The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency on Wednesday established a new initiative to coalesce and drive efforts department-wide to prepare for a world when quantum computing threatens current encryption algorithms.
The Post-Quantum Cryptography Initiative comes a day after the Commerce Department’s National Institute of Standards and Technology (NIST) announced the first four quantum resistant cryptographic algorithms following a six-year effort to design and vet encryption methods that could resist an attack from a future quantum computer. NIST is working toward publishing a post-quantum cryptography standard in 2024.
NIST is considering four more algorithms to be included in the standard.
Last October, CISA and NIST published a seven-step roadmap to help organizations prepare to protect their information systems against the capabilities of future quantum computers that could be used to breach current security algorithms. The roadmap estimates a cryptographically relevant quantum computer will be potentially available in 2030.
CISA said that even though the NIST standard is still two years away, organizations should begin preparing their transitions to post-quantum cryptography.
The seven steps in the roadmap include engaging with standards organizations, inventorying critical data and cryptographic technologies identifying internal standards that will need to be updated as well as identifying where in their systems public key cryptography is being used and for what purpose, prioritize systems for replacement, and finally developing a plan for transitioning systems once the post-quantum cryptography standard is published.