The Cybersecurity and Infrastructure Security Agency (CISA) released a new CISA Insight, Preparing Critical Infrastructure for Post-Quantum Cryptography, which provides critical infrastructure and government network owners and operators an overview of the potential impacts from quantum computing to National Critical Functions (NCFs) and the recommended actions they should take now to begin preparing for the transition.HLS.Today cisa_insight_post_quantum_cryptography_508
While quantum computing promises greater computing speed and power, it also poses new risks to critical infrastructure systems across the 55 NCFs. This CISA Insight incorporates findings from an assessment conducted on quantum vulnerabilities to the NCFs to understand the urgent vulnerabilities and NCFs that are most important to address first and the three NCF areas to prioritize for public-private engagement and collaboration.
“While post-quantum computing is expected to produce significant benefits, we must take action now to manage potential risks, including the ability to break public key encryption that U.S. networks rely on to secure sensitive information,” said Mona Harrington, acting Assistant Director National Risk Management Center, CISA. “Critical infrastructure and government leaders must be proactive and begin preparing for the transition to post-quantum cryptography now.”
In March 2021, Secretary of Homeland Security Alejandro N. Mayorkas outlined his vision for cybersecurity resilience and identified the transition to post-quantum encryption as a priority.
To ensure a smooth and efficient transition, CISA encourages all critical infrastructure owners to follow the Post-Quantum Cryptography Roadmap along with the guidance in this CISA Insight. The roadmap includes actionable steps organizations should take, such as conducting an inventory of their current cryptographic technologies, creating acquisition policies regarding post-quantum cryptography, and educating their organization’s workforce about the upcoming transition.
For more information about CISA’s efforts, visit CISA.gov/quantum.
What Is Quantum Computing and How Is It a Threat?
Quantum computers leverage the properties of quantum physics to derive computing capabilities that are different and, in some ways, far exceed those of classical computers. By leveraging quantum mechanics, quantum computers utilize qubits, or “quantum bits,” rather than binary bits, to achieve greater computing power and speed for specific scenarios—such as breaking current public key encryption.
The algorithms that underpin the current encryption standards rely on solving mathematical problems that classical computers cannot reasonably solve. Because of their expense and physical size, quantum computers that can break encryption algorithms are likely to first be developed for use by technology companies, research institutions, or nation-states. In the hands of adversaries, sophisticated quantum computers could threaten U.S. national security if we do not begin to prepare now for the new post-quantum cryptographic standard.
Recommended Actions for Leaders
Although NIST will not publish the new post-quantum cryptographic standard until 2024, CISA urges leaders to start preparing for the migration now by following the Post-Quantum Cryptography Roadmap. Do not wait until the quantum computers are in use by our adversaries to act. Early preparations will ensure a smooth migration to the post-quantum cryptography standard once it is available. Note: Organizations should wait until the official release to implement the new standard in a production environment.
Read more: CISA.GOV/Quantum