(GovTech) Federal officials want federal officials want state and local governments to start planning for the future when quantum computing is strong enough to break traditional encryption methods.
DHS expects the transition to quantum-proof encryption will be a lengthy process, making it important for organizations to start early. No one knows when the hypothesized cryptography-defeating capabilities will come into being, but senior DHS officials told Government Technology that they aim to be ready in case they come as soon as 2030.
NIST has been working for several years to identify new encryption methods likely to withstand even this computational power. It issued a call for so-called “quantum-resistant” encryption algorithms in 2016 and has since been winnowing the submissions down to a handful of the most promising.
Releasing NIST’s algorithms is only half the battle. The other is ensuring they’re widely — and promptly — adopted.
DHS road maps and resources released this year are intended to help organizations of all types prepare for shifting over to the forthcoming quantum-resistant algorithms. One of the department’s priorities for early 2022 is to get more organizations engaged with those guides.
reDHS’s guidance urges organizations of all types to start assessing which of their systems and data sets will need to be updated to the new standard.
dentifying a transition plan early sets organizations up for prompter adoption once the new NIST standards become available. That will reduce how long — and how much — data remains vulnerable to quantum-equipped attackers. Those who wait and then scramble to upgrade systems also risk making mistakes that introduce vulnerabilities, writes Michaela Lee with the Harvard Kennedy School Belfer Center.
Concerns around ensuring a smooth shift to post-quantum algorithms are prompting some entities to not only map out their transition plans, but also start trying out new encryption algorithms now, without waiting to see which get the final seal of approval from NIST.
Once state and local governments know what needs to be updated, it may be up to the private sector to ensure they can make those changes. DHS officials said a core part of the effort relies on ensuring private software vendors incorporate the new encryption methods into their products, thus creating safer offerings for governments and other end users.
The DHS officials said they want to ensure that smaller and less mature players can migrate to quantum-resistant encryption alongside larger counterparts, without their limited resources holding them back. The federal government is currently analyzing the situation for potential equity gaps. Resolving such issues could mean having larger organizations take actions that improve the situation for smaller ones, an official said.