A joint advisory on post-quantum readiness.
Dave Bittner: For the past few years, there have been warnings coming at a steadily increasing pace that organizations and, indeed we as a nation, need to prepare ourselves for the coming wave of quantum computing -- systems with the computational power to render modern encryption methods obsolete. CISA, NSA, and NIST jointly published a factsheet, titled "Quantum Readiness: Migration to Post-Quantum Cryptography." I'm joined today by experts from each of those organizations. Natasha Eastman is chief of CISA's Post-Quantum Cryptographic initiative. Troy Lange is chief of Encryption Production and Solutions at NSA. And Bill Newhouse is a cybersecurity engineer at NIST. Natasha, can I start with you? For you and your organization, how would you describe the state of things?
Natasha Eastman: So I think we're at the beginning. From a critical infrastructure standpoint, you know, organizations are on a spectrum. You know, and particularly, some sectors are, you know, well aware of this technology and where it's going and they're thinking about how to incorporate it into their products, into their security. And for others, this is, you know, very much a new thing that they're just starting to learn about and starting to prepare for.
Dave Bittner: Troy, how about you?
Troy Lange: Yeah, I agree, we're very early on in the journey here. What I'm heartened by is that the Department of Defense has clearly taken this very seriously. They've made some investments to make sure we're getting after making sure that national security systems are quantum resistant. And with the issuance of National Memorandum Number 10 last year, that compels departments and agencies to get a plan together, shows that we're early on but we're getting a good head start on this.
Dave Bittner: And, Bill, from your perspective, where are we right now?
Bill Newhouse: Well, NIST put out a draft of algorithms last week -- the FIPS 203, FIPS 204, and FIPS 205 -- and that's a culmination of seven years of cooperative work across the globe with cryptographers to identify what can be created that is quantum resistant. And so that's a nice seven-year process. And now we get closer to the realization of these algorithms in today's technologies, and then when that happens, testing that makes them available to the federal government for use becomes part of the process. So we're getting ahead of the ability to use this stuff, because it's going to be complicated to do those things and to figure out where you're using quantum vulnerable cryptography that needs to be replaced. If you continue to use quantum vulnerable cryptography, you're putting data at risk. Getting ahead of that curve. So it's early days, but it's late days in some respects on the work towards these algorithms that we're going to be moving to.
Dave Bittner: You know, Bill, I'm curious, what is your sense for when this is going to become a reality? You know, there's a joke, I think it's similar to the joke about nuclear fission, that no matter when you ask, it's always 20 years away. My sense is that we're getting closer and closer with quantum. But is it fair to say anyone really has a sense for when this is actually going to become a day-to-day reality?
Bill Newhouse: I'm the only one who has no sense, really. It, to me, is a decade or more away. Because I've heard other smarter looking people than me or smarter sounding people, I should say, that it's an opinion, and a cryptanalytically relevant quantum computer to realize it will take a lot of incredible innovation, but people are working towards that. And if a bad actor manages to create one, they're not necessarily going to declare they're using it and where they're targeting and who they're targeting and what kind of data they're looking to exploit. So you need to prepare to get ready to protect your data from such a future thing. It's also a great way just to make yourself better at protecting what you have today, because you're going to be forced to look at everything you do with cryptography. And that's a great step for any organization that has the resources to take it on.
Dave Bittner: You know, both Natasha and Troy, I'm curious, do you suppose there's a possibility that we could experience a Sputnik moment when it comes to quantum, where one of our adversaries would suddenly announce to the world that their capabilities are perhaps farther ahead than we had thought that they might be?
Natasha Eastman: No, I was actually going to say, I'll leave the speculating on our adversaries to Troy. You know, I think the important thing that we're thinking about here is that it's not like the minute that a cryptanalytically relevant quantum computer appears that all, you know, cryptography is broken across the globe. Now, the information and particular cryptographic implementations will still have to be targeted. But I think what we need organizations to understand and we are seeing is that information is being taken today that is considered secure possibly for use in breaking later. So organizations have to start thinking about it earlier than a, you know, cryptanalytically relevant quantum computer is actually here. Troy, over to you.
Troy Lange: Yeah, I mean, there's no way to predict when the breakthrough is going to happen. And what you kind of talked about there with the Sputnik moment is kind of like my worst nightmare scenario. Hopefully, we won't find ourselves there. I don't believe that we will. But nobody can predict with any accuracy when, you know, that day is when it's going to be first turned on and fired up. But we have to take it seriously, because I think if you take a look at the amount of investments that's being made just in the commercial industry, there is a lot of investment and research that's going into this. In my mind, it's inevitable it's going to happen. And we need to be prepared for that, because it'll be devastating if we are not.
