Table of Contents

1. Introduction

In cybersecurity these days it is impossible to escape the noise about quantum computing. From government agencies to industry organizations and tech bloggers, everyone seems to be pushing a bit of a FUD (fear, uncertainty, and doubt) about quantum computing, as well as weighing in on how organizations should prepare for the expected arrival of Cryptographically or Cryptanalytically Relevant Quantum Computers (CRQC), or Q-Day—the day when quantum computing is expected to break our current cryptographic defenses.

For a grounded perspective on when Q-Day, also known as Y2Q, might actually occur and what you should monitor to decide on it yourself, check out “Q-Day Predictions: Anticipating the Arrival of Cryptanalytically Relevant Quantum Computers (CRQC).”

Whenever the Q-Day arrives, today’s main concerns for preparation revolve around the cost and time needed to transition to new quantum-safe technologies. The window for an orderly transition is shrinking because of the advancing maturity of quantum computing. For data that needs to remain confidential for decades, the window for safely transitioning may already be closed. See the “Harvest Now, Decrypt Later (HNDL)

Despite the flurry of attention, much of today’s advice remains vague and high-level. Recommendations like “increase awareness, ” “perform risk assessment, ” “make an inventory of your cryptography, ” or “implement PQC ” keep being repeated, but I have yet to find practical guidance on how exactly one might implement some of these common suggestions. Although the topic of quantum technology is undeniably intriguing, from the practical perspective, the biggest challenges lie in executing thorough inventories of cryptography, sensitive data, and critical systems; mapping system dependencies and especially cryptographic interdependencies; understanding the cryptographic performance and scale requirements; and devising a realistic, risk-driven, optimal plan for the quantum risk mitigation aligned with the organization’s risk tolerance. These tasks will demand the most time, effort, and expertise, yet they are often overlooked in industry publications. In this article, I aim to address this gap by providing holistic, clear, actionable steps that cybersecurity professionals could start implementing right now to prepare their organizations for the quantum era.

2. Practical Reasons for Preparing Now

If you’re involved in cybersecurity, you’re likely aware of the potential risks quantum computing poses to the field. For a refresher, consider reviewing “What’s the Deal with Quantum Computing: Simple Introduction” and “Adiabatic Quantum Computing (AQC) and Its Impact on Cybersecurity” which introduce the key concepts. Additionally, check the “Harvest Now, Decrypt Later (HNDL)” post to understand why addressing the future risk of CRQC is crucial today.

The concept of Q-Day has shifted from a distant possibility to a foreseeable reality. Up until a few short years ago, experts were still questioning the feasibility of quantum computers and whether they would ever become a reality (see “The Argument Against Quantum Computers“). No expert questions the arrival of quantum computers anymore. The discussion these days is about when exactly it will happen, not whether it will happen. Whether CRQCs are already here in secret government labs as some vendors claim, or whether they will arrive in 7-8 years as I optimistically predicted in “Q-Day Predictions: Anticipating the Arrival of Cryptanalytically Relevant Quantum Computers (CRQC),” or in 15 years as is expected by many in the field, there are practical, grounded reasons organizations should start preparing now besides the imminent quantum threat materialization. Here are some:

2.1. The Inevitability of Technological Progress

Quantum computing is advancing at a steady pace. Although it may seem like a recent development with all the noise recently, this field has been evolving for decades (see: “Early History of Quantum Computing“). Even with no groundbreaking discoveries, we can trace a clear trajectory towards the realization of this technology. I am publishing my personal prediction, as well as all the news that shape my prediction, at “Marin’s Q-Day Prediction Page.” While the exact timeline may be uncertain, the direction is clear: quantum computers will eventually become powerful enough to challenge existing cryptographic systems. Major tech companies and governments heavily invest in quantum research, with significant breakthroughs reported regularly. The inevitability of these advancements isn’t a cause for panic but a call to proactive preparation.

2.2. The Complexity of Transition

Transitioning to quantum-resistant cryptography isn’t as simple as flipping a switch, despite what some vendors might claim. It involves evaluating current cryptographic uses, understanding the quantum threat specific to those uses, and then implementing new protocols deemed secure against quantum attacks. Whole protocols and services will need to be re-engineered, because Post-Quantum Cryptography (PQC) typically places greater demands on devices and networks than traditional public-key cryptography. Sometimes it might require replacements of whole core critical systems that would require massive transformation programs lasting many years. This process is time-consuming and complex, requiring a gradual approach to manage risks effectively without disrupting existing operations.

2.3. The Longevity of Data

Many types of sensitive data need to remain secure for long periods. For example, sensitive personal data, trade secrets, and national security information have lifespans that can extend decades into the future. If adversaries intercept such data today, they could potentially store it and decrypt it with quantum computers in the future once CRQCs arrive. This “Harvest Now, Decrypt Later” (HNDL) scenario is a genuine concern driving the need for quantum-resistant measures to be implemented sooner rather than later.

2.4. The Longevity of Digital Infrastructure

For organizations deploying long-lived digital infrastructures, such as those used in critical national infrastructure, industrial control systems, or long-term data storage solutions, the expected lifespan of these systems may exceed the anticipated arrival of CRQCs. Implementing quantum-resistant solutions now is critical to ensure that these systems remain secure throughout their operational life. Or, at least, implement them today in a way that would allow an easy swap of cryptographic modules in the future. More on this later.

This might be a good moment to discuss the oft-mentioned Mosca’s theorem. Named after Dr. Michele Mosca, a prominent researcher in quantum computing, this theorem indicates when to start transitioning to quantum-safe cryptography. The theorem states that if there is a non-negligible chance that the total time required to keep data secure, plus the time needed to upgrade cryptographic systems, exceeds the time until quantum computers capable of breaking current cryptography become operational, then you are already too late.

2.5. Regulatory and Compliance Requirements

Governments and international bodies are beginning to recognize the potential impact of quantum computing on cybersecurity. See “National Initiatives in Quantum Technologies (as of April 2022)” for some of the latest initiatives. This recognition is slowly translating into guidelines and regulations aimed at ensuring that public and private sector entities are quantum-ready. This might speed up soon. With the anticipated release of the National Institute of Standards and Technology (NIST) PQC standard, I expect to see a significant surge in regulatory activity. Many regulators I have spoken with have been waiting for the NIST PQC standard to integrate it into their requirements. Organizations that prepare in advance will position themselves better to comply with these emerging regulations efficiently and cost-effectively.

2.6. Maintaining Public Trust

For businesses, especially those handling customer data, maintaining trust is paramount. Being early adopters of quantum-resistant technologies can give you a competitive edge, showing that you prioritize data security and customer privacy.

2.7. Enhancing Overall Cybersecurity Maturity

Preparing for Q-Day will require thorough audits, inventories of sensitive data, inventories of all cryptographic solutions, and updates of their cybersecurity policies and systems. As you will see later, some of these efforts could have many other cybersecurity and privacy benefits besides preparing for Q-Day. This can lead to overall improvements in cybersecurity hygiene, including better key management practices, better privacy program management, updated security protocols, and strengthened defenses against a variety of cyber threats.

2.8. Insurance

As cyber insurance develops, insurance companies might start asking for proof of proactive actions taken against quantum threats in order to approve policies or provide better terms. Starting early helps ensure compliance with future insurance requirements that might stipulate quantum-readiness.

2.9. Competitive Advantage

Organizations that move quickly to adopt quantum-resistant technologies not only safeguard their data but also position themselves as leaders in a competitive market. Early adoption can serve as a differentiator, highlighting a commitment to cutting-edge security and future-proof strategies.

2.10. Cybersecurity Talent Attraction

Another benefit is the attraction and retention of cybersecurity talent. In a market with a shortage of skilled cybersecurity professionals, organizations that prioritize security and engage with cutting-edge challenges often attract and retain the most qualified candidates.

