“The transition to post-quantum encryption algorithms is as much dependent on the development of such algorithms as it is on their adoption. While the former is already ongoing, planning for the latter remains in its infancy. We must prepare for it now to protect the confidentiality of data that already exists today and remains sensitive in the future.”
- U.S. Secretary of Homeland Security, Alejandro Mayorkas, March 31, 2021
The Department of Homeland Security (DHS), in partnership with the Department of Commerce’s National Institute of Standards and Technology (NIST), has released a roadmap to help organizations protect their data and systems and to reduce risks related to the advancement of quantum computing technology.
While quantum computing promises unprecedented speed and power in computing, it also poses new risks. As this technology advances over the next decade, it is expected to break some encryption methods that are widely used to protect customer data, complete business transactions, and secure communications. DHS’s new guidance will help organizations prepare for the transition to post-quantum cryptography by identifying, prioritizing, and protecting potentially vulnerable data, algorithms, protocols, and systems.
In March, Secretary Mayorkas outlined his vision for cybersecurity resilience and identified the transition to post-quantum encryption as a priority. DHS also issued internal policy guidance to drive the Department’s own preparedness efforts and is conducting a macro-level analysis to inform the government’s action and ensure a smooth and equitable transition.
Planning for the DHS Transition to Post-Quantum Cryptography
This work focuses on the development and implementation of Departmental guidance on the transition to post-quantum cryptography within DHS and its Components. This guidance directs the Department to prepare for transition to new post-quantum cryptography standards when available from NIST following the quantum roadmap. This guidance will result in an inventory of all DHS cryptographic systems and data types, broader understanding of the risk across the enterprise, and plans for the transition to post-quantum cryptography.
Cooperation with NIST on Tools to Help Organizations Manage the Transition
NIST and DHS, through a collaborative and innovative partnership, are working closely to produce helpful materials to raise awareness and provide guidance to federal, state, local, tribal, and territorial partners as well as critical infrastructure owners and operators and others in the private sector. These tools combined with targeted outreach will help our partners understand how to approach the problem and why action now is important and will help ensure a smooth transition to the new standard when available. A common approach to the problem will create efficiencies and close and ongoing relationships with our partners.
Risk- and Needs-Based Assessment of National Critical Functions
DHS’s Cybersecurity and Infrastructure Security Agency (CISA) is conducting a macro-level assessment of priority National Critical Functions to determine where post-quantum cryptography transition work is underway, where the greatest risk resides, and what sectors of National Critical Functions may require Federal support.
Together, these efforts reflect the prioritization of preparing for the transition to post-quantum cryptography, concrete actions to address the threat, and information sharing with the private sector as part of the plan Secretary Mayorkas announced on March 31.
In partnership with NIST, DHS created a guide to provide relevant stakeholders with concrete and achievable steps they can take now to prepare their organizations for the transition to post-quantum cryptography. As the NIST process to create a new post-quantum cryptography standard is underway, organizations should consider taking inventory of their current cryptographic systems, the data being protected, and prioritizing their systems for transition. Early preparations will ensure a smooth and efficient transition to the new post-quantum cryptography standard once available.
- Organizations should direct their Chief Information Officers to increase their engagement with standards developing organizations for latest developments relating to necessary algorithm and dependent protocol changes.
- Organizations should inventory the most sensitive and critical datasets that must be secured for an extended amount of time. This information will inform future analysis by identifying what data may be at risk now and decrypted once a cryptographically relevant quantum computer is available.
- Organizations should conduct an inventory of all the systems using cryptographic technologies for any function to facilitate a smooth transition in the future.
- Cybersecurity officials within organizations should identify acquisition, cybersecurity, and data security standards that will require updating to reflect post-quantum requirements.
- From the inventory, organizations should identify where and for what purpose public key cryptography is being used and mark those systems as quantum vulnerable.
- Prioritizing one system over another for cryptographic transition is highly dependent on organization functions, goals, and needs. To supplement prioritization efforts, organizations should consider the following factors when evaluating a quantum vulnerable system:
- Is the system a high value asset based on organizational requirements?
- What is the system protecting (e.g. key stores, passwords, root keys, signing keys, personally identifiable information, sensitive personally identifiable information)?
- What other systems does the system communicate with?
- To what extent does the system share information with federal entities?
- To what extent does the system share information with other entities outside of your organization?
- Does the system support a critical infrastructure sector?
- How long does the data need to be protected?
- Using the inventory and prioritization information, organizations should develop a plan for systems transitions upon publication of the new post-quantum cryptographic standard. Cybersecurity officials should provide guidance for creating transition plans.
DHS is proud to partner with NIST on its work to prepare itself and our partners for the transition to post-quantum cryptography. Together, DHS and NIST are applying their combined policy and technical expertise to conduct outreach to relevant stakeholders. This outreach is centered around the jointly developed a roadmap to help prepare for the transition to post-quantum cryptography guide [link]. As the US government’s leader on the establishment of a new post-quantum cryptography standard, NIST has done critical work and is on the cutting edge of cryptographic science. NIST has extensive resources that can help provide more technical background to the roadmap.
Quantum Information Science (QIS) is an interdisciplinary field that studies the impacts of quantum physics properties on information science. Those properties can increase computational power and speed significantly over classical computers, provide precision measurements; enhance sensing capabilities; and increase the accuracy of position, navigation, and timing services. Of these, the increase in computational capability is the most pressing issue as it threatens the security of asymmetric cryptography. A quantum computer of sufficient size and complexity will be capable of executing Shor’s Algorithm, a proven algorithm that can break factorization-based encryption that would take a classical computer billions of years of computing time to complete. This advance puts all systems running public key, or asymmetric, cryptography at risk. Experts disagree on the exact timing for the arrival of a quantum computer capable of running Shor’s Algorithm, but the threat to information protected by asymmetric cryptography exists now because an adversary can collect currently encrypted data and break it when quantum computation becomes available.
Asymmetric cryptography, or cryptography that uses public-private keys, will be decrypted by quantum computing and is ubiquitous throughout the Department; the remainder of the Federal government, State, local, tribal, and territorial governments (SLTT), and U.S. critical infrastructure. Examples of asymmetric cryptography include Rivest-Shamir-Adleman (RSA), Elliptical Curve Cryptography (ECC), and Diffie-Hellman. These cryptographic methods are in use for internet protocols with impacts to the security of the .gov domain. The National Institute for Standards and Technology (NIST) is working to establish a new post-quantum cryptography standard with an anticipated completion date sometime in 2024. The replacement of current cryptographic standards with new post-quantum standards presents significant technical challenges due to worldwide interconnectedness and established protocols. Although purchasing post-quantum encryption solutions available on the market today could prove tempting as a way to reduce quantum computing risks, doing so may create a more challenging transition to the NIST-approved standard in 2024 at significant cost. DHS will prioritize preparing for the challenge of post-quantum cryptography without purchasing or implementing any tools or solutions until the new standards are approved by NIST.
Current and future exchanges of information are threatened by the ability of a future quantum computer to break asymmetric cryptography. RSA and Diffie-Hellman are examples of asymmetric cryptography in use in the .gov space that will be broken in a post-quantum computing environment. The roadmap represents the combined position of NIST and DHS on early actions to prepare for post-quantum cryptography transition without unnecessary delays or resource expenditures.
QIS will remain an influencing aspect for the Department in the future across multiple mission spaces through the development of new cryptographic key distribution, advanced sensors, quantum position, navigation, and timing, and other opportunities for mission enhancement. The most near-term threat is that to asymmetric cryptography and one for which the Department must prepare.