Quantum Readiness: Migration to Post-Quantum Cryptography

The cybersecurity landscape is evolving, and a quantum revolution is upon us.

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the National Institute of Standards and Technology (NIST) have outlined the impending need for organizations to transition to post-quantum cryptographic (PQC) standards in anticipation of cryptanalytically-relevant quantum computers (CRQC).

These powerful CRQC capabilities could potentially break public-key systems, the very foundation of information security today.

Why Prepare Now?

The transition to post-quantum cryptography is not a swift process; it requires meticulous planning and execution. Early preparation is vital as cyber threat actors could target data today that will still require protection in the future. The catch now, break later approach is a real threat. Many cryptographic products, protocols, and services relying on public key algorithms will need to be updated, replaced, or significantly altered to incorporate quantum-resistant PQC algorithms.

To ensure a smooth transition and reduce the risks posed by CRQC, organizations are strongly encouraged to:

1. Establish a Quantum-Readiness Roadmap: Begin by creating a project management team to plan your migration to PQC. Initiate cryptographic discovery activities to identify your current reliance on quantum-vulnerable cryptography. This includes systems and assets involved in creating and validating digital signatures. An inventory of quantum-vulnerable systems and assets is the foundation of your quantum risk assessment and migration prioritization.
2. Prepare a Cryptographic Inventory: A comprehensive inventory of quantum-vulnerable technology, along with data criticality assessments, is essential. It helps you become quantum-ready and paves the way for a transition to zero trust architecture. By identifying outside access to sensitive datasets and recognizing data that may be targeted and decrypted by CRQC, you’re proactively mitigating risks.
3. Discuss Post-Quantum Roadmaps with Technology Vendors: Engage with your technology vendors to learn about their quantum-readiness roadmaps, particularly regarding migration to PQC. A solid roadmap should outline timelines for testing PQC algorithms and their integration into products. Be sure to secure contracts and commitments for new products to be delivered with PQC built-in and older products to be upgraded.

Read the full article written by the CISA, NSA, and NIST below ⬇️