The Cybersecurity and Infrastructure Security Agency, the National Security Agency and the National Institute of Standards and Technology have recommended that organizations begin preparing for post-quantum cryptography migration by developing roadmaps for quantum readiness.
Organizations that handle sensitive information must plan their implementation of post-quantum cryptographic standards to be released by NIST in 2024 to boost their security against malicious use of quantum computers, the NSA said Monday.
An effective quantum-readiness roadmap must begin with an inventory of quantum-vulnerable systems and assets before starting the quantum risk assessment processes. During the inventory, organizations should engage with supply chain vendors to identify technologies that need to migrate to PQC.
The agencies also encourage organizations to create migration plans prioritizing the most sensitive and critical assets.
Technology manufacturers and vendors of products that support the use of quantum-vulnerable cryptography should begin reviewing the draft PQC standards to begin planning and testing for integration.
“The transition to a secured quantum computing era is a long-term intensive community effort that will require extensive collaboration between government and industry,” said Rob Joyce, director of cybersecurity at NSA and a two-time Wash100 awardee.