Quantum Safe Crypto for National Security Needs (Q21a)
The cryptographic landscape is evolving as quantum computing emerges. New quantum-safe standards will be published in the next few years. These changing global standards will pose many challenges for organizations. Currently, cryptographic algorithms underpin not only our online commerce and our privacy but also our national security. This talk will focus on the unique hurdles that the US military is facing to transition to quantum-safe algorithms. There are two categories of entities that need to move to quantum-resistant algorithms as soon as possible: first, those who have a requirement to protect information with long term value such as personnel records, national defense strategy, military plans, weapons systems, and other classified information; second, entities who cannot easily migrate to cryptosystems. The USG falls into both of these categories. Migration is now an urgent issue. The US military deals with many factors to ensure the security of communication and information, and to protect against espionage and cyberattacks. There are a vast number of encryption products that employed in network traffic analytics, endpoint security, firewall solutions, encrypted voice solutions, and digital data encryptors. Additionally, the military often needs to ensure compatibility between military and commercial communication standards. Devices used by military often have also specifications for size, weight, and power consumption. These myriad of factors are among the issues that need to be accounted for when ensuring the security of communication and information. The sheer size of the military and its multifaceted requirements warrant a holistic government approach. Unfortunately, to date efforts have been minimal and fragmented. There is still a lack of direction to ensure a coordinated effort on the transition to quantum-safe cryptography. The “harvest now, decrypt later” threat is palpable and will continue to grow. There are many competing solutions with various tradeoffs and thus much confusion about how best to move forward. The complexity of migration needs more research to better understand how interoperability and other complexities will be addressed. As NIST prepares standards for quantum-resistant algorithms, we must ensure solutions will work in real-world military use cases especially those requiring FIPS compliance. Government vendors need to understand requirements early on and have incentives to proactively build in solutions that will be a security against future large scale quantum computers. We cannot jeopardize our national security by underestimating this challenge.