CISA Recommends Early Preparation for Transition to Quantum-Secure Cryptography Standards

The Cybersecurity and Infrastructure Security Agency has urged public and private technology entities to include system protection in their exploration into the applicability of quantum computing to their respective contexts.

In the agency’s latest insight document, CISA warned that current cryptography standards could not secure communication, sensitive information and business transactions from future quantum decryption algorithms.

The agency recommended collaboration between public and private organizations to help form a new post-quantum cryptographic standard and defend against potential threats, FCW reported Friday.

According to CISA, the Department of Homeland Security and the National Institute of Standards and Technology created a post-quantum cryptography road map, which identified 55 national critical functions and the security risks posed by quantum computing on each NCF. The cybersecurity agency encouraged asset owners and operators to follow the guidance to support their preparations for a smooth transition to the quantum-resistant cryptographic standard.

Earlier in July, NIST announced four algorithms that could withstand hacking using quantum computers, namely Crystals-Kyber, Crystals-Dilithium, Falcon and SPHINCS+. The agency is looking to add more encryption tools to the list, but while waiting for more post-quantum algorithms, CISA suggested using symmetric key cryptography to mitigate the threats. “Experts currently believe that quantum computers are less likely to impact symmetric key cryptography in which the sender and receiver use the same key to protect data,” the document stated.

NIST is expected to release formal post-quantum cryptographic standards in 2024. Dustin Moody, a mathematician with NIST, urged organizations to start planning for the migration now since the required upgrade will need expensive, new specialized hardware and software updates to secure data on different networks.