With the threat of large-scale quantum computers breaking our current cryptographic infrastructure on the horizon, government agencies and standards bodies, such as the National Institute of Standards and Technology (NIST) and the National Cybersecurity Center of Excellence (NCCoE), have been focusing on the upcoming migration to Post-Quantum Cryptography (PQC).
The NCCoE is a US governmental organization whose mandate is to “bring together experts from industry, government, and academia to address the real-world needs of securing complex IT systems and protecting the nation’s critical infrastructure.” They have spearheaded a PQC migration project, which is a joint collaboration between cryptographic researchers, industry experts, and government, with the goal of providing guidelines to ease the transition by organizations to PQC algorithms. While the National Institute of Standards and Technology (NIST) has been focusing on which PQC algorithms to standardize, the (NCCoE) focuses on how to use these algorithms.
“We are yet to go through the largest cryptographic migration in history,” states InfoSec Global’s VP of Cryptographic Research and Development, Dr. Vladimir Soukharev. “It is very complex and something that technologically we have never seen before, which is why it is important to have a special project that is dedicated to the practical aspects of the PQC migration.”
InfoSec Global has been an active member of the NCCoE’s PQC migration project since the beginning. On Tuesday, August 15th, the NCCoE held their first public, in-person event on PQC migration, and Vladimir describes this meeting as “a great success” with over 80 in-person attendees, and over 350 online. This was the first time the CRADA collaborators (official members of the NCCoE’s PQC migration project, including InfoSec Global, who have signed a Cooperative Research and Development Agreement) and the public were able to meet face-to-face.
There were two panels: Discovery of Public-Key Cryptography Components and Associated Assets in the Enterprise and Interoperability Tests to Implementing Quantum-Resistant Algorithm. The first panel is part of NCCoE’s ‘discovery track,’ in which InfoSec Global has been an active participant. The initial scope of the NCCoE PQC project is to “demonstrate the discovery tools that can provide automation assistance in identifying where and how public-key cryptography is being used” and to “engage industry in demonstrating use of automated discovery tools to identify all instances of public-key algorithm use in an example network infrastructure’s computer and communications hardware, operating systems, application programs, communications protocols, key infrastructures, and access control mechanisms.”
This emphasis on cryptographic discovery is something that was echoed in the NCCoE’s Quantum-Readiness Factsheet. InfoSec Global has long been a leader in the cryptographic discovery space with our cryptographic assets discovery tool AgileSec™ Analytics, and we also see this as a vital first step for an organization to have a successful post-quantum cryptographic migration.