Dave Bittner: You know, I've been trying to think of an analogy for this conversion, necessary as it is. In your minds, does it compare to something like when broadcasters switched to HD? You know, at some point, we're going to throw the switch and stop using the old stuff because we have to move on to the new. And that's going be painful for some people. Is there anything to that analogy, or is that off the mark you think? Bill, let me start with you.
Bill Newhouse: You're playing in my swim lane. Usually I'm the one coming up with clever ways to make people open their mental models to it. So you got me thinking [laughing]. You know, yes, it fits in the respect that NIST is not going to deprecate today's cryptography, asymmetric cryptography, because it works and it protects the data, except for a cryptanalytically relevant quantum computer that is able to implement the ability to break the math. So that part's kind of there. And by the time it mattered that I couldn't buy a television or VCR, but, you know, things that couldn't do digital, it didn't matter anymore. Maybe I had some legacy things I wanted to be able to watch or something, but it wasn't like -- everything kept up. And so by the time it really mattered, we made that happen. So by starting all this now, early, most organizations will just benefit from their providers getting them to the right place and telling them that it doesn't matter, you can't watch that channel in analog, it's now digital. So yeah, the metaphor holds up, because we're going to get ahead of this. We are working now today to implement and to update standards for the communication protocols that rely on some of these vulnerable algorithms so that we can protect the data when it's there.
Dave Bittner: And, Natasha, as you and your organization are taking the lead here in the government space, what sort of interplay are you seeing between agencies in terms of the communications and the ability to prepare here?
Natasha Eastman: I think you're seeing right now that there is a tremendous amount of interplay, right? We work with our colleagues at NIST and NSA and some of the sector risk management agencies, element to the White House, you know, day in, day out. And I think some of the things that Bill was talking about are key to the reasons for that, right? If we're talking about federal government, we have to be working with OMB. If we're thinking about, you know, the critical infrastructure community, the sector risk management agencies are, you know, really part and parcel of that community. And when we think about, you know, your analogy, you know, one of the places where it starts to get difficult is in the operational technology space -- so the ICS space, right (industrial control systems) -- where, you know, these technologies don't change over quite as quickly. Or we think about some of the large implementations of systems where budgets are planned 10 years out. And so we'd have to think about how we work with the vendor community, the sector, you know, risk management agencies, OMB to think about budgets, whether we're talking critical infrastructure or federal government. Because some of these implementations have very long timeframes. So that's one of the reasons that we're, you know, thinking about them in this factsheet, contact your vendors, start having those discussions. Because, you know, it's a team sport in every, you know, step of the way. [ Music ]
Dave Bittner: Troy, you know, you and your colleagues at NSA, I think it's fair to say there's been an openness particularly when it comes to cybersecurity issues over the past few years that, you know, perhaps past members of the agency would find surprising. But that's really been necessary, the outreach, you know, and tools like Ghidra, you know, things like that. In terms of that interplay between the public and private sector, I mean, that's really a critical element that you all are leading the way with here.
Troy Lange: Yeah, you're right, that is incredibly important, because we are all so interconnected. We don't exist in the environment that I started in at the agency where we all exist in our own individual networks that didn't touch each other. Everything is interconnected now. So all this planning that we need to do, while we have our own sectors that we care about, they all have to be able to interoperate with each other, they all have to be able to point to the same standards. And the more that we can enrich the conversation by our understanding the threats that we're under, we're all going to be better off for that.
Dave Bittner: Natasha, let me switch back to you here. For the folks in our audience who are responsible for defending their own organizations, what would be your advice coming into this transitional period here? Any tips or words of wisdom for them?
Natasha Eastman: Yeah. I think there's two things that we focus on, right? And the first is thinking about creating a plan, right? What are the different parts of the organization that need to be a part of that? There's the element of, you know, inventory. There's the element of how you are working with your vendors. There is the development of your IT. This is, you know, not just a team sport of organizations, but internal to an organization. What does that team look like that's going to get your organization ready? And the second is the foundation. How is an organization thinking about the data that they own, and what data that they own is, number one, protected by cryptography today? Number two, needs to be protected by cryptography? And three, what is the lifetime of that data? And so is that something in that system that protects that data, does that need to be upgraded, or where is that priority within the organization?
Dave Bittner: Troy, how about your thoughts? Same topic there.
Troy Lange: Yeah, you know, a lot of interesting parallelisms as I'm listening to Natasha talk about, you know, industrial control systems. We have a lot of the same challenges with weapons platforms. You know, you put out a submarine to sea, it doesn't come into port for an oil change every 3,000 miles. So that planning is a critical component of what we're doing. And the first foundational part is understanding what your overall inventory looks like. And so while we represent pretty significantly different sectors, we have a lot of same overlap and a lot of the same issues that I think cut across all domains; is understanding what is your exposure; understanding what are those things that you care most about; and then, again, I can't emphasize this too much, that starting to plan now. You know, as we talk about driving towards the 2035 or 2034 date, that may seem like it's a long way off, but when you think of the enormity of the inventory that's out there that needs to be addressed, there's a lot of work to do between now and then.
