White House begins transition to post-quantum cryptography for federal agencies, conducts inventory of cryptographic systems

The U.S. Office of Management and Budget (OMB) has described preparatory steps in a Friday memorandum to the heads of executive departments and agencies to undertake as they begin their transition to post-quantum cryptography (PQC) by conducting a prioritized inventory of cryptographic systems. Further, the memorandum provides transitional guidance to agencies in the period before PQC standards are finalized by the National Institute of Standards and Technology (NIST), after which OMB will issue further guidance. 

The directions come as federal agencies move to a zero-trust architecture in line with the priorities outlined in U.S. President Joe Biden’s Executive Order 14028 and the January 2022 memorandum that directs agencies to the highest-value starting points on their path to a zero trust strategy that describes several shared services, which should be prioritized to support a long-term government-wide effort. The paradigm shift relies in part on the ubiquitous use of strong encryption throughout agencies. 

The November OMB memorandum also complies with the May 2022 National Security Memorandum (NSM-10) to promote the administration’s position in quantum computing while mitigating risk across vulnerable cryptographic systems. It also requires the U.S. to prioritize the timely and equitable transition of cryptographic systems to quantum-resistant cryptography, with the goal of mitigating as much of the quantum risk as is feasible by 2035.

To achieve this, the OMB has coordinated with the Office of the National Cyber Director (ONCD) to establish requirements for agencies to inventory their active cryptographic systems, with a focus on high-value assets (HVAs) and high-impact systems. “By May 4, 2023, and annually thereafter until 2035, or as directed by superseding guidance, agencies are directed to submit a prioritized inventory of information systems and assets, excluding national security systems, that contain CRQC-vulnerable cryptographic systems to ONCD and the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA),” it added in its latest memorandum.  

A cryptanalytically relevant quantum computer (CRQC) has been defined as quantum computers, which are capable of actually attacking real-world cryptographic systems that would be infeasible to attack with a classical computer.

The inventory must encompass each information system or asset that is any of the following, whether operated by the agency or on the agency’s behalf, a high-impact information system, an agency HVA, or any other system that an agency determines is likely to be particularly vulnerable to CRQC-based attacks. 

Agencies should include information systems or assets that contain data expected to remain mission-sensitive in 2035 or are logical access control systems based on asymmetric encryption such as public key infrastructure that uses any of the algorithms. Initially, agencies should focus their inventory on their most sensitive systems. OMB expects to direct inventory by agencies of systems or assets not in the above scope through future guidance on Federal Information System Modernization Act of 2014 requirements. At this point in time, those systems need not be included in the inventory submitted to ONCD and CISA.

The November memorandum lays down that “within 30 days of the publication of this memorandum, agencies will designate a cryptographic inventory and migration lead for their organization. Each agency should identify its lead to OMB using the contact information.” Furthermore, it added that the OMB will rely on these designated leads for government-wide coordination and for engagement in planning and implementation efforts within each organization. 

The memorandum also said that ninety days after the release of this memorandum, and annually thereafter, ONCD, in coordination with OMB, CISA, and the FedRAMP Program Management Office (PMO), will release instructions for the collection and transmission of this inventory, which will include a tool and procedure for agencies to submit their inventory to ONCD and CISA. Furthermore, it will include a process for the identification of common cryptographic systems used across agencies, so that agencies may avoid inventorying those systems individually. 

“CISA and the National Security Agency (NSA) will evaluate whether for a security classification guide (SCG) is needed for this inventory. If an SCG is needed, CISA will produce one within 90 days of the issuance of this memorandum,” it added. 

The November memorandum also lays down that no later than 30 days after the submission of each annual inventory of cryptographic systems, agencies are required to submit to ONCD and OMB an assessment of the funding required to migrate information systems and assets inventoried under the memorandum to post-quantum cryptography during the following fiscal year. These agency assessments will inform the funding assessments required by NSM-10 Section 3(c)(iv). 

The OMB document also said that ninety days after the publication of this memorandum, and annually thereafter, ONCD, in coordination with OMB, will release instructions to agencies. These instructions will include a procedure for agencies to submit their funding assessments, and a procedure for the collection of funding requirements to migrate common cryptographic systems used across agencies to simplify and reduce the burden of agency cost assessments. 

“Within one year of the publication of this memorandum, CISA, in coordination with NSA and NIST, will release a strategy on automated tooling and support for the assessment of agency progress towards adoption of PQC,” according to the OMB memorandum. “This strategy is expected to address discovery options for internet-accessible information systems or assets, as well as internal discovery of information systems or assets that are not internet-accessible.” 

The November memorandum added that discovery methods will support open-source software tools and use existing CISA or agency capabilities, such as Continuous Diagnostics and Mitigation (CDM), where feasible. “The strategy will also describe the limitations of available assessment methods, as well as any gaps in automated capabilities or tools.” 

The OMB document also said that the testing of pre-standardized PQC in agency environments will help to ensure that PQC will work in practice before NIST completes PQC standards and commercial implementations are finalized. “Agencies, particularly CISA, are encouraged to work with software vendors to identify candidate environments, hardware, and software for the testing of PQC. Examples of candidate environments, hardware, and software might include web browsers, content delivery networks, cloud service providers, devices and endpoints, and enterprise devices that initiate or terminate encrypted traffic,” the memorandum added. 

To ensure that tests are representative of real-world conditions, they may be conducted, or allowed to operate, in production environments, with appropriate monitoring and safeguards, alongside the use of current approved and validated algorithms. In many cases, the test may be conducted by the vendor across many customers or end users, and agencies are encouraged to participate in these tests. 

The memorandum also lays down that within 60 days of the publication of this memorandum, NIST, in coordination with CISA and the FedRAMP PMO, will establish a mechanism, as part of the working group, to enable the exchange of PQC testing information and best practices among agencies as well as with private sector partners.

The November memorandum also lays down that within 30 days of the publication of this memorandum, OMB and ONCD will establish a cryptographic migration working group consisting of NIST, CISA, NSA, the FedRAMP PMO, and agency representatives. The working group will be chaired by the federal chief information security officer and will provide assistance and coordination for agencies conducting cryptographic inventories and migration. 

In August, the CISA said that upgrading ICS (industrial control system) to post-quantum cryptography will be a challenge, as deployed cryptography-dependent ICS hardware is costly, and the associated equipment is often geographically dispersed.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.