2.11. Opportunity for Innovation

Engaging with quantum-resistant technologies opens opportunities for innovation within an organization’s IT and cybersecurity departments. Exploring new technologies can lead to discoveries and developments that benefit other areas of the business.

3. Challenges with Post Quantum Cryptography (PQC)

One common misconception I frequently observe among my clients is the belief that once the NIST releases its PQC standards, implementing these new solutions will be simple and straightforward, instantly making their systems compliant and secure. Unfortunately, the reality is far more complex. The transition to PQC will not be a plug-and-play solution; it involves a myriad of intricate challenges that organizations must navigate. For more on PQC challenges see Post-Quantum Cryptography PQC Challenges.

3.1. Algorithm Maturity and Standardization

Despite significant advancements, many PQC algorithms remain in the experimental phase, lacking the extensive testing and validation that current cryptographic standards enjoy. Organizations like NIST have spearheaded the development and standardization of these algorithms through initiatives like the Post-Quantum Cryptography Standardization Project. While promising candidates have emerged, they have yet to achieve the maturity needed for widespread adoption. Even after final standards are released, selected algorithms may require updates as new vulnerabilities are discovered and our understanding of quantum computing evolves. Historically, cryptographic algorithms like RSA and AES have provided long-term security, but the rapidly changing quantum landscape will demand continuous adaptation. Organizations must be prepared for PQC algorithms implemented today to require updates or replacements in the future, emphasizing the need for crypto-agility. For more on crypto-agility, see “Introduction to Crypto-Agility.”

3.2. Performance Challenges

When transitioning to post-quantum cryptography (PQC), one of the critical challenges that organizations often overlook is the significant increase in computational demands and the associated resource requirements. Quantum-resistant algorithms, such as those based on lattice-based or hash-based cryptography, generally require larger key sizes and more complex computations compared to traditional cryptographic methods. For instance, while current RSA implementations might use a key size of 2048 bits, lattice-based cryptographic algorithms may require key sizes of several kilobytes, leading to an increase in the amount of data that needs to be processed and stored, which can lead to increased processing times and greater power consumption. The cumulative impact of deploying PQC across an entire infrastructure can be substantial, with increased key sizes and computational requirements consuming more bandwidth and introducing latency in network communications. This increased computational load can significantly impact performance, especially for IoT devices and other underpowered systems that already operate under stringent resource constraints. Failure to consider these factors can lead to significant slowdowns, increased operational costs, and potentially compromised security if performance issues cause organizations to revert to less secure, pre-quantum cryptographic methods.

Addressing these performance challenges requires strategic approaches such as using hybrid cryptographic schemes that combine classical algorithms with PQC algorithms to balance security and performance. More on that later. Or, improving the efficiency of PQC implementations through code optimization, hardware acceleration, and efficient mathematical libraries is essential. Conducting extensive performance testing and benchmarking in actual operating environments helps identify bottlenecks and optimize configurations. An incremental approach to deployment, gradually introducing PQC algorithms, allows for monitoring performance and making necessary adjustments, ensuring a smoother transition to quantum-secure cryptographic infrastructure.

3.3. Implementation Complexity

Adopting PQC algorithms requires significant changes to existing cryptographic libraries and protocols, which are deeply integrated into infrastructure. Transitioning involves rewriting libraries, modifying protocols, and optimizing performance, demanding substantial code changes and rigorous testing. A phased approach, starting with pilot projects in non-critical systems, and using hybrid cryptographic schemes can help manage these challenges.

Ensuring backward compatibility with existing systems adds another layer of complexity. Many applications and protocols are tailored to specific cryptographic algorithms, making it difficult to introduce new ones without disruption. Implementing PQC in a layered manner and using intermediary solutions like gateways can bridge the gap between classical and quantum-resistant algorithms. Additionally, developers need specialized training to understand and implement PQC algorithms effectively.

3.4. Compliance and Regulatory Challenges

Compliance with new requirements and obtaining certification for PQC systems present significant challenges. The regulatory landscape for PQC is still evolving, with standards and requirements continuously emerging. This ongoing development creates uncertainty for organizations striving to ensure compliance with current and future regulations. Bodies such as NIST and ISO are actively working on establishing PQC standards, but definitive guidelines are not yet fully established. As NIST prepares to release its PQC standard, we can expect a surge in regulatory requirements. Organizations must stay informed by monitoring updates from regulatory bodies, participating in industry forums, and engaging with regulatory agencies to provide feedback during public comment periods. Larger organizations should establish dedicated compliance teams to monitor regulatory developments and ensure alignment with emerging standards, working closely with legal, security, and IT departments.

To address regulatory uncertainty, organizations should adopt a proactive approach to compliance by implementing flexible and adaptable cryptographic systems that can be updated as new standards emerge – in other words, become crypto-agile. For more information see “Introduction to Crypto-Agility.”

3.5. Cost

Transitioning to PQC involves substantial financial investments across various domains, including new technologies, training, and infrastructure upgrades. This can be daunting for organizations with extensive and complex cryptographic infrastructures. Adopting PQC requires purchasing updated cryptographic algorithms, hardware security modules (HSMs), and other cryptographic hardware and software solutions. Additionally, integrating these new technologies into existing systems incurs further costs for customization and implementation. The release of NIST’s PQC standards and the eventual achievement of quantum supremacy are expected to drive a sharp increase in market demand for PQC-enabled equipment, potentially leading to shortages and price hikes.

To mitigate these costs, organizations could consider early investments or early financial commitments in necessary hardware and software by locking in prices and quantities with vendors before the demand spikes. However, be careful, this approach is only recommended if you are able to ensure that these assets can be easily upgraded to meet future standards. Adopting a phased approach to PQC implementation, starting with pilot projects, allows organizations to spread out costs and gain practical insights. Seeking funding and grants from government bodies and industry consortia dedicated to quantum readiness can alleviate some financial burdens. Moreover, as PQC algorithms often require more computational power and memory, planning for infrastructure upgrades, such as purchasing new servers and enhancing network capabilities, is essential. Transitioning to cloud solutions and building up on-premises capacity ahead of demand can further ensure cost efficiency and readiness for the quantum era.

3. What You Shouldn’t Do

Before we get into the specifics of how to prepare, it’s important for cybersecurity professionals to understand the potential challenges posed by Q-Day and be aware of certain pitfalls to avoid during their preparations. Based on my experience in the industry, some of the most common ones include:

3.1. Avoid Panic Buying of Solutions

There are many vendors offering cryptographic solutions that claim to be quantum-resistant. While it may be tempting to purchase these solutions right away to mitigate quantum risks quickly, this approach may not be the most prudent. The National Institute of Standards and Technology (NIST) is currently developing a post-quantum cryptographic standard, which is set to include four encryption algorithms rigorously tested to ensure they provide the necessary protection. The team at NIST expects to finalize and have these standards ready for implementation in 2024. Given the extensive effort put into the NIST Post-Quantum Cryptography (PQC) standard and NIST’s strong reputation, it is likely that other national authorities, sectoral regulators, clients, and insurers will standardize on NIST-approved PQC algorithms and will expect organizations to adopt the same.

Before rushing to purchase or implement new tools, organizations should focus on other steps to prepare for the transition to post-quantum cryptography that are outlined below. This cautious approach is also recommended in the U.S. Department of Homeland Security’s Post-Quantum Cryptography guidance issued in 2022, which advises against premature adoption of unverified technologies.

This approach only makes sense if you are able to technically and contractually assure yourself that the purchased systems can be easily upgraded in the future to comply with NIST PQC standard. In that case it might be prudent to start buying certain solutions now ahead of the mass demand.

