[TheRecord] DHS and NIST release post-quantum cryptography guidance

The Department of Homeland Security and the Department of Commerce’s National Institute of Standards and Technology on Monday released a guide designed to help organizations prepare for risks introduced by advancements in quantum computing.

Over the next decade or so, researchers believe that it will be possible to build a quantum computer—a machine that uses quantum properties to solve problems that would be extremely difficult or take incredible amounts of time for conventional computers to solve—that could render most of today’s encryption algorithms useless.

“If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use,” according to NIST, which is leading the federal effort to standardize one or more quantum-resistant public-key cryptographic algorithms. “This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere.”

The roadmap published Monday intends to make it easier for organizations to transition to the new post-quantum cryptography standard once it becomes available. The seven-step process emphasizes creating an inventory of encrypted systems, and prioritizing data that is most at risk. They include:

Organizations should direct their Chief Information Officers to increase their engagement with standards developing organizations for latest developments relating to necessary algorithm and dependent protocol changes.Organizations should inventory the most sensitive and critical datasets that must be secured for an extended amount of time. This information will inform future analysis by identifying what data may be at risk now and decrypted once a cryptographically relevant quantum computer is available.Organizations should conduct an inventory of all the systems using cryptographic technologies for any function to facilitate a smooth transition in the future.Cybersecurity officials within organizations should identify acquisition, cybersecurity, and data security standards that will require updating to reflect post-quantum requirements.From the inventory, organizations should identify where and for what purpose public key cryptography is being used and mark those systems as quantum vulnerable.Prioritizing one system over another for cryptographic transition is highly dependent on organization functions, goals, and needs. Using the inventory and prioritization information, organizations should develop a plan for systems transitions upon publication of the new post-quantum cryptographic standard. Cybersecurity officials should provide guidance for creating transition plans.

DHS Secretary Alejandro Mayorkas in March emphasized that the transition to post-quantum encryption would be one of the Department’s priorities, and issued internal guidance to drive DHS’s own preparedness. 

“Now is the time for organizations to assess and mitigate their related risk exposure,” Mayorkas said in a statement Monday. “As we continue responding to urgent cyber challenges, we must also stay ahead of the curve by focusing on strategic, long-term goals.  This new roadmap will help protect our critical infrastructure and increase cybersecurity resilience across the country.”

The post DHS and NIST release post-quantum cryptography guidance appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[TheRecord] US arrests 33 BEC scammers linked to Nigerian crime syndicate

The FBI has arrested 33 individuals across Texas for a series of cybercrime-related activities, including BEC and romance scams. The arrests, which took place last week, targeted individuals part of Black Axe, a transnational organized crime syndicate originating from Nigeria and operating across the globe. Eleven suspects were charged in the Northern District of Texas […]

Read More

[ZDNet] Apple just fixed a security flaw that allowed malware to take screenshots on Macs

All posts, ZDNet

Apple has rolled out a fix for a security issue that was being exploited to take screen shots of victims’ machines. Source: Read More (Latest topics for ZDNet in Security)

Read More

[ZDNet] NSWEC finds iVote system failure may have impacted three local election outcomes

All posts, ZDNet

Some people in NSW were unable to cast their local election vote due to the iVote system not issuing them with the necessary security credential before the close of voting on election day. Source: Read More (Latest topics for ZDNet in Security)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.