Imminent quantum computing threats have prompted the U.S. Cybersecurity and Infrastructure Security Agency to urge critical infrastructure organizations to prepare for the upcoming post-quantum cryptographic standard, which is expected to be released by the National Institute of Standards and Technology in 2024, according to SecurityWeek.
Vulnerable critical infrastructure systems should be first identified in the NIST and Department of Homeland Security's Post-Quantum Cryptography Roadmap, said CISA, which has already determined the security weaknesses that should be resolved to facilitate a successful post-quantum cryptography migration after evaluating the 55 National Critical Functions. CISA noted that while several NCFs could support post-quantum cryptography transition across critical infrastructure, industrial control system migration to such standard would be a major challenge and should prompt organizations to better detail their planned action against quantum computing threats. "While quantum computing technology capable of breaking public key encryption algorithms in the current standards does not yet exist, government and critical infrastructure entitiesincluding both public and private organizationsmust work together to prepare for a new post-quantum cryptographic standard to defend against future threats," said CISA.
SiliconAngle reports that mounting cybersecurity threats against the hardware supply chain have prompted the Cybersecurity and Infrastructure Security Agency to unveil a new framework aimed at bolstering risk assessment and mitigation in the supply chain.
The Philippine Health Insurance Corporation, which manages the country's universal healthcare system, had its websites and portals disrupted by a Medusa ransomware attack last week, from which it is struggling to recover, reports The Record, a news site by cybersecurity firm Recorded Future.
Ukraine's Prosecutor General's Office and other departments involved in war crimes documentation have been facing mounting cyberattacks from Russian state-sponsored threat operations looking to obtain evidence regarding such crimes, which is a sharp contrast from the previous targeting of energy facilities, Reuters reports.