3.2. Avoid Rushing to Lock Down Systems

Reacting hastily to latest doom-and-gloom articles in industry publications or inquiries from regulators and national infrastructure protection agencies might lead to a premature “locking down” of systems to demonstrate seriousness of quantum risk management. Such knee-jerk reactions can sometimes disrupt day-to-day operations, especially if, for example, access to data is excessively restricted due to fears like the “Harvest Now, Decrypt Later” (HNDL) risk. While it’s crucial to prepare for the potential impacts of quantum computing, it’s important to remember that the disruption of existing cryptographic systems by quantum capabilities isn’t immediate. The development and deployment of quantum computers capable of breaking current encryption will take time. By starting your preparations now, you can proceed in a calm and coordinated manner.

4. What You Should Do

4.1. Secure Support from Senior Leadership

Securing support from senior leadership is a critical first step in transitioning to post-quantum cryptography. By articulating the importance, presenting a compelling business case, advocating for necessary funding and resources, and setting clear objectives, organizations can help ensure that the initiative receives the necessary funding, resources, and strategic alignment across the organization.

To gain senior leadership support, it’s essential to clearly explain the necessity of transitioning to PQC. Highlight the imminent threats posed by quantum computing, emphasizing that traditional cryptographic algorithms like RSA and ECC will become vulnerable. Explain that failure to adapt could lead to severe security breaches, regulatory non-compliance, operational disruptions, and loss of customer trust. Use real-world examples and case studies to illustrate these points, making the threat tangible and immediate.

Develop a compelling business case that outlines the benefits of crypto-agility. Include cost-benefit analyses, potential risks of inaction, and projected return on investment (ROI). Demonstrate how crypto-agility can enhance security, ensure compliance, improve operational efficiency, and maintain competitive advantage. Show that proactive measures are not just a cost but an investment in the organization’s future stability and reputation. Highlight the long-term savings and risk mitigation that come with proactive security measures.

Work with the leadership to define clear, measurable objectives for the crypto-agility initiative. These objectives should align with the organization’s overall strategic goals and be communicated throughout the organization to ensure alignment and commitment. Setting clear goals helps track progress, measure success, and maintain focus on the most critical aspects of the transition to PQC.

4.1.1. Practical Steps for Engaging Senior Leadership

  1. Develop a Comprehensive Presentation: Prepare a detailed presentation that outlines the threats posed by quantum computing, the necessity of PQC, and the benefits of crypto-agility. Use visuals, graphs, and real-world examples to make the case compelling and understandable.
  2. Develop a Detailed Business Case: Create a comprehensive business case that includes cost-benefit analyses, potential risks of inaction, and projected ROI. Use financial models to demonstrate the long-term savings and risk mitigation associated with PQC.
  3. Secure a Champion: Identify a senior executive who can champion the PQC initiative. This person should have the influence and authority to drive the initiative forward and secure the necessary support from other senior leaders.
  4. Propose a Phased Implementation Plan: Suggest a phased implementation plan that begins with pilot projects in non-critical systems. This approach allows for manageable, incremental changes and provides valuable insights that can be applied to more critical systems later.
  5. Highlight Regulatory Compliance: Emphasize the importance of staying ahead of regulatory requirements. Explain how adopting PQC can help the organization comply with future regulations, avoiding potential fines and legal issues.
  6. Demonstrate Industry Trends: Showcase how other leading organizations and industry peers are preparing for PQC. This benchmarking can provide a compelling argument for why your organization needs to act now.
  7. Plan for Continuous Monitoring and Updates: Propose establishing continuous monitoring and update mechanisms to ensure the cryptographic systems remain secure and compliant. This ongoing effort demonstrates a commitment to long-term security.
  8. Offer Training and Education Plans: Include plans for comprehensive training programs to equip staff with the necessary skills and knowledge for implementing and maintaining PQC. Highlight the importance of staying updated on the latest developments in PQC.
  9. Prepare for Q&A: Anticipate potential questions and concerns from senior leadership. Prepare clear, concise answers that address their concerns and reinforce the urgency and benefits of the PQC initiative.

4.2. Establish a Cross-Functional Team for Quantum Readiness

The foundational steps in the program to prepare for the arrival of Q-Day is to establish a cross-functional team dedicated to driving the quantum readiness program. This team will be pivotal in navigating the technical, regulatory, and strategic challenges associated with transitioning to quantum-safe cryptographic systems.

It is important that the team is a cross-functional team assembled from participants from various relevant teams across the organization. Quantum readiness impacts multiple areas of the organization, from IT and cybersecurity to legal, compliance, and business operations. A cross-functional team brings together diverse expertise, ensuring comprehensive coverage of all necessary domains. This diversity is crucial for addressing the technical complexities, regulatory requirements, and strategic implications of quantum computing.

The team must be empowered with the authority to make decisions and implement changes across the organization. This empowerment ensures that the team can act decisively and effectively, without being hindered by bureaucratic obstacles.

Clearly defining roles and responsibilities within the team ensures accountability and streamlined operations. Each member should understand their specific duties and how they contribute to the overall goals of the quantum readiness program.

4.2.1. Practical Steps to Establish the Team

  1. Define the Scope and Objectives: Clearly outline the scope of the quantum readiness program, identifying specific goals, deliverables, and timelines. This includes conducting cryptographic inventories, transitioning to post-quantum cryptographic algorithms, and ensuring compliance with emerging standards. Set clear, measurable objectives for the team, such as completing a cryptographic inventory, developing a transition strategy, and implementing quantum-resistant cryptographic solutions.
  2. Select the Right Members: Include representatives from key departments such as IT, cybersecurity, legal, compliance, risk management, business operations, and research and development. Ensure that the team includes subject matter experts in cryptography, quantum computing, and relevant regulatory frameworks. These experts provide the necessary technical and strategic insights to guide the program.
  3. Assign Roles and Responsibilities: Appoint a team leader with strong project management skills and the authority to drive the program. The team leader will coordinate activities, manage resources, and ensure that milestones are met. Clearly define roles for each member, such as cryptographic analyst, cryptographic strategist, legal advisor, compliance officer, IT infrastructure lead, and business liaison. This clarity ensures that each aspect of the program is adequately covered. Establish accountability mechanisms to ensure that each member fulfills their responsibilities effectively. Regular progress reviews and performance metrics help maintain focus and drive results.
  4. Provide Necessary Resources and Support: Secure the necessary budget to support the team’s activities, including tools, training, and external consultancy if needed. Adequate funding is crucial for the success of the program. Provide the team with access to state-of-the-art tools and technologies for cryptographic analysis, data discovery, and systems inventory. These tools enable efficient and accurate assessments. Invest in training and education to ensure that all team members are up-to-date with the latest developments in quantum computing and cryptography. Continuous learning is essential in this rapidly evolving field.
  5. Develop a Detailed Action Plan: Create a detailed project plan that outlines the specific steps, timelines, and milestones for the quantum readiness program. This plan serves as a roadmap for the team’s activities. Identify potential risks and develop mitigation strategies to address them. Proactive risk management ensures that the program stays on track and adapts to challenges. Develop a communication plan to keep all stakeholders informed about the progress and key developments of the program. Transparent communication fosters trust and collaboration.
  6. Foster Collaboration and Continuous Improvement: Schedule regular meetings to review progress, address challenges, and make necessary adjustments to the plan. These meetings facilitate ongoing collaboration and problem-solving. Implement mechanisms to gather feedback from team members and other stakeholders to continuously improve the program. Feedback helps identify areas for enhancement and ensures that the program evolves effectively. Encourage the team to engage with industry forums, conferences, and working groups to stay informed about the latest trends and best practices. External engagement provides valuable insights and fosters innovation.

