CISA: Post-quantum cryptography prep crucial for critical infrastructure

Imminent quantum computing threats have prompted the U.S. Cybersecurity and Infrastructure Security Agency to urge critical infrastructure organizations to prepare for the upcoming post-quantum cryptographic standard, which is expected to be released by the National Institute of Standards and Technology in 2024, according to SecurityWeek. Vulnerable critical infrastructure systems should be first identified in the NIST and Department of Homeland Security's Post-Quantum Cryptography Roadmap, said CISA, which has already determined the security weaknesses that should be resolved to facilitate a successful post-quantum cryptography migration after evaluating the 55 National Critical Functions. CISA noted that while several NCFs could support post-quantum cryptography transition across critical infrastructure, industrial control system migration to such standard would be a major challenge and should prompt organizations to better detail their planned action against quantum computing threats. "While quantum computing technology capable of breaking public key encryption algorithms in the current standards does not yet exist, government and critical infrastructure entitiesincluding both public and private organizationsmust work together to prepare for a new post-quantum cryptographic standard to defend against future threats," said CISA.