MITRE Publishes Post-Quantum Cryptography Migration Roadmap

MITRE Publishes Post-Quantum Cryptography Migration Roadmap

The MITRE-founded Post-Quantum Cryptography Coalition (PQCC) this week published fresh guidance for organizations looking to ready themselves to transition to quantum-safe cryptography.

Advancements in the development of advanced quantum computing represent threats to the systems currently ensuring authenticity and securing communications and sensitive data, making the migration to post-quantum cryptography (PQC) a necessity, PQCC says.

Intended for CIOs and CISOs, the coalition’s PQC migration roadmap (PDF) provides an overview of four key stages of the migration process, namely preparation, baseline understanding, planning and execution, and monitoring and evaluation.

For each organization, transitioning to PQC requires outlining migration aims, understanding data inventories and prioritizing updates, acquiring/developing post-quantum solutions and implementing them, and building measures to track the migration process and assess security as quantum capabilities evolve. The migration process, however, differs. 

“How an organization applies this roadmap depends on the shelf-life and volume of its critical data, the amount of available information about its assets, its budget for potentially significant software and hardware updates, and numerous other influencing factors,” the document reads.

Cryptographically-relevant quantum computers capable of breaking the current cryptographic security may still be decades away, but organizations should begin the transition process now, to mitigate the threat of data being stolen now and decrypted later, PQCC says.

“This roadmap empowers CIOs (chief information officers) and CISOs (chief information security officers) to act decisively, taking proactive steps to protect sensitive data now and in the future,” MITRE vice president Wen Masters commented.

PQCC’s guidance comes out two years after the US government released a set of quantum readiness recommendations and one year after NIST’s post-quantum cryptography standards were published.

Advertisement. Scroll to continue reading.

Related: Five Eyes Agencies Release Guidance on Securing Edge Devices

Related: CISA Releases Mobile Security Guidance After Chinese Telecom Hacking

Related: US, Allies Release Guidance on Securing OT Environments


Source link