4.3. Launch an Awareness Campaign on Quantum Computing

The initial step in preparing for the impacts of quantum computing, once the project team is set up, is to launch an enterprise-wide awareness campaign. This is listed as the first step in most papers and guidances. This campaign should educate all levels of the organization about both the opportunities and risks associated with quantum computing. Here are some key recommendations on how to conduct this campaign:

Balance the Narrative: Avoid focusing solely on the fear, uncertainty, and doubt (FUD) often associated with quantum computing. While it’s important to discuss the challenges, including the potential risks to cryptography (as discussed in my Q-Day article), it’s equally important to highlight the opportunities that quantum computing presents. This balanced approach helps foster a realistic understanding of what quantum supremacy and CRQC will mean for your organization. Emphasizing the potential benefits, such as breakthroughs in optimization, materials science, and machine learning, can help engage stakeholders positively.

Tailored Communication Strategies: Develop multiple campaign streams with tailored messages for different groups of stakeholders within the organization. Some of the key stakeholder groups and their specific concerns might include:

  • Corporate Boards: Focus on strategic risks and opportunities, compliance, and the long-term impact on business models. Highlight the importance of proactive measures and investments in post-quantum cryptographic solutions to safeguard the organization’s future.
  • Executive Management: Address operational risks and the need for integrating quantum-safe practices into the organization’s security strategy. Discuss resource allocation, timelines for transitioning to quantum-resistant cryptography, and potential collaborations with industry and academic institutions for staying ahead of quantum advancements.
  • IT and Security Teams: Provide detailed information on the technical aspects of quantum computing threats, such as the vulnerabilities of current cryptographic systems and the specific post-quantum cryptographic algorithms recommended by standards bodies like NIST. Emphasize the importance of conducting a comprehensive cryptographic inventory and the steps needed for transitioning to quantum-resistant algorithms.
  • General Staff: Create easy-to-understand materials that explain the basics of quantum computing, its potential impact on their daily work, and the broader implications for the organization. Use engaging formats such as videos, infographics, and interactive sessions to ensure widespread understanding and retention.

Involve External Experts: Engage external experts and consultants to provide insights and training sessions on quantum computing. Collaborating with academic institutions, industry leaders, and specialized organizations can bring authoritative perspectives and up-to-date knowledge on quantum computing developments and their implications. Given that quantum computing is a nascent and complex field, misunderstandings are common. There have been instances where major companies tasked internal non-experts with preparing awareness materials, resulting in confusion and conflation of quantum computing with unrelated topics such as quantum mind theories and quantum mysticism.

Promote a Culture of Continuous Learning: Encourage a culture of continuous learning and curiosity about emerging technologies. Offer incentives for employees to participate in training programs and stay informed about the latest developments in quantum computing and cybersecurity.

4.3.1. Practical Steps to Launch an Awareness Campaign on Quantum Computing

  1. Define Objectives and Audience: Clearly define the goals of the awareness campaign. This might include educating employees about quantum computing fundamentals, explaining the potential risks and opportunities, and preparing the organization for future transitions to quantum-safe technologies. Segment the audience into different groups such as executives, IT staff, security teams, and general employees. Tailor the campaign messages to address the specific concerns and interests of each group.
  2. Develop Educational Content: Develop a range of educational materials, including whitepapers, articles, infographics, videos, and presentations. Ensure the content covers: basics of quantum computing and how it differs from classical computing; potential benefits, such as advancements in optimization, drug discovery, and cryptography; and, risks associated with quantum computing, particularly the threat to current cryptographic systems. Collaborate with quantum computing experts, academic institutions, and industry leaders to ensure the content is accurate and up-to-date. Use analogies and simplified explanations to make complex quantum computing concepts accessible to non-technical audiences.
  3. Tailor Communication Strategies: Provide high-level briefings for executives, focusing on strategic implications, potential business impacts, and the importance of proactive planning. Conduct detailed technical workshops for IT and security teams, explaining the specifics of quantum threats and mitigation strategies. Organize interactive sessions for general staff, using engaging formats such as quizzes, gamified learning, and interactive webinars.
  4. Utilize Multiple Communication Channels: Publish articles, updates, and educational content on the company intranet and through internal newsletters. Send targeted email campaigns with key messages and links to further resources. Host live webinars and workshops with Q&A sessions to address questions and concerns in real-time. Use posters and digital signage in common areas to reinforce key messages and maintain visibility of the campaign.
  5. Engage and Involve External Experts: Host guest speakers from academia, industry, and cybersecurity organizations to provide authoritative insights and firsthand experiences. Engage with industry groups and consortia focused on quantum computing to share knowledge and best practices.
  6. Monitor and Evaluate Effectiveness: Implement feedback mechanisms such as surveys, polls, and suggestion boxes to gather input from employees about the campaign’s effectiveness. Monitor participation rates in webinars, workshops, and other activities to gauge engagement levels. Use the feedback and engagement data to refine and adjust the campaign, ensuring it remains relevant and impactful.
  7. Maintain Momentum and Continuity: Keep the momentum going by providing regular updates on quantum computing advancements and related organizational plans. Offer ongoing learning opportunities such as advanced workshops, certification programs, and access to online courses. Periodically reinforce key messages through various communication channels to keep quantum computing risks and opportunities top of mind.

4.4. Engage External Parties for Knowledge Sharing and Collaboration

Quantum computing and PQC represent emerging fields with the potential to significantly impact organizations. However, the rapid development of these technologies and the scarcity of experienced professionals create substantial challenges. In this context, it is critical for organizations to engage with external entities such as NIST and other Standards Development Organizations (SDOs), local national cybersecurity agencies, academia, and industry consortia. Such engagement is essential for staying informed, accessing cutting-edge research, and building a robust security posture.

4.4.1. Engage with NIST and Other Standard Development Organizations

  • Stay Informed on Standards Development: Regularly monitor updates from NIST and other relevant standards bodies to stay abreast of the latest developments in PQC standards. Subscribe to newsletters, attend webinars, and participate in public comment periods. Staying informed helps ensure your organization is prepared for emerging standards and best practices.
  • Participate in Working Groups: Actively participate in working groups and committees focused on PQC. Involvement in these groups provides insights into emerging standards and offers opportunities to contribute to the development of new cryptographic methods. By being part of the conversation, your organization can influence the direction of standards development and stay ahead of regulatory changes.
  • Contribute to Standards Development: Offer feedback during public comment periods for draft standards. Sharing practical insights and challenges can help shape more effective and implementable standards. Engage in collaborative research projects with standards bodies to test and refine new cryptographic algorithms, accelerating the development of robust PQC solutions.

4.4.2. Collaborate with National Cybersecurity Agencies

  • Establish Regular Communication: Establish liaison relationships with local national cybersecurity agencies. Designate a point of contact within your organization to maintain regular communication and share information on emerging threats and best practices. Participation in advisory committees and working groups organized by these agencies can provide valuable insights into governmental priorities and initiatives.
  • Share Threat Intelligence: Join information-sharing programs and platforms facilitated by national cybersecurity agencies. Sharing threat intelligence enhances collective security and helps identify emerging threats more quickly. Transparent incident reporting to national agencies builds a comprehensive understanding of the threat landscape and informs the development of more effective defensive measures.

4.4.3. Engage with Academia

  • Collaborate on Research Projects: Partner with academic institutions on research initiatives focused on quantum computing and cryptography. These collaborations can lead to innovative solutions and provide access to cutting-edge research. Funding and grants to support academic research foster the development of new technologies and strengthen ties with the academic community.
  • Leverage Academic Expertise: Invite academic experts to conduct guest lectures, workshops, and training sessions for your organization. Engaging with academia provides valuable insights and helps build internal expertise. Attending and presenting at academic conferences related to quantum computing and cryptography offers opportunities to share knowledge, network with researchers, and stay informed about the latest advancements.

