As many know, the National Cybersecurity Center of Excellence (NCCoE) has been leading a consortium of public and private organizations to develop concrete guidance and recommendations for organizations to adopt post-quantum cryptography (PQC). As Y2Q draws nearer, it becomes increasingly important for organizations to gain clarity on how they will become quantum safe. “The key is to be on this journey today and not wait until the last minute,” urges Rob Joyce, Director of the National Security Agency (NSA) Cybersecurity.
Further, with NIST recently publishing long-awaited draft standards for several post quantum cryptographic algorithms, the case for beginning your migration has never been stronger —starting with a cryptographic inventory.
A cryptographic inventory is a critical enabler of PQC migration planning. It helps you identify cryptographic vulnerabilities and helps you prioritize the order in which to migrate your systems. “Quantum-readiness project teams should initiate proactive cryptographic discovery activities that identify the organization’s current reliance on quantum-vulnerable cryptography. Having an inventory of quantum-vulnerable systems and assets enables an organization to begin the quantum risk assessment processes, demonstrating the prioritization of migration,” according to the latest Quantum-Readiness Migration to Post-Quantum Cryptography fact sheet, developed by the Cybersecurity and Infrastructure Security Agency (CISA), NSA, and NIST.
I was happy to participate on a panel to discuss cryptographic discovery tools and risk analysis in the context of PQC migrations as part of the NCCoE’s Community of Interest Meeting, held on August 15, 2023. It was an excellent conversation discussing the complexities and interconnectedness of cryptographic discovery, highlighting the urgency, and making it clear that a successful PQC migration requires the effort of numerous stakeholders. The goal of the meeting was to “convene industry and government participants in the NCCoE PQC project to discuss challenges, strategies, and initial findings to ease migration from the current set of public-key cryptographic algorithms to replacement algorithms that are cryptographically relevant to quantum computer-based attacks.”
“Why should organizations invest resources into cryptographic discovery now, before the post-quantum algorithm standardization effort is finalized?” was one of the top questions of the day. Here are three reasons:
Classical Risks Aren’t Going Away
Let’s put the quantum threats aside for a moment. The fact is that there are cryptographic risks besides quantum risks. We know that organizations today are often using cryptography that is weak by today’s standards, if not outright obsolete. Classical risks exist today and will continue to exist even if a cryptographically relevant quantum computer (CRQC) never emerges. This is a strong argument for making cryptographic discovery a core part of any organization’s risk management strategy.
Beyond the cryptographic algorithms, you should also know what protocols you’re using, and what versions and configurations. It is entirely possible that an organization has a server somewhere that no one has touched in years that is still accepting TLS 1.0 or 1.1 connections. As a matter of general risk management, including meeting compliance obligations and protecting your data or your client’s data, cryptographic discovery is essential.
Cryptographic Inventories Enable Migration Planning
Until you have a cryptographic inventory in hand, you can’t effectively start planning a PQC migration. Knowing what algorithms you’re using, where, why, and how, makes it much easier to make your systems quantum safe.
Some organizations might not know what cryptography is running under the hood of one of their systems, but they know it is not quantum safe, and they are confident that they’ll eventually get a quantum-safe update from the vendor. Even in this situation, there are important questions you still need to ask:
A cryptographic inventory helps you answer these questions. After all, this is not purely a cryptographic problem; there are change management, risk management, and business continuity questions to consider. Moreover, an organization needs time to do proof-of-concept testing, understand the constraints and requirements of their environments, investigate what the appropriate solutions might be (e.g., not all PQC algorithms have equal performance characteristics). Maybe the organization discovers a need to implement a hybrid solution to mitigate harvest now, decrypt later attacks. These answers begin with an inventory.
Why start migration planning before the PQC standards are published? This boils down to your organization’s risk appetite. A PQC migration will be complicated, have a lot of moving parts, and require a lot of research, testing, and engagement with internal and external stakeholders. Meaning, it’s prudent for organizations to start as soon as possible.
A smart quantum-safe migration is one that is phased, iterative, and planned over a longer-term time horizon. By doing so, the net costs, errors, and risks can be minimized. If organizations wait until PQC standards are finalized, they’ll be playing catch-up.
Strategic Alignment with Other Change Roadmaps
A PQC migration is not likely the only technological change organizations will undergo. For example, we’ve been hearing more and more over recent years about the migration to Zero Trust. And for good reason. A Zero Trust migration, like a quantum safe migration, benefits from being phased and iterative. We see this reflected in the current guidance by CISA. A Zero Trust migration also requires a cryptographic inventory. Hence, there is great opportunity to strategically align different change roadmaps the organization might have, to save costs, resources, duplication of efforts, and headaches.