecure, that can protect data and communications from current and quantum cyber threats. Organizations in the government and commercials sectors alike need to implement these solutions. NSM-8 is a landmark document and a long-overdue wake-up call to understand the quantum threat, but there is still much work to be done.
Rebecca Krauthamer, QuSecure Co-founder and Chief Product Officer (CPO), was quoted in the Journal of Cyber Policy.
“The executive order aims to standardize cybersecurity requirements for national security systems across all agencies to present a directed and unified front against emerging cyber threats, most notably the real threat quantum computers pose to today’s encryption standards.
In the past several years, quantum computing research and development has sparked serious international competition among countries vying to be the first to build a powerful quantum computer that would be able to, among its various excellent capabilities, devastate our cybersecurity infrastructure. Bringing systems into post-quantum cryptographic compliance cannot wait until the day a sufficiently powerful quantum computer comes online; it comes down to SNDL or steal-now-decrypt-later data harvesting schemes where data is stolen and shelved until the hacker has the computational power to decrypt it. Data often has a shelf life – think bank account information, social security numbers, and national security secrets – so data whose secrecy needs to outlive the next several years when a sufficiently powerful quantum computer is likely to come online needs to be encrypted in a post-quantum resilient way immediately. This executive order is a significant step in addressing this risk for the US.
The order will help drive updates to classified systems and should soon drive post-quantum cybersecurity standards and compliance in highly regulated sectors including finance, healthcare, commercial aerospace.”
#technology, #cybersecurity, #cyberdefense #ciso, #quantumcomputing, #cyberattacks, #quantum, #cto, #cisos, #technologynews, #quantumtechnology, #quantumphysics, #cybersecuritythreats, #ctos, #quantumtechnologies, #cyberresiliency, #quantumtech, #quantumsecurity, #quantumcommunication, #quantumsoftware, #quantumiscoming