4.4.4. Collaborate with Industry Consortia and Peer Organizations

  • Join Industry Groups and Consortia: Join industry groups and consortia focused on cybersecurity and cryptography, such as the Quantum-Safe Security Working Group of the Cloud Security Alliance (CSA) or the European Quantum Industry Consortium (QuIC). Membership in these groups provides access to a wealth of resources and collaborative opportunities.
  • Share Best Practices and Experiences: Use knowledge-sharing platforms and forums facilitated by industry groups to exchange best practices and experiences with peer organizations. Publish case studies and white papers detailing your organization’s experiences with implementing PQC and achieving crypto-agility. Sharing these insights helps other organizations navigate similar challenges and fosters a culture of collective learning.

4.5. Preparing Your Third Parties for the Arrival of CRQC

The reality is that the majority of companies will not start preparing for the arrival of CRQC in a timely manner. If your organization begins its preparations now, as it should, a significant portion of your risk exposure will come through your third parties—providers of services, software, and infrastructure that are deeply embedded and interlinked with your systems.

At this point in the process, you should inform all your relevant partners and providers that in the coming months you will be working to understand your total quantum risk exposure, which will include assessing their readiness for quantum threats as well.

4.5.1. Practical Steps for Preparing Your Third Parties for the Arrival of CRQC

  1. Communicate Early and Clearly: Start by sending formal communications to your third-party vendors and partners, informing them about your quantum readiness initiatives. Explain the importance of preparing for CRQC and how it could impact not just your organization but the entire supply chain. Organize webinars or meetings to discuss quantum computing threats and the necessity of transitioning to quantum-safe cryptography. Provide educational materials such as whitepapers, articles, and videos that highlight the implications of quantum computing on current cryptographic systems. Providing this early heads-up helps maintain strong relationships with your suppliers by demonstrating transparency and proactive risk management.
  2. Collaborative Risk Assessment: Propose collaborative risk assessments where you can work together with your third parties to evaluate their current cryptographic practices and readiness for quantum threats. Develop a checklist or framework to guide the assessment process, ensuring all critical aspects are covered. This collaborative approach not only helps in identifying potential vulnerabilities but also fosters a sense of shared responsibility and partnership.
  3. Incorporate Quantum Readiness in Contracts: Review and update existing contracts to include clauses that require third parties to adhere to quantum-safe practices.Specify timelines and milestones for completing quantum readiness assessments and transitioning to quantum-resistant algorithms. Define clear compliance requirements and standards that third parties must meet to ensure alignment with your organization’s quantum security policies. Update your contractual agreements to include clauses that require third parties to adhere to quantum-safe practices and to undergo regular assessments. This contractual obligations ensures that your partners take the necessary steps to prepare for quantum threats, aligning their security measures with your own.
  4. Provide Resources and Support: Offer resources, such as guidelines, toolkits, and access to quantum computing experts, to help your third parties understand and implement quantum-safe practices. Offer access to quantum computing experts who can provide personalized advice and support to third parties. Consider hosting workshops or training sessions led by these experts to address specific concerns and challenges. Facilitate forums and communities of practice where third parties can share their experiences, challenges, and solutions related to quantum readiness. By supporting their efforts, you create a more resilient ecosystem that can collectively withstand the challenges posed by CRQC.
  5. Monitor and Review Progress: Establish mechanisms for regular monitoring and reviewing the progress of your third parties’ preparations. Use tools and platforms that allow for continuous tracking and reporting of their quantum readiness status. Periodic audits and assessments will help ensure that your partners are on track and that any gaps in their quantum readiness are addressed promptly. Provide feedback and recommendations based on audit findings to help them improve their preparedness.

Your proactive approach can motivate your suppliers to begin their own preparations, creating a ripple effect across your extended ecosystem. As more organizations within your network adopt quantum-safe practices, the overall resilience against CRQC threats is enhanced. By taking these steps, you not only reduce your organization’s risk exposure but also contribute to a broader industry movement towards quantum readiness.

4.6. Set Up Governance for Integrating Cryptographic Inventory, Sensitive Data Discovery, and Systems & Assets Inventory Projects

While most industry guidances emphasize the importance of conducting a cryptographic inventory, this step alone is insufficient for a comprehensive quantum readiness strategy. A cryptographic inventory identifies where and how cryptographic functions are implemented within your organization, but it does not provide the context necessary to prioritize these findings effectively. For example, discovering a highly vulnerable cryptographic module used solely to protect non-sensitive data within an otherwise closed, well-protected system would not warrant immediate action. Therefore, integrating cryptographic inventory with sensitive data discovery and classification, as well as systems and assets discovery and classification, is essential. This integrated approach ensures a more efficient and effective post-quantum migration plan. Beyond preparing for quantum threats, these discovery, classification and inventory effots will in other ways enhance your overall security, facilitate regulatory compliance, and help with operational efficiency improvements.

So, my recommendation is to conduct comprehensive inventories in three key areas: cryptographic implementations, sensitive data, and systems and assets. While each of these inventories serves distinct purposes and requires different methodologies, integrating and coordinating them is a prerequsite for a comprehensive and efficient quantum risk mitigation planning.

Cryptographic Inventory: This inventory identifies and assesses all uses of cryptography within the organization. It focuses on evaluating current cryptographic implementations and understanding their vulnerabilities to quantum threats.

Sensitive Data Discovery and Inventory: This inventory aims to discover, catalog, and classify all sensitive data within the organization. It ensures that in the quantum resistance planning, the focus of mitigation actions is appropriately allocated to protect the most sensitive data first.

Systems and Assets Inventory: This inventory catalogs, and classifies, all hardware and software assets within the organization. It provides visibility into the IT and OT infrastructure and helps prioritize quantum risk mitigation activities for most critical systems.

By conducting these inventories separately, cybersecurity teams can leverage specialized tools and methodologies tailored to each inventory’s unique requirements. However, integrating the findings and coordinating these efforts are essential for comprehensive quantum readiness efforts.

4.6.1. Practical Steps for Setting Up Governance for Integrating Cryptographic Inventory, Sensitive Data Discovery, and Systems & Assets Inventory Projects

  1. Define Objectives and Scope: Define the scope to include all systems, applications, and devices using cryptographic functions. Define the scope for sensitive data inventory as well. It should encompass all data repositories, including databases, filesystems, and cloud storage. Finally, define the scope for systems and assets inventory, which should include all network-connected devices and software applications.
  2. Develop Detailed Project Plans: Create detailed project plans with clear timelines and milestones for each inventory effort. Ensure that plans are realistic and achievable. Allocate necessary resources, including personnel, budget, and tools, to support the inventory efforts.
  3. Establish Integration and Coordination Mechanisms: Develop a comprehensive, unified framework that integrates all three inventories. This framework should outline the integration points, coordination mechanisms, and reporting structures. Schedule regular synchronization meetings to ensure that teams stay aligned and can share progress and challenges. Implement a centralized reporting system that consolidates findings from all inventories, enabling comprehensive analysis and decision-making.
  4. Normalize Collected Data: Recognize that the inventory information you gather will require continuous maintenance. Overlapping data points are inevitable, so it’s crucial to establish a records structure that is mutually exclusive and collectively exhaustive. Ensure all necessary information for cryptographic strategy development is included, while avoiding duplication and data inconsistencies. Store each relevant data element only once, maintaining a single source of truth.
  5. Conduct Periodic Reviews and Audits: Schedule periodic reviews and audits of the inventory processes and findings, coordinated across all these three categories of inventories, to ensure compliance with established standards and to identify areas for improvement. Regular audits help maintain the integrity and reliability of the inventories.

