Prioritize agility for post-quantum standards, say US officials

September 16, 2024
1 min read

TLDR:

Key Points:

  • The National Institute of Standards and Technology has released encryption standards to protect against future quantum attacks, leading to new work for government and industry.
  • Officials emphasize the importance of prioritizing high-value assets, working towards crypto-agile systems, and procuring compliant tools for post-quantum cryptography readiness.

In the wake of the National Institute of Standards and Technology’s release of encryption standards to protect against quantum attacks, federal officials emphasize the importance of taking action to implement post-quantum cryptography practices. These practices include prioritizing high-value assets, working towards the goal of “crypto-agile” systems, and procuring compliant tools. The process of migration to post-quantum standards is seen as a constant journey rather than a final destination.

Identification of cryptography standards in need of change is a crucial initial step in the implementation process. This requires a combination of manual and automated processes to locate vulnerable cryptography across networks and systems. Prioritization of cryptography changes based on risk is essential, as agencies and organizations may not be able to address all systems simultaneously. Implementing “crypto-agile” systems that allow for the flexibility to change out algorithms as needed is also critical for long-term security.

Additionally, industry plays a significant role in the post-quantum standards implementation process, as organizations will need to procure compliant products that adhere to federal government standards. Agencies are urged to refrain from purchasing systems that do not implement post-quantum standards, while industry is encouraged to develop and provide solutions that are post-quantum ready. While the implementation process may be complex and ongoing, the focus on prioritization, agility, and compliance remains key to achieving post-quantum cryptography readiness.

Latest from Blog

Top 20 Linux Admin Tools for 2024

TLDR: Top Linux Admin Tools in 2024 Key points: Linux admin tools streamline system configurations, performance monitoring, and security management. Popular Linux admin tools include Webmin, Puppet, Zabbix, Nagios, and Ansible. Summary

Bogus job tempts aerospace, energy workers

TLDR: A North Korean cyberespionage group is posing as job recruiters to target employees in aerospace and energy sectors. Mandiant reports that the group uses fake job descriptions stored in malicious archives