Three major U.S. organizations jointly release Quantum Readiness the Migration to Post-Quantum Cryptography

On August 21, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the U.S. National Security Agency (NSA ), and the National Institute of Standards and Technology (NIST) jointly released the document - "Quantum-Readiness: Migration to Post-Quantum Cryptography" (hereafter referred to as "Migration") - which aims to inform organizations (particularly those supporting critical infrastructure) about the impact of quantum capabilities, through the development of a quantum readiness roadmap. Migration to Post-Quantum Cryptography" (hereafter referred to as "Migration"), which is intended to inform organizations, particularly those supporting critical infrastructure, of the impact of quantum capabilities, encourage early planning for migration to post-quantum cryptographic standards by developing a quantum readiness roadmap.

The Migration includes recommendations for establishing a quantum readiness roadmap, steps for preparing a useful cryptographic inventory, considerations for understanding and assessing the supply chain, how organizations should work with their technology vendors to discuss PQC, and the responsibilities of technology vendors.

Successful post-quantum crypto migrations take time to plan and implement, and CISA, the U.S. National Security Agency (NSA), and the U.S. National Institute of Standards and Technology (NIST) urge organizations to begin preparations now by creating a quantum-readiness roadmap, conducting inventories, applying risk assessments and analyses, and engaging vendors.

Early planning is necessary because cyberthreat actors may adopt a "capture now, decrypt later" mode of operation, targeting data today that will still need to be protected in the future (or, in other words, data with a longer confidentiality period).

Many of the encryption products in use today rely on public key algorithms such as Rivest-Shamir-Adleman [RSA], Elliptic Curve Diffie-Hellman [ECDH], and Elliptic Curve Digital Signature Algorithm [ECDSA], protocols and services will need to be updated, replaced, or significantly altered to incorporate quantum-resistant PQC algorithms to protect against future threats.

（Organizations are encouraged to proactively prepare for future migrations to products that employ post-quantum cryptographic standards. This includes engaging with vendors on their quantum readiness roadmaps and proactively implementing thoughtful, prudent measures within the organization to mitigate the risks posed by CRQC.

While the PQC standard is currently under development, the development agencies encourage organizations to develop a quantum readiness roadmap by first establishing a project management team to plan and scope the organization's migration to PQC. The quantum-ready project team should initiate a proactive cryptographic discovery campaign to determine the organization's current level of reliance on quantum-vulnerable cryptography. Systems and assets vulnerable to quantum cryptography include those involved in creating and verifying digital signatures, which also includes software and firmware updates. Armed with a list of quantum-vulnerable systems and assets, organizations can begin the quantum risk assessment process and demonstrate migration prioritization. Led by the organization's information technology (IT) and operational technology (OT) procurement specialists, the inventory should include engagement with supply chain vendors to identify technologies that need to be migrated from quantum-vulnerable cryptography to PQC.

Organizations are often unaware of the breadth of application and functional dependencies on public key cryptography that exist in products, applications, and services that are widely deployed in their operating environments, resulting in a lack of visibility. The project team should take the lead in creating such an inventory. The team should also include the organization's cybersecurity and privacy risk managers, who can prioritize the assets that are most affected by CRQC and that would put the organization at greater risk.

With a list of quantum vulnerable technologies and the criticality of the associated data, the organization can begin to plan a risk assessment process to prioritize the migration to PQC. This cryptographic list will:

- Help organizations become quantum-ready. In this state, CRQC poses no threat;

- Help organizations prepare for the transition to a zero-trust architecture;

- Help identify or correlate external access to datasets that are more exposed and at higher risk;

- Inform future analysis by identifying what data may be targeted now and decrypted when CRQC becomes available.

Organizations should create cryptographic inventories that provide visibility into how the organization is leveraging cryptography in IT and OT systems. Cryptographic discovery tools should be used to identify Quantum Fragile Algorithm algorithms in the following systems Algorithms:

- Network protocols for identifying quantum vulnerable algorithms in network protocols to enable traceability Assets on end-user systems and servers, including applications and associated libraries, both for application functionality as well as firmware and software updates;

- Encrypted code or dependencies in continuous integration/continuous delivery development pipelines.

(Note: Discovery tools may not be able to recognize embedded cryptography used within a product, thus preventing discovery or documentation. Organizations should require vendors to provide a list of embedded cryptography in their products.)

Organizations should include in their list when and where quantum-vulnerable cryptography is used to protect the most sensitive and critical data sets, and provide an estimate of the duration of protection for those data sets. Organizations should:

- Correlate encryption inventories with those provided by existing programs such as Asset Inventory, Identity, Credential and Access Management (ICAM), Identity and Access Management (IdAM), Endpoint Detection and Response (EDR), and Continuous Diagnostics and Mitigation (CDM);

- Understand which systems and protocols are being used to move or access their most sensitive and critical data sets;

- Identify quantum-vulnerable cryptography that can protect critical processes, especially critical infrastructure.

Organizations should incorporate the list of quantum vulnerabilities into their risk assessment process so that risk officers can prioritize where to ensure PQC is used when it becomes available.

CISA and the authoring agencies encourage organizations to begin engaging with technology vendors to understand the vendor's quantum readiness roadmap, including migration. A solid roadmap should describe how the vendor plans to migrate to PQC, laying out a timeline for testing PQC algorithms and integrating them into the product. This applies to both on-premise commercial off-the-shelf (COTS) and cloud-based products. Ideally, vendors will publish their own PQC roadmaps describing their commitment to implementing post-quantum cryptography. The authoring agencies also urge organizations to proactively plan for necessary changes to existing and future contracts. Consideration should be given to ensuring that PQC is built into new products as they are delivered, and into older products as they are upgraded, to meet the transition timeline.

Organizations should understand the extent to which their systems and assets rely on quantum-vulnerable cryptography and how vendors in the supply chain will migrate to PQC As noted above, understanding an organization's reliance on quantum-vulnerable cryptography requires discovering where quantum-vulnerable algorithms are being used in current IT and OT systems and devices (customized or COTS), as well as the organization's reliance on cloud-based services, ensuring that plans will minimize quantum risk and align with the organization's transition strategy.

Organizations should also begin asking their vendors how they will address quantum readiness and support the migration to PQC. Other Considerations:

- Priority should be given to high-impact systems, industrial control systems (ICS), and systems with long-term secrecy/classification needs.

- If organizations find quantum-vulnerable cryptography in their custom technologies, they should identify the risks to data or functions that rely on these technologies. Organizations can either migrate to PQC in these technologies or perform system security upgrades to reduce the risk of continued use of these technologies. Customized products, especially those in legacy systems, may require the greatest effort to achieve quantum resistance.

- For COTS products, it is critical to communicate with vendors about their PQC roadmaps. Migration to PQC should be viewed as an IT/OT modernization effort. An organization's quantum-ready roadmap should include details on when and how each COTS vendor plans to provide updates or upgrades to enable PQC, as well as the expected costs associated with migrating to PQC.

- For cloud-hosted offerings, organizations should work with their cloud service providers to understand the provider's quantum-ready roadmap. Once a PQC standard is available, the focus of the collaboration should shift to how PQC will be enabled, such as through configuration changes or application updates.

Technology manufacturers and vendors whose products support the use of quantum cryptography should begin planning and testing integrations.CISA, NSA, and NIST encourage vendors to review the draft PQC standard published by NIST (which contains algorithms) and understand that the final implementation details for these algorithms are not yet complete. Ensuring that products use post-quantum cryptographic algorithms is emblematic of design security principles. Suppliers should be prepared to support PQC as soon as NIST finalizes its standard.