The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Institute of Standards and Technology (NIST) warned that cyber actors could target our nation’s most sensitive information and leverage future quantum computing technology to break traditional non-quantum-resistant cryptographic algorithms. This could be particularly devastating for sensitive information subject to long-term confidentiality requirements.
Gasket Cybersecurity Fact Sheet (CSI), “Quantum Readiness: Migration to Post-Quantum Cryptography” helps the Department of Defense, National Security System (NSS) owners, Defense Industrial Base (DIB), and others proactively protect the confidentiality, integrity, and authenticity of sensitive information.
“Post-quantum cryptography is about proactively developing and strengthening capabilities to protect critical information and systems from compromise through the use of quantum computers,” said Rob Joyce, director of cybersecurity at the NSA. “The transition to an era of secure quantum computing is a long-term, community-intensive effort that will require extensive collaboration between government and industry. The key is to make this trip today and not wait until the last minute.
The report contains recommendations for organizations to develop a quantum readiness roadmap and prepare for future implementation of Post-Quantum Cryptography (PQC) standards, which NIST plans to release in 2024, including steps to effectively prioritize migration efforts. Adopting these measures will strengthen an organization’s security against potential malicious use of quantum computers.
CISA, NIST, and NSA urge organizations to begin preparing for the implementation of post-quantum cryptography by doing the following:
- Establish a Quantum Readiness Roadmap
- Collaborate with technology providers to discuss post-quantum roadmaps.
- Conduct an inventory to identify and understand cryptographic systems and assets.
- Create migration plans that prioritize the most sensitive and critical assets.
By implementing the steps detailed in this CSI, organizations can effectively assess their reliance on cryptographic systems and assets, and prioritize their migration efforts to ensure compatibility with upcoming PQC standards and meet goals and deadlines of the National Security Memorandum (NSM) 10.
For additional FAQs on quantum computing and post-quantum cryptography, click here.
Read the full CSI here.
Visit our comprehensive library for more cybersecurity information and technical tips.
NSA Media Relations
MediaRelations@nsa.gov
443-634-0721
