Attacks and Vulnerabilities
Building Management Systems
Critical infrastructure
ICS Security Framework
Industries
IT/OT Collaboration
Management & Strategy
Manufacturing
Medical
Mining, Oil & Gas
News
NIST
Regulation, Standards and Compliance
Risk & Compliance
System Design & Architecture
Technology & Solutions
Transportation
Utilities: Energy & Power, Water, Waste

DHS, NIST release roadmap on quantum computing technology for critical infrastructure sector

October 06, 2021

The U.S. Department of Homeland Security (DHS) and the Department of Commerce’s National Institute of Standards and Technology (NIST) laid out a roadmap to help organizations protect their data and systems and to reduce risks related to the advancement of quantum computing technology.

The plan will raise awareness and guide federal, state, local, tribal, and territorial partners, critical infrastructure owners and operators, and others in the private sector. The various measures will help these organizations protect their data and systems, and reduce risks related to the advancement of quantum computing technology.

The blueprint by the DHS will help organizations prepare for the transition to post-quantum cryptography by identifying, prioritizing, and protecting potentially vulnerable data, algorithms, protocols, and systems, the agency said. Advancements in technology are expected to break some encryption methods that are widely used to protect customer data, complete business transactions, and secure communications.

The guidance directs the DHS to prepare for the transition to new post-quantum cryptography standards when available from NIST in line with the quantum computing roadmap. The guidance will result in an inventory of all DHS cryptographic systems and data types, a broader understanding of the risk across the enterprise, and plans for the transition to post-quantum cryptography.

While quantum computing promises unprecedented speed and power in computing, it also poses new risks.  As the technology advances over the next decade, it is expected to break some encryption methods that are widely used to protect customer data, complete business transactions, and secure communications. The new guidance from the DHS will help organizations prepare for the transition to post-quantum cryptography by identifying, prioritizing, and protecting potentially vulnerable data, algorithms, protocols, and systems.

“Quantum computing will be a scientific breakthrough.  It is also expected to pose new data privacy and cybersecurity risks,” Alejandro N. Mayorkas, secretary of Homeland Security, said in a media statement.  “Now is the time for organizations to assess and mitigate their related risk exposure.  As we continue responding to urgent cyber challenges, we must also stay ahead of the curve by focusing on strategic, long-term goals. This new roadmap will help protect our critical infrastructure and increase cybersecurity resilience across the country.”

Quantum computing adopts a fundamentally different approach to computation compared with the kinds of calculations that are usually done on laptops, workstations, and mainframes. While quantum computing will not replace regular computing devices, it will leverage the principles of quantum physics to solve specific, very complex problems of statistical nature that are difficult for current computers.

Quantum information science (QIS) is an interdisciplinary field that studies the impacts of quantum physics properties on information science. Those properties can increase computational power and speed significantly over classical computers, provide precision measurements, enhance sensing capabilities, and increase the accuracy of position, navigation, and timing services.

Of these, the increase in computational capability is the most pressing issue as it threatens the security of asymmetric cryptography or cryptography that uses public-private keys. This will be decrypted by quantum computing and is ubiquitous throughout the Department, the remainder of the federal government, state, local, tribal, and territorial governments, and the U.S. critical infrastructure sectors.

Companies whose business depends on decades of data must be on high alert about the cybersecurity issues that quantum computing raises, analyst firm McKinsey warns in a report. “At the very least, the topic should be at the top of the chief information officer’s agenda, and business leaders need to be confident that their companies have a plan for making a safe transition from current cryptography to quantum cryptography,” it added.

Earlier this year, Secretary Mayorkas outlined his vision for cybersecurity resilience and identified the transition to post-quantum encryption as a priority.  DHS also issued internal policy guidance to drive the Department’s preparedness efforts and is conducting a macro-level analysis to inform the government’s action and ensure a smooth and equitable transition.

As the U.S. administration continues to grapple with advancing technologies, the Office of Science and Technology Policy (OSTP) issued on Tuesday a notice of request for information (RFI) that requests input from all interested parties on the development of a national strategic plan for advanced manufacturing. The agency has sought responses online by Dec. 17, 2021.

On behalf of the National Science and Technology Council (NSTC), Committee on Technology, Subcommittee on Advanced Manufacturing, the OSTP is seeking inputs from the public, on ways to improve government coordination, and on long-term guidance for federal programs and activities in support of U.S. manufacturing competitiveness, according to a notice on the Federal Register.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation