Government Agencies Recommend Preparing for Post-Quantum Cryptography

In a joint effort, the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Institute of Standards and Technology (NIST) have issued a warning regarding the potential vulnerability of sensitive information to cyber threats. They emphasize that cyber actors could exploit future quantum computing advancements to breach traditional cryptographic algorithms, which poses a significant threat to long-term sensitive data security.

To address this concern, the agencies have released a collaborative Cybersecurity Information Sheet (CSI) titled “Quantum-Readiness: Migration to Post-Quantum Cryptography.” This guidance is aimed at entities such as the Department of Defense, National Security System (NSS) owners, and the Defense Industrial Base (DIB), offering strategies to proactively safeguard the confidentiality, integrity, and authenticity of sensitive information.

Rob Joyce, Director of NSA Cybersecurity, explained, “Post-quantum cryptography is about proactively developing and building capabilities to secure critical information and systems from being compromised through the use of quantum computers.” He emphasized the importance of initiating this journey today rather than waiting for the last minute, highlighting the necessity of a concerted and collaborative effort between government and industry to achieve a secured quantum computing era.

The CSI report presents recommendations to help organizations prepare for the future implementation of post-quantum cryptographic (PQC) standards. These standards, expected to be published by NIST in 2024, will guide the migration to quantum-resistant cryptographic methods. The report advises on establishing a quantum-readiness roadmap, engaging with technology vendors to discuss post-quantum strategies, conducting an inventory of cryptographic systems, and creating migration plans that prioritize the most sensitive assets.

Implementing the outlined steps in the CSI enables organizations to assess their reliance on cryptographic systems, ensuring compatibility with upcoming PQC standards. This proactive approach enhances an organization’s security posture and reduces the risk of malicious use of quantum computers.

CISA, NIST, and NSA strongly encourage organizations to begin preparations for post-quantum cryptography implementation by following the provided recommendations. This collective effort aims to protect sensitive data against potential future threats.