The U.S. Department of Homeland Security (DHS) and the U.S. National Institute of Standards and Technology released guidelines on the mitigation of risks related to the advancement of quantum computing technology. The guidelines aim to help organizations better protect their data and systems in the post-quantum cryptography era.
Quantum computing harnesses the properties of quantum mechanics for the improvement of computing power. While this technology encompasses great potential, it is not free of risks, especially since it may be capable of breaking some commonly used encryption methods.
The DHS’s roadmap includes seven main steps to be taken by organizations in preparation for the new post-quantum cryptography standard:
- Increasing engagement with standards developing organizations for developments relating to algorithm and dependent protocol changes.
- Conducting an inventory of the most sensitive and critical datasets that must be secured for an extended amount of time.
- Conducting an inventory of all the systems using cryptographic technologies.
- Identifying acquisition, cybersecurity, and data security standards that will require updating to reflect post-quantum requirements.
- Identifying where and for what purpose public-key cryptography is used in the inventory, and marking those systems as quantum vulnerable.
- Prioritizing systems for cryptographic transition, based on the organization’s functions, goals, and needs.
- Developing a plan for system transitions upon publication of the new post-quantum cryptographic standard, based on the inventory and prioritization information.
CLICK HERE to read the DHS’s Guidance on Post-Quantum Cryptography.