Preparing Critical Infrastructure for Post-Quantum Cryptography is the new Insight from the Cybersecurity and Infrastructure Security Agency (CISA), which gives critical infrastructure and government network owners and operators an overview of the potential effects of quantum computing on National Critical Functions (NCFs) and suggests steps they can take right away to start preparing for the change.
“While post-quantum computing is expected to produce significant benefits, we must take action now to manage potential risks, including the ability to break public key encryption that U.S. networks rely on to secure sensitive information,” says Mona Harrington, acting Assistant Director National Risk Management Centre, CISA. “Critical infrastructure and government leaders must be proactive and begin preparing for the transition to post-quantum cryptography now.
While quantum computing offers faster and more powerful computation, it also introduces new hazards to crucial infrastructure systems throughout the 55 NCFs. To identify the urgent vulnerabilities and NCFs that are most necessary to address first and the three NCF areas to prioritise for public-private involvement and collaboration, this CISA Insight includes findings from an assessment conducted on quantum vulnerabilities to the NCFs.
The switch to post-quantum encryption was cited as a priority by Secretary of Homeland Security Alejandro N. Mayorkas in his strategy for cybersecurity resilience in March 2021.
CISA advises all owners of critical infrastructure to adhere to the Post-Quantum Cryptography Roadmap and the recommendations in this CISA Insight to achieve a quick and effective transition. The roadmap outlines concrete actions that enterprises should take, such as inventorying their current cryptographic systems, developing post-quantum cryptography purchasing procedures, and preparing their employees for the impending transition.
Moreover, email, online banking, and online messaging, among other digital communications, rely on data encryption integrated into the devices and programmes used to transfer data. This encryption is based on mathematical functions that safeguard data in transit from tampering or spying.
The mathematical functions in public key encryption, also known as asymmetric encryption, rely on cryptographic keys to encrypt data and authenticate the sender and recipient. To safeguard data, public key encryption requires that each message employ two distinct but linked keys (one called a public key and the other a private key). The sender and receiver of data do not disclose their private keys, whereas public keys can be communicated without compromising cryptographic security.
The sender encodes the communication using their private key and supplies the recipient with their public key to decode it. The recipient will use the same technique to respond and will disclose their public key.
Since only two keys can decode a message, digital signatures enable a party to sign a message with their private key while verifiers use the sender’s public key to validate that the sender sent the message. All firms use public key cryptography routinely to send emails securely, validate digital signatures, secure sensitive data, and protect online user information.
When quantum computers achieve greater levels of computational power and speed, they will be able to break public key encryption, posing a danger to the security of corporate transactions, secure communications, digital signatures, and customer data.
Experts believe quantum computers will have less of an influence on symmetric key encryption, in which the sender and receiver use the same key to protect data. Rather than requiring quantum-resistant algorithms, symmetric key cryptography can alleviate the threat posed by quantum computing by adopting greater key sizes while maintaining the same level of security as it does now.