The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has unveiled its new Post-Quantum Cryptography (PQC) Initiative, aiming to address the potential threats posed by the advancement of quantum computing and ensure the security of critical infrastructure and government networks. With quantum computing on the horizon, traditional encryption methods face increasing risks, necessitating the development and implementation of a new post-quantum cryptographic standard.
Recognizing the urgency of the situation, CISA’s PQC Initiative will collaborate with interagency partners and the industry to facilitate a smooth transition to post-quantum cryptography. By unifying efforts with the Department of Homeland Security (DHS) and the National Institute of Standards and Technology (NIST), CISA aims to support critical infrastructure and government network owners and operators in adapting to the upcoming challenges.
The initiative focuses on four critical areas:
Risk Assessment: CISA will assess the vulnerability of the 55 National Critical Functions (NCFs) that underpin critical infrastructure across the United States. By identifying areas where post-quantum cryptography transition work is already underway and determining the highest risks, CISA can prioritize federal support where it is most needed.
Planning: CISA will allocate resources and engage with owners and operators from both the public and private sectors to plan and coordinate efforts in preparing for the transition to post-quantum cryptography.
Policy and Standards: Working alongside partners, CISA will promote the adoption and implementation of policies, standards, and requirements to enhance the security of critical infrastructure, the Federal Civilian Executive Branch (FCEB), and state, local, tribal, and territorial (SLTT) entities.
Engagement and Awareness: CISA will engage stakeholders and encourage the development of mitigation plans, fostering the implementation of post-quantum cryptography standards across various sectors. Technical products will be developed to support these efforts.
As critical infrastructure heavily relies on digital communications for data transmission, securing this data is paramount. Encryption methods currently in use face risks as quantum computing advances. In a joint effort between CISA and NIST, the Post-Quantum Cryptography Roadmap has been developed to identify and inventory vulnerable critical infrastructure systems across the 55 NCFs.
In line with this roadmap, the RAND Corporation conducted an assessment, concluding that all 55 NCFs face risks from quantum computing. However, four NCFs were identified as particularly crucial for a successful migration due to their impact on other functions: providing internet-based content, information, and communication services; offering identity management and trust support services; delivering information technology products and services, and protecting sensitive information.
Stakeholders responsible for these National Critical Functions (NCFs) are strongly urged by CISA to engage in close collaboration with NIST, DHS, and other government agencies. This collaboration will ensure their preparedness not only for their own migration but also for supporting the migration of digital communications across other NCFs.
To gain further insight into the potential impacts on NCFs and recommended actions, stakeholders are encouraged to review CISA Insights: Preparing Critical Infrastructure for Post-Quantum Cryptography. As the quantum computing era approaches, the PQC Initiative aims to strengthen the resilience of critical infrastructure and safeguard vital data through the implementation of robust post-quantum cryptographic standards.
Be the first to comment