Kristen Smith
Gina Scinta, the deputy chief technology officer of Thales Trusted Cyber Technologies, said transitioning to post-quantum cryptography is necessary due to adversary efforts to collect encrypted data and leave it in storage until quantum computers capable of breaking current encryption standards become available.
In an opinion piece published Monday on Carahsoft’s website, Scinta highlighted the National Institute of Standards and Technology’s standardized post-quantum cryptography algorithms designed to withstand quantum attacks and the federal government’s guidance for agencies to switch to crypto-agile solutions capable of supporting current algorithms and future quantum-resistant ones without hardware replacement.
Post-Quantum Cryptography Standardization
In August 2024, NIST published its final standards for three critical algorithms: the Module-Lattice-Based Key-Encapsulation Mechanism, the Module-Lattice-Based Digital Signature Algorithm and the Stateless Hash-Based Digital Signature Standard. A fourth algorithm, the fast-Fourier transform over NTRU-Lattice-Based Digital Signature Algorithm, is still pending finalization.
With cryptographically relevant quantum computers expected to arrive by 2030, agencies must implement quantum-resistant algorithms before current security measures become obsolete, Scinta said, noting that the most vulnerable assets are those containing long-lived data, including decades of trade secrets, classified information, lifetime health care and personal identifiable information.
Scinta urged agencies to begin the transition by evaluating their existing cryptographic inventory, prioritizing systems with long-lived sensitive data and developing implementation road maps aligned with NIST and National Security Agency post-quantum cryptography implementation timelines.
For crypto discovery and inventory management, the deputy CTO recommended using tools from InfoSec Global, Sandbox AQ and IBM, among other vendors, designed to discover and classify cryptographic material across environments, identify which assets are managed or unmanaged, determine vulnerability to quantum attacks, and support centralized crypto management and policies.
About Thales TCT
Thales Trusted Cyber Technologies is a U.S.-based provider of government high-assurance data security solutions. It entered a distribution partnership with Carahsoft to bring data protection offerings to the public sector. Serving as Thales TCT’s master government aggregator, Carahsoft delivers the data security products to agencies through an extensive ecosystem of manufacturers, value-added resellers, system integrators and consulting partners.
