TLDR:
Key Points:
- The National Institute of Standards and Technology has released encryption standards to protect against future quantum attacks, leading to new work for government and industry.
- Officials emphasize the importance of prioritizing high-value assets, working towards crypto-agile systems, and procuring compliant tools for post-quantum cryptography readiness.
In the wake of the National Institute of Standards and Technology’s release of encryption standards to protect against quantum attacks, federal officials emphasize the importance of taking action to implement post-quantum cryptography practices. These practices include prioritizing high-value assets, working towards the goal of “crypto-agile” systems, and procuring compliant tools. The process of migration to post-quantum standards is seen as a constant journey rather than a final destination.
Identification of cryptography standards in need of change is a crucial initial step in the implementation process. This requires a combination of manual and automated processes to locate vulnerable cryptography across networks and systems. Prioritization of cryptography changes based on risk is essential, as agencies and organizations may not be able to address all systems simultaneously. Implementing “crypto-agile” systems that allow for the flexibility to change out algorithms as needed is also critical for long-term security.
Additionally, industry plays a significant role in the post-quantum standards implementation process, as organizations will need to procure compliant products that adhere to federal government standards. Agencies are urged to refrain from purchasing systems that do not implement post-quantum standards, while industry is encouraged to develop and provide solutions that are post-quantum ready. While the implementation process may be complex and ongoing, the focus on prioritization, agility, and compliance remains key to achieving post-quantum cryptography readiness.