in Cybersecurity, News

Thales TCT’s Gina Scinta Says PQC Migration Urgently Needed

https://archintelmedia.force.com/archintel/graphicschassis#/db/general-graphic-request?request=a1s8X00000HXxRBQA1
Thales TCT's Gina Scinta Says PQC Migration Urgently Needed - top government contractors - best government contracting event

Government and industry must begin taking steps to secure their systems from cyber threats posed by malicious actors using quantum technologies, Gina Scinta, deputy chief technology officer of Thales Trusted Cyber Technologies, said in a column published Tuesday on the Federal News Network.

Steps for Government

According to Scinta, on the part of government, agencies must plan to upgrade their IT infrastructure in order for it to be compliant with the 3 post quantum cryptography standards that the National Institute of Standards and Technology released in August, namely Federal Information Processing Standards 203, 204 and 205.

Federal Information Processing Standards

FIPS 203 will serve as the main standard for general encryption, which offers protection for information transmitted through a public network. FIPS 204 will serve as the primary standard for protecting digital signatures, which are used for identity authentication. FIPS 205 will serve as a backup for 204.

PQC Algorithms

Each standard is derived from a different algorithm submitted to NIST for PQC standardization. FIPS 203 is derived from the CRYSTALS-Kyber algorithm and specifies the Module-Lattice-Based Key-Encapsulation Mechanism Standard. FIPS 204 is derived from the CRYSTALS-Dilithium algorithm and specifies the Module-Lattice-Based Digital Signature Standard. FIPS 205 is derived from the SPHINCS+ algorithm and specifies the Stateless Hash-Based Digital Signature Standard.

Agencies should also work to implement the various reminders and guides issued by the administration to begin PQC migration. According to those policies, an important first step in PQC migration is determining how and where cryptography is being used in one’s organization. Agencies can now use automated crypto inventory tools to carry out this task.

Steps for Industry

On the part of industry, vendors and standards organizations must work to resolve issues that prevent the deployment of interoperable PQC implementations. Vendors in particular must exert the effort to implement NIST’s PQC algorithms in their products, especially in the case of hardware security modules. Upgrading HSMs to PQC compliance will help government users conduct initial testing and eventually transition to quantum safe network encryption solutions.

“Quantum computing is farther along than we may realize,” Scinta notes in her column. “With NIST’s published standards, there are no more obstacles to putting plans in process for this [PQC] migration.”

ExecutiveBiz Logo

Sign Up Now! ExecutiveBiz provides you with Daily Updates and News Briefings about Cybersecurity

mm

Written by Jerry Petersen

Jason Saldana Appointed VP of Strategic Development at MTSI - top government contractors - best government contracting event
Jason Saldana Appointed VP of Strategic Development at MTSI
SkyePoint Appoints Manohar Kumar, Durriya Badani to Management Positions - top government contractors - best government contracting event
SkyePoint Appoints Manohar Kumar, Durriya Badani to Management Positions