On September 7, the National Security Agency (NSA) released the Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) Cybersecurity Advisory (CSA) [1] to inform National Security System (NSS) owners, operators, and vendors of the requirements for deploying future quantum-resistant (QR) algorithms NSS.
It is important to note that the infamous Specific Intrusion Operations Office" (TAO), which was recently exposed to cyber attacks on Northwestern Polytechnical University, is affiliated with the NSA. investigations have revealed that TAO has conducted tens of thousands of malicious cyber attacks on domestic cyber targets in the country over the years, taking control of related network devices and suspected of stealing high-value data.
These actions indicate that the NSA is increasingly focusing on domestic U.S. cybersecurity as well as cyber intrusions into other countries.
Process approach for transitioning to CNSA 2.0 algorithm
This CNSA 2.0 includes the following components.
Algorithms for software and firmware signatures. The National Institute of Standards and Technology (NIST) standardized these algorithms some time ago, but the use of a different algorithm for this particular use case is new in CNSA 2.0.
Symmetric key algorithm. In this section, there is only one small change from CNSA 1.0 that allows for more flexibility.
Generic quantum-resistant public key algorithms. These are the main public key algorithms needed for most applications. Since they are not yet finished being standardized, this section is forward-looking.
Timing. The timing of the transition to CNSA 2.0 is discussed.
Enforcement. Summarizes the requirements associated with implementing the NSS algorithm requirements.
Additional Guidance. Provides useful links to the Internet Engineering Task Force Request for Comments (IETF RFC) used to implement CNSA 1.0.
Reference Tables. Provides two tables listing the CNSA 2.0 and CNSA 1.0 algorithms.
Timing of the transition to CNSA 2.0
Notably, this includes networks that contain classified information or are critical to military and intelligence activities.
Quantum computers (CRQC) associated with cryptanalysis will potentially disrupt the public key systems (sometimes referred to as asymmetric ciphers) in use today. Given the pursuit of quantum computing by other nations, now is the time to plan, prepare and budget for the transition to QR algorithms to ensure the continued protection of NSS and related assets as CRQC becomes an achievable reality.
"The shift to quantum-resistant technologies in our most critical systems will require collaboration among government, national security system owners and operators, and industry," said Rob Joyce, director of cybersecurity at the NSA [2], "We hope that sharing these requirements now will help when the implement them effectively when the time is right."
The NSA Director is the National Manager for NSS and therefore issues guidance for NSS.The algorithms in CNSA 2.0 are updates to those in the current suite of required commercial national security algorithms listed in CNSSP 15 Annex B (released in 2016) (now known as CNSA 1.0).The CNSA 2.0 algorithms have been analyzed for both classical and quantum computers, and they will eventually become necessary for the NSS.
The NSA's CNSA 2.0 algorithm selection is based on the recently announced quantum-resistant cryptographic standardization selection by the National Institute of Standards and Technology (NIST), but there is currently neither a final standard nor a FIPS-validated implementation.
On September 6, NIST [3] called for proposals for other digital signature schemes to be considered in the PQC standardization process: The quantum-resistant cipher (PQC) standardization process will continue into its fourth round, with the following key encapsulation mechanisms (KEMs) still under consideration: BIKE, Classic McEliece, HQC, and SIKE. however, there are no other digital signature candidates under consideration.
The NSA urges NSS owners and operators to be mindful of NIST's options and the future requirements outlined in CNSA 2.0, while CNSA 1.0 compliance is still required in the meantime. "We want people to be aware of these requirements in order to plan and budget for the anticipated transition, but we don't want to get ahead of the standard process," Joyce said of NSS owners and operators in following the requirements of CNSSP-11.
QR algorithms should not be deployed on mission networks until they have been reviewed by NIST and the National Information Assurance Partnership (NIAP). A transition period is expected, and NSA will be transparent about the NSS transition requirements.
Reference Links:
[1]https://media.defense.gov/2022/Sep/07/2003071834/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF
[2]https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/3148990/nsa-releases-future-quantum-resistant-qr-algorithm-requirements-for-national-se/
[3]https://www.nist.gov/news-events/news/2022/09/request-additional-digital-signature-schemes-post-quantum-cryptography?utm_source=miragenews&utm_medium=miragenews&utm_campaign=news
