The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new guide that outlines the actions critical infrastructure stakeholders should take now to prepare for their future migration to the post-quantum cryptographic standard that the National Institute of Standards and Technology (NIST) will publish in 2024.
In the guide, CISA says both the public and private sectors are pursuing the capabilities of quantum computing and its possibilities, but threats to the current cryptographic standards could also result.
Quantum computing technology currently is not capable of breaking public key encryption algorithms in current standards, but public and private organizations should work together to prepare for a new postquantum cryptographic standard to defend against those possible threats, the agency says.
CISA’s guide predicts that quantum computers will eventually be able to break public key cryptography and threaten the security of business transactions, secure communications, digital signatures and customer information.
The guide comes after Secretary of Homeland Security Alejandro N. Mayorkas in March 2021 outlined his vision for cybersecurity resilience, with the transition to post-quantum encryption a priority.
“Government and critical infrastructure organizations must take coordinated preparatory actions now to ensure a fluid migration to the new post-quantum cryptographic standard that the National Institute of Standards and Technology (NIST) will publish in 2024,” the agency says in the guide.
The algorithms that underpin current encryption standards rely on solving mathematical problems that classical computers cannot reasonably solve. Quantum computers—which are currently expensive and physically large—are likely to be developed by tech companies, research institutions and nation states for a variety of use cases.
However, sophisticated quantum computers in the hands of adversaries could threaten national security if organizations don’t prepare now for the new post-quantum cryptographic standard, the agency says.
CISA identified 55 national critical function (NCF) and analyzed how each of them could be vulnerable to quantum computing capabilities, the challenges they may face when migrating to post-quantum cryptography and which issues should be addressed first.
Read the advisory for more information.