Dave Bittner: And, Bill, how about your perspective from you and your colleagues there at NIST?
Bill Newhouse: Yeah, so I've been talking a little bit about the crypto algorithms themselves, and I'm not part of that team. Those colleagues that are doing that, they're the mathematicians and cryptographers working with similar folks all over the world. Where I am in a lab that's essentially an applied cybersecurity lab, we are undertaking initiating the development of practices -- any practices to ease the migration from the current set of the cryptographic algorithms that are deemed vulnerable to ones that are quantum resistant. And we've established -- and NSM 10 actually called out that we should do this, and we'd begun even before the memo came out, that and a dollar gets me a dollar. But the nice part was we'd started inviting collaborators to join us. And these are experts in the companies that we rely on for, you know, the fact that our infrastructure is provided by commercial providers in a lot of ways. These big companies are with us, small companies are with us, some startups. And we said, where should we start together? And already in documents from other parts of the world and in the US, you know, discovery -- Natasha said it first -- is knowing what you have and what you're protecting. With these tools now, they're going to be a little more refined than maybe some of the tools that people ever had access to. And so being able to see your overall cryptographic, you know, use, your algorithm use, is pretty fascinating. And so a lot of discovery is happening. So we're doing a whole work stream with discovery, where we're trying to show what these tools do and where they make an impact. Are you looking at network traffic? Are you looking within operating systems for all the calls and things or certificate use? Are you looking into the CI (the continuous integration), continuous development pipeline that you're starting to use, to make sure that as you develop stuff, you can look within it and go, oh, good, we're using quantum resistant algorithms already? Or we're planning to? Or we know what the ones that are vulnerable are? Those are all really cool things. The other work stream we started is that there are communication protocols that rely on asymmetric encryption. You could deem some of those vulnerable. But the encryption use within them for the keys, helping private key pairing. And we've got folks testing use of these new algorithms in their draft form today, but as close as we -- you know, now that we have the drafts out, they've been looking at them to see how well you can set up TLS or update, you know, X.509. The IETF is an international standards body. They're doing work to get the standards updated and be ready to use these new algorithms as soon as they're available. So all those are great progress and it's just, you know, good steps to be taken and it fits right along with -- you know, this guidance document was written by all three agencies together. Because we've been saying these messages and we've been promising and have been partnering all along as this has been going on.
Dave Bittner: Natasha, I want to give you the final word here. To what degree should security professionals have a sense of urgency when it comes to this?
Natasha Eastman: Yeah, this has been a theme throughout the entire discussion. And the preparation needs to start now. You know, the work that needs to be done is not easy, nor is it things that can be done overnight. So, yeah, security professionals really need to think about starting their teams, getting their inventory done, starting to think about how they're working across development lines, you know, working with their vendors, and what that timeline looks like. So, you know, when we think about urgency, is it something that we need everyone running around with their hair on fire? Not necessarily, but we also need to them thinking about getting this started today so that by the time we are thinking about a cryptanalytically relevant quantum computer coming on board, that they're ready.
Bill Newhouse: And the urgency versus non-urgency part, one thing that's become clear through the White House put out a memo for government agencies to do and inventory -- and it was really a paper exercise. It didn't ask people to buy tools. But to identify high-value assets and identify as much as they could about the cryptography that protects those high-value assets. And that's not a very far and different question than getting prepared for zero trust architectures. So the modernization that is already underway from the M2209 memo, I believe it is, it says, you know, start preparing and using zero trust architectures, those teams are the ones you want to be, you know, in part of your team here for quantum readiness. And that's an important thing, that you're not doing this as a lone solo act in your organization; it is something that you're kind of doing anyway. Vendors are already pushing you towards these architectures. The government is recognizing the power of zero trust. And my sense was there were people who felt like they didn't know enough when they got those memos. Like what am I doing here? Well, you're doing it together and we're going to give you enough information. There's something here that calmed people down to recognize it's a modernization effort that is a good one to be done.
Natasha Eastman: Bill, that's a great point. And one of the things that when we talk to federal agencies about or particularly the state and local community or, you know, other sectors that are sitting there going, okay, how do I prioritize this against some of the other things that I'm doing? You know, one of the key elements that we want them to understand is that this is part and parcel to everything else that they're doing for good security. You know, when we think about moving to zero trust or we think about reducing unsupported technologies within the environment, all of those things contribute to preparing for post-modern cryptography. [ Music ]
Dave Bittner: Our thanks to CISA's Natasha Eastman, NSA's Troy Lange, and NIST's Bill Newhouse for joining us. The joint factsheet is titled "Quantum Readiness: Migration to Post-Quantum Cryptography." You can find it on CISA's website. Do check it out.