4.7. Perform Cryptographic Inventory

Performing a thorough cryptographic inventory will be your most important preparation step. Recommended by all major post-quantum security guidances and frameworks, this step is essential for understanding and mitigating quantum-related risks. However, it is often portrayed as a straightforward task, or even mentioned only in a passing implying that this step is easy, when in reality, it is a complex and lengthy exercise that requires extensive technical knowledge and coordination across the organization. Major organizations, based on my experience so far, should plan for this step alone to take one to two years of dedicated team effort. The situation is further complicated by cryptographic inventory tool vendors who may imply that their tools provide a complete solution. While these tools are invaluable in aiding the inventory process, they can never provide a 100% inventory on their own. A holistic approach combining tools, manual audits, and continuous monitoring is necessary to achieve a comprehensive cryptographic inventory.

Achieving a 100% cryptographic inventory is critical because leaving even a single cryptographic module left vulnerable can serve as an entry point for attackers, potentially compromising the entire network. In the context of quantum threats, traditional cryptographic algorithms like RSA and ECC will be rendered insecure, making it imperative to identify and remediate every instance where these algorithms are used. A thorough inventory ensures that all cryptographic implementations are accounted for, assessed for vulnerability, and prioritized for transition to quantum-safe algorithms.

4.7.1. Challenges With Cryptographic Inventory

The primary difficulty with this step lies in the sheer complexity and diversity of modern IT environments. Cryptographic functions are often deeply embedded in a wide range of applications, systems, and devices, making them difficult to discover. This is particularly true for legacy systems and third-party applications where documentation may be incomplete, outdated, or entirely absent. The distributed nature of modern IT architectures, including cloud services, microservices, and IoT devices, further complicates the task, as cryptographic implementations can be scattered across various environments and platforms.

4.7.2. Cryptographic Inventory Tools

There are number of very useful tools on the market that can help you with the initial cryptographic inventory. Some of the most well-known ones are listed below (in not particular order). Please note that I am not endorsing any of these tools, just providing the list for your convenience: SandboxAQ AQtive Guard; IBM Quantum Safe Explorer; Infosec Global AgileSec Analytics; Keyfactor The Crypto-Agility Platform.

When selecting automated tools for conducting a cryptographic inventory, it is crucial to ensure that the tools offer comprehensive coverage across various facets of the IT environment. Effective tools should have capabilities that include all of below:

  • Passive Network Traffic Monitoring: The tool should be capable of passively monitoring network traffic to identify any encrypted communications. This involves analyzing data packets to detect the use of secure protocols such as TLS/SSL, IPsec, and others. By highlighting all instances of encrypted communication, organizations can map out where cryptographic functions are being utilized across the network.
  • Runtime Application Monitoring: The tool should monitor applications at runtime to detect calls to known cryptography APIs. This real-time analysis can identify dynamically loaded libraries and cryptographic operations that are not evident in static code analysis. It ensures that all cryptographic uses, including those in memory or during specific application states, are accounted for.
  • Filesystem Scanning: Comprehensive filesystem scanning is essential to locate DLLs and other libraries known to contain cryptographic functions. The tool should search for and analyze these files to identify embedded cryptographic operations. This step helps in uncovering cryptographic implementations that might not be directly visible through code or network analysis.
  • Source Code Analysis: The tool should perform a thorough review of all accessible source code to identify any uses of cryptography. This includes scanning for known cryptographic libraries, functions, and custom implementations. Source code analysis provides a detailed understanding of how cryptographic techniques are applied within the organization’s applications and can reveal hard-coded keys or deprecated algorithms.

While automated tools play a crucial role in identifying cryptographic uses, they have significant limitations. Tools can help scan and detect cryptographic functions across the network, but they often fall short in uncovering non-standard or deeply embedded implementations. Automated tools might miss custom cryptographic algorithms, proprietary encryption methods, or cryptographic functions embedded within obscure code paths. Additionally, these tools may struggle with environments that have limited visibility, such as encrypted communication channels or protected storage areas, leading to gaps in the inventory.

4.7.3. Approach

To overcome these challenges, you should adopt a comprehensive approach that combines automated tools with manual methods. Begin by deploying automated scanning tools to cover the broad spectrum of the IT environment and identify obvious cryptographic implementations. Supplement this with manual code reviews and audits, particularly focusing on legacy systems, custom applications, and third-party software where automated tools might miss critical details. Engage with software developers, system architects, and third-party vendors to gain insights into less visible cryptographic uses.

Additionally, foster a culture of continuous discovery and improvement. Regularly update and audit the cryptographic inventory to account for new implementations and changes in the environment. Training and awareness programs for developers and IT staff can also help in recognizing and documenting cryptographic uses as they develop new systems and applications. By adopting a multi-faceted approach, organizations can achieve a more accurate and comprehensive cryptographic inventory, laying a strong foundation for transitioning to quantum-safe cryptography.

4.7.4. Practical Steps for Performing Cryptographic Inventory

  1. Preparation and Planning: Clearly outline the systems, applications, and data repositories included in the inventory. This should encompass servers, databases, applications, network devices, IoT devices, and any third-party systems. Establish the goals of the inventory, such as identifying cryptographic vulnerabilities, planning for migration to post-quantum cryptography (PQC), and ensuring compliance with security standards.
  2. Data Collection and Discovery: Deploy automated tools to monitor networks, analyze the file system, capture run-time calls to cryptographic functions, and scan all the source code for cryptographic calls. Supplement automated scanning with manual audits and reviews. Perform manual code reviews to uncover non-standard or deeply embedded cryptographic uses. Engage with developers, system architects, and third-party vendors to gather insights on cryptographic implementations that may not be visible through automated tools.
  3. Utilize Dependency Analysis Tools: In addition to automated scanning and manual reviews, use dependency analysis tools to trace and document the dependencies between various software components. These tools can help map out which components rely on specific cryptographic functions and how they interact with each other, providing a clearer picture of potential vulnerabilities and critical points in the system.
  4. Mapping Dependencies: Supplement automated dependency analysis with manual mapping and develop maps of system dependencies to understand how different components interact and rely on cryptographic functions.
  5. Integrate with Configuration Management Databases (CMDBs): Integrate your cryptographic inventory efforts with existing Configuration Management Databases (CMDBs) to maintain an up-to-date record of cryptographic assets. CMDBs can help track changes in the environment, heloing ensure that any new cryptographic implementations are added to the inventory.
  6. Consider Implementing a Cryptographic Management Platform: Deploy a cryptographic management platform to centralize the management and monitoring of all cryptographic keys, certificates, and algorithms. These platforms can provide real-time visibility into cryptographic assets, automate routine tasks such as key rotation, and enforce policies.
  7. Establish Continuous Monitoring and Updates: Use automated monitoring solutions to continuously track cryptographic implementations and detect changes. Set up alerting mechanisms to notify relevant teams of any deviations or new cryptographic instances detected.
  8. Conduct Regular Audits: Perform regular audits to verify the accuracy of the cryptographic inventory and ensure compliance with updated policies and standards. Maintain and update the cryptographic inventory regularly to reflect new applications, updates, and configurations.

