CISA Releases Guidelines to Aid Companies Transition to Post-quantum Cryptography

  • The Cybersecurity and Infrastructure Security Agency (CISA) has released an Insight document named ‘Preparing Critical Infrastructure for Post-Quantum Cryptography.’

    The resource aims to provide an overview of the potential impacts of quantum computing on National Critical Functions (NCFs), alongside recommended actions critical infrastructure and government network owners and operators should take to prepare for the transition.

    “While post-quantum computing is expected to produce significant benefits, we must take action now to manage potential risks, including the ability to break public key encryption that U.S. networks rely on to secure sensitive information,” explained Mona Harrington, acting assistant director of national risk management center at CISA.

    The CISA Insight is reportedly based on findings from an assessment conducted on quantum vulnerabilities to the NCFs. That research was, in turn, aimed to understand the urgent vulnerabilities and NCFs that are most crucial to address first and the three NCF areas to prioritize for both public-private engagement and collaboration.

    Building on those findings, CISA is now encouraging all critical infrastructure owners to follow the Post-Quantum Cryptography Roadmap, together with the guidance in the latest CISA Insight.

    The Roadmap includes actionable steps organizations should take, including conducting an inventory of current cryptographic technologies, creating acquisition policies regarding post-quantum cryptography, and educating their workforce about the upcoming transition.

    The CISA Insight builds upon the Roadmap and provides additional information about a series of topics connected to post-quantum cryptography, from basic definitions of the technology to why and how it can be a threat to existing computer systems.

    The document also includes a list of additional resources for critical infrastructure and government network decision-makers to learn more about post-quantum cryptography.

    “Critical infrastructure and government leaders must be proactive and begin preparing for the transition to post-quantum cryptography now,” Harrington concluded.

    The CISA Insight comes weeks after the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) selected the first-ever group of encryption tools that could potentially withstand the attack of a quantum computer.