The Department of Homeland Security (DHS) has teamed up with the Department of Commerce’s National Institute of Standards and Technology (NIST) to release a roadmap on the best way for organizations to navigate the transition to post-quantum cryptography.
The guide provides relevant stakeholders with achievable steps to reduce the risks related to the advancement of quantum computing technology.
“While quantum computing promises unprecedented speed and power in computing, it also poses new risks. As this technology advances over the next decade, it is expected to break some encryption methods that are widely used to protect customer data, complete business transactions, and secure communications,” said a DHS spokesperson.
“DHS’s new guidance will help organizations prepare for the transition to post-quantum cryptography by identifying, prioritizing, and protecting potentially vulnerable data, algorithms, protocols, and systems.”
Under the new roadmap, organizations are encouraged to follow a seven-step plan that will enable them to hit the ground running when NIST completes its ongoing process to create a new post-quantum cryptography standard.
Actions organizations “should consider” include taking stock of their current cryptographic systems and protected data and prioritizing systems for transition.
“Organizations should inventory the most sensitive and critical datasets that must be secured for an extended amount of time,” reads the guidance.
“This information will inform future analysis by identifying what data may be at risk now and decrypted once a cryptographically relevant quantum computer is available.”
Once the prioritization has been completed, organizations should develop a plan for systems transitions under the guidance of their cybersecurity officials.
The roadmap’s release follows US Secretary of Homeland Security Alejandro Mayorkas’ identification of the move to post-quantum encryption as a priority.
Speaking on March 31, 2021, Mayorkas said: “The transition to post-quantum encryption algorithms is as much dependent on the development of such algorithms as it is on their adoption. While the former is already ongoing, planning for the latter remains in its infancy.”
He added: “We must prepare for it now to protect the confidentiality of data that already exists today and remains sensitive in the future.”