4.8. Assess Cryptographic Vulnerabilities

After completing a thorough cryptographic inventory, the next critical step is to assess the vulnerabilities of these cryptographic systems. Before embarking on a comprehensive risk assessment that incorporates additional business context and dependencies, it is essential to evaluate the current cryptographic implementations in isolation to determine their susceptibility to quantum computing threats. For many of the identified cryptographic systems, the vulnerability assessment will be straightforward, as the algorithms used will be well-known and recognized as vulnerable. However, for some cryptographic implementations, additional approaches may be required to thoroughly assess their vulnerabilities. These approaches include:

Comprehensive Vulnerability Assessment Approaches: A comprehensive cryptographic vulnerability assessment will, to a large extent, be performed by the same automated tools above that will help you with the cryptographic inventory. However, for certain systems you might need to supplement the output of those tools with additional vulnerability assessments performed by other specialized tools or manually. Key approaches will include:

  • Dependency Mapping: Develop detailed maps of system dependencies to understand how different components rely on cryptographic functions. This helps identify critical points where vulnerabilities could have the most significant impact.
  • Static and Dynamic Code Analysis: Use both static and dynamic analysis tools to identify cryptographic functions and assess their security. Static analysis examines the code without execution, while dynamic analysis evaluates the behavior of cryptographic systems during runtime.
  • Configuration Audits: Perform detailed audits of cryptographic configurations across all systems and applications. Ensure that settings adhere to best practices and that there are no misconfigurations that could compromise security.

Cryptographic Health Check: This process involves a comprehensive review of all cryptographic implementations to identify weaknesses and ensure they adhere to current security standards. Key aspects of a cryptographic health check include:

  • Algorithm Review: Examine the cryptographic algorithms in use to ensure they are not deprecated or considered weak. Algorithms which are vulnerable to quantum attacks, should be flagged for replacement.
  • Key Length and Management: Assess the key lengths used in cryptographic operations. Ensure that key management practices follow best practices, including regular key rotation and secure key storage.
  • Protocol Analysis: Evaluate the cryptographic protocols in use to ensure they are configured correctly and do not use outdated or insecure settings.

Cryptographic Penetration Testing: Cryptographic penetration testing is a proactive approach to identifying vulnerabilities by simulating attacks on cryptographic systems. This method helps uncover weaknesses that may not be evident through static analysis alone. Key elements of cryptographic penetration testing include:

  • Exploiting Known Vulnerabilities: Test for known vulnerabilities in cryptographic implementations, such as weak algorithms, improper key management, and misconfigured protocols.
  • Custom Cryptographic Analysis: Assess proprietary or custom cryptographic algorithms and implementations for potential weaknesses.
  • Dynamic Testing: Conduct tests in a runtime environment to observe how cryptographic systems perform under attack conditions.

Storing and Integrating Assessment Results: To ensure that the findings from cryptographic vulnerability assessments are actionable and integrated into the broader security strategy, it is crucial to store the results alongside the cryptographic inventory. Utilizing a Configuration Management Database (CMDB) or a similar centralized repository can facilitate this integration. Key steps include:

  • Centralized Data Storage: Store all assessment results in a centralized repository to maintain a single source of truth. This repository should be accessible to relevant stakeholders, including security teams, system administrators, and compliance officers.
  • Regular Updates and Audits: Continuously update the repository with new assessment results and audit findings. Ensure that any changes to cryptographic implementations are promptly reflected in the repository.
  • Integration with Inventory: Ensure that the assessment data is linked to the corresponding entries in the cryptographic inventory. This integration allows for comprehensive analysis and informed decision-making regarding vulnerability remediation and prioritization.

4.8.1. Practical Steps for Assessing Cryptographic Vulnerabilities

  1. Preparation and Planning: Clearly outline the systems, applications, and data repositories included in the assessment. Establish the goals of the assessment.
  2. Utilize Static and Dynamic Code Analysis: Apply static analysis to examine code without execution and dynamic analysis to evaluate the behavior of cryptographic systems during runtime. This combination provides a thorough understanding of cryptographic uses and potential weaknesses.
  3. Conduct Cryptographic Health Checks: Perform comprehensive reviews of all cryptographic implementations to identify weaknesses. This includes examining algorithms, key lengths, management practices, and protocol configurations.
  4. Perform Cryptographic Penetration Testing: Simulate attacks on cryptographic systems to uncover vulnerabilities not evident through static analysis. Focus on known vulnerabilities, custom cryptographic implementations, and dynamic testing in runtime environments.
  5. Conduct Configuration Audits: Audit cryptographic configurations across all systems and applications to ensure adherence to best practices and identify misconfigurations that could compromise security.
  6. Update Dependency Maps: Update detailed maps of system dependencies to understand how different components interact and rely on cryptographic functions.
  7. Store and Integrate Assessment Results: Use a centralized repository, such as a CMDB, to store all assessment results. Regularly update the repository with new findings and ensure that any changes to cryptographic implementations are promptly reflected. Integrate the assessment data with the cryptographic inventory for comprehensive analysis and decision-making.

4.9. Sensitive Data Discovery and Classification

This process involves identifying, categorizing, and understanding the sensitivity of the data within an organization. When combined with the outcomes of a cryptographic inventory, it enables more effective and prioritized planning for transitioning to post-quantum cryptography (PQC).

Identifying data sensitivity and value is crucial because different types of data carry varying levels of sensitivity. Personally identifiable information (PII), financial records, intellectual property, and health records are examples of highly sensitive data that require stringent protection measures. Beyond sensitivity, the value of data to the organization and potential attackers should be assessed. This helps determine the level of security needed to protect it.

Regulatory compliance is another significant reason for performing sensitive data discovery and classification. Many industries are subject to regulations that mandate specific data protection measures. For example, GDPR, HIPAA, and PCI DSS have stringent requirements for handling sensitive data. Proper data classification ensures compliance with these regulations, helping to avoid fines and legal consequences.

Effective risk management is also facilitated by sensitive data discovery and classification. Knowing where sensitive data resides and its level of sensitivity allows for targeted security measures, optimizing resource allocation. Quick identification of impacted sensitive data during a breach enhances the efficiency and effectiveness of incident response efforts.

Integrating sensitive data discovery and classification with a cryptographic inventory is essential for contextualizing cryptographic vulnerabilities. Without knowing the sensitivity of the data protected by cryptographic implementations, it’s challenging to prioritize vulnerabilities effectively. Integrating data classification results with cryptographic inventory allows for a clear understanding of which cryptographic weaknesses pose the greatest risk to sensitive data. Understanding the type and sensitivity of data protected by each cryptographic instance helps in assessing the potential impact of a cryptographic failure, guiding more informed decision-making.

4.9.1. Practical Steps for Performing Sensitive Data Discovery and Classifications

  1. Define Data Sensitivity Criteria: Establish criteria for different levels of data sensitivity (e.g., public, internal, confidential, restricted). Develop standards and policies for classifying data based on its sensitivity and value to the organization.
  2. Conduct Data Discovery: Use automated data discovery tools to scan databases, file systems, cloud storage, and endpoints for sensitive data. Tools like Varonis, Digital Guardian, and Symantec Data Loss Prevention (DLP) are effective. Complement automated tools with manual reviews to identify sensitive data that automated tools might miss.
  3. Classify Data: Tag and label data according to its sensitivity and classification criteria. Ensure that all data, whether structured or unstructured, is appropriately classified. Maintain detailed records of data classifications, including the criteria used and the data owners.
  4. Monitor and Update: Implement continuous monitoring to track changes in data sensitivity and cryptographic implementations. Ensure that the classification and inventory remain current. Schedule regular audits to verify the accuracy and completeness of both the data classification and cryptographic inventory.

4.10. Critical Systems and Assets Discovery and Classification

This process involves identifying, cataloging, and understanding the roles and criticality of all IT assets within the organization. When combined with the outcomes of a cryptographic inventory, it enables more effective and prioritized planning for transitioning to post-quantum cryptography (PQC).

Different assets play varying roles within an organization, from critical infrastructure components to less critical auxiliary systems. Understanding these roles helps determine the importance of each asset and the level of protection it requires. For example, servers hosting sensitive customer data are more critical than development servers used for testing.

