[CDP-development] CISA - Prepare for a New Cryptographic Standard to Protect Against Future Quantum-Based Threats

Masse, Theresa theresa.masse at cisa.dhs.gov
Wed Jul 6 10:05:43 PDT 2022 

FYSA


[cid:image003.png at 01D8911F.F363FE60]

The National Institute of Standards and Technology (NIST) has announced that a new post-quantum cryptographic standard will replace current public-key cryptography, which is vulnerable to quantum-based attacks. Note: the term "post-quantum cryptography" is often referred to as "quantum-resistant cryptography" and includes, "cryptographic algorithms or methods that are assessed not to be specifically vulnerable to attack by either a CRQC [cryptanalytically relevant quantum computer] or classical computer." (See the National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems<https://www.whitehouse.gov/briefing-room/statements-releases/2022/05/04/national-security-memorandum-on-promoting-united-states-leadership-in-quantum-computing-while-mitigating-risks-to-vulnerable-cryptographic-systems/> for more information).

Although NIST will not publish the new post-quantum cryptographic standard for use by commercial products until 2024, CISA and NIST strongly recommend organizations start preparing for the transition now by following the Post-Quantum Cryptography Roadmap<https://www.dhs.gov/quantum>, which includes:

  *   Inventorying your organization's systems for applications that use public-key cryptography.
  *   Testing the new post-quantum cryptographic standard in a lab environment; however, organizations should wait until the official release to implement the new standard in a production environment.
  *   Creating a plan for transitioning your organization's systems to the new cryptographic standard that includes:
     *   Performing an interdependence analysis, which should reveal issues that may impact the order of systems transition;
     *   Decommissioning old technology that will become unsupported upon publication of the new standard; and
     *   Ensuring validation and testing of products that incorporate the new standard.
  *   Creating acquisition policies regarding post-quantum cryptography. This process should include:
     *   Setting new service levels for the transition.
     *   Surveying vendors to determine possible integration into your organization's roadmap and to identify needed foundational technologies.
  *   Alerting your organization's IT departments and vendors about the upcoming transition.
  *   Educating your organization's workforce about the upcoming transition and providing any applicable training.

For additional guidance and background, CISA and NIST strongly encourage users and administrators to review:

  *   NIST press release, NIST Announces First Four Quantum-Resistant Cryptographic Algorithms<https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms>.
  *   The NIST and Post-Quantum Cryptography<https://csrc.nist.gov/projects/post-quantum-cryptography>, Post-Quantum Cryptography Standardization<https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization>, and Migration to Post-Quantum Cryptography<https://www.nccoe.nist.gov/crypto-agility-considerations-migrating-post-quantum-cryptographic-algorithms> websites.

Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image002.png at 01D8911B.9E1B3F80]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220706/ec04a4af/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 16152 bytes
Desc: image002.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220706/ec04a4af/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 103791 bytes
Desc: image003.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220706/ec04a4af/attachment-0003.png>

More information about the CDP-development mailing list