Properly cataloging and classifying IT assets allows for more efficient management of resources. This includes ensuring that critical systems have the necessary performance, reliability, and security measures in place, and optimizing the deployment of less critical resources.

Knowing the configuration and vulnerabilities of each asset is crucial for maintaining a robust security posture. This information helps in identifying weak points, ensuring that all critical assets are protected against potential threats.

Combining systems and assets discovery with cryptographic inventory helps contextualize where and how cryptographic methods are used within the IT infrastructure. This integration provides a clear understanding of which cryptographic implementations are protecting the most critical systems and data.

Integrating these inventories allows for more accurate risk assessments. By understanding the criticality of each asset and the sensitivity of the data it handles, organizations can prioritize the transition to PQC for the most important and vulnerable systems.

The integration of systems and assets discovery with cryptographic inventory enables strategic planning for post-quantum migration. This comprehensive approach ensures that resources are allocated efficiently and that the most critical systems and data are protected first.

4.10.1. Practical Steps for Performing Systems and Assets Discovery and Classification

  1. Define Asset Classification Criteria: Develop criteria for classifying assets based on their criticality, role, and the data they handle. This may include categories such as critical infrastructure, sensitive data processors, and auxiliary systems. Establish standards and policies for classifying assets to ensure consistency.
  2. Conduct Asset Discovery: Use automated asset management tools to scan the network and identify all connected devices and software applications. Tools like SolarWinds, ManageEngine, and ServiceNow CMDB are effective for this purpose. Complement automated discovery with manual checks to validate and supplement the findings.
  3. Classify Assets: Tag and label assets according to their classification criteria. Ensure that all hardware and software assets, whether physical or virtual, are appropriately classified. Maintain detailed records of asset classifications, including the criteria used and the asset owners.

4.11. Keep Inventories Up to Date

Once an organization has conducted comprehensive cryptographic, sensitive data, and systems and assets inventories, it is essential to keep these inventories constantly up to date. Continuous updates ensure that the organization remains aware of new vulnerabilities, changes in data sensitivity, and modifications in system configurations. This proactive approach is crucial for maintaining robust security and preparedness for quantum computing threats. This chapter outlines strategies and practical steps to maintain these inventories effectively.

4.11.1. Practical Steps to Maintain Up-to-Date Inventories

  1. Continuous Monitoring: Implement tools such as SolarWinds for systems and assets monitoring, Varonis for data discovery and classification, and AppDynamics for cryptographic monitoring. These tools should be configured to provide real-time updates and alerts for any changes. Configure alerts for significant changes or anomalies detected by the monitoring tools. Ensure these alerts are sent to relevant personnel for immediate action.
  2. Regular Audits: Plan for regular audits (e.g., quarterly or bi-annually) to review and verify the inventories. Ensure these audits cover all aspects of cryptographic implementations, data sensitivity, and system configurations. Conduct audits after significant changes, such as system upgrades, data migrations, or new software deployments, to ensure the inventories are updated accordingly.
  3. Continuous Improvement Culture: Provide ongoing training for staff on the importance of maintaining up-to-date inventories and how to report changes or anomalies. Ensure that training materials are updated regularly to reflect the latest best practices and technologies. Run awareness programs to keep inventory maintenance top-of-mind for employees. Use newsletters, posters, and internal communications to reinforce the importance of accurate inventories.
  4. Integration with Change Management: Ensure that any changes to systems, data, or cryptographic implementations are documented as part of the change management process. Use change management tools like ServiceNow to track and manage these changes. Integrate inventory updates into the change management workflow to ensure that all changes are reflected in the inventories promptly. This includes updating asset tags, data classifications, and cryptographic configurations.
  5. Collaboration and Feedback: Facilitate regular meetings between IT, cybersecurity, compliance, and business units to discuss inventory updates and address any discrepancies. Establish feedback mechanisms, such as suggestion boxes or regular check-ins, to gather input from staff on inventory accuracy and comprehensiveness.

Maintaining up-to-date cryptographic, sensitive data, and systems and assets inventories is crucial for effective quantum readiness and overall cybersecurity. By implementing continuous monitoring, scheduling regular audits, fostering a culture of continuous improvement, integrating inventory management into change management processes, and leveraging collaboration and feedback mechanisms, organizations can ensure their inventories remain accurate and comprehensive. This proactive approach not only prepares organizations for quantum threats but also enhances their overall security posture and operational efficiency.

4.12. Perform Risk Assessment and Prioritize for Remediation

With a thorough cryptographic inventory and vulnerability assessment completed, as well as the Sensitive Data Discovery and Classification and Critical Systems and Assets Discovery and Classification, the next key step is to conduct a comprehensive risk assessment. This process will incorporate additional business context and dependencies, ensuring that quantum computing threats are evaluated within a broader organizational framework. By supplementing the above information with business impact assessments (BIAs), IT network maps, and current cybersecurity controls, you can develop a holistic view of their risk landscape.

4.12.1. Practical Steps to Performing Risk Assessment and Prioritization for Remediation

  1. Evaluate Cryptographic Vulnerabilities: Begin by examining the results of your cryptographic vulnerability assessments. Identify which systems are at risk from quantum computing threats and categorize these vulnerabilities based on their severity and potential impact.
  2. Analyze Sensitive Data Exposure: Assess the cryptographic systems protecting sensitive data. Determine the potential consequences if these systems were compromised by quantum attacks. This step is crucial for understanding the broader implications of cryptographic failures.
  3. Review System and Asset Criticality: Evaluate the importance of systems and assets protected by cryptographic functions. Identify which components are critical for business operations and assess the potential disruptions or losses if they were compromised.
  4. Map Network Exposure: Use IT network maps to understand the exposure of vulnerable cryptographic systems. Determine whether these systems are exposed to the internet, exist in semi-trusted zones, or are fully isolated within the internal network. This information is essential for assessing the likelihood of quantum threats exploiting these vulnerabilities.
  5. Integrate Business Impact Assessments (BIA): Incorporate BIA data to understand the broader business impact of potential cryptographic failures. Identify key business processes that rely on at-risk cryptographic systems and assess the operational, financial, and reputational impacts of potential breaches.
  6. Evaluate Existing Cybersecurity Controls: Review the current cybersecurity measures in place that may mitigate some of the identified risks. Assess the effectiveness of these controls in protecting against quantum threats and identify areas where enhancements or additional measures are needed.
  7. Risk Score and Rank: Develop a risk scoring system to rank identified vulnerabilities. Consider factors such as severity, sensitivity of protected data, criticality of systems, and exposure to potential threats.

4.13. Develop Your Cryptographic Strategy

Developing a comprehensive cryptographic strategy is a complex and multi-faceted undertaking. With the results from the risk assessment in hand, it’s now essential to incorporate various other factors to formulate a robust and effective strategy. This process requires a thorough understanding of budget limitations, organizational risk appetite, and risk tolerance, as well as expert understanding of the various remediation and risk reduction options.

Identifying and prioritizing the replacement or upgrade of critical systems is a key aspect of the strategy. Systems that handle the most sensitive data or critical operations should be the first to transition to PQC. This prioritization ensures that the most vulnerable parts of the infrastructure are secured early, reducing overall risk. A replacement or an upgrade might not always be feasible which is why, as part of this strategy development, you have to look at various other compensatory and interim approaches.

Finally, consider leveraging the remediation effort to simultaneously achieve crypto-agility for your organization. Crypto-agility refers to the ability to quickly and efficiently switch between cryptographic algorithms and protocols as needed. This capability is crucial for maintaining robust security in a dynamic post-quantum world where cryptographic standards may change frequently. Implementing a crypto-agile framework ensures organizations can adapt to new threats and standards without significant disruptions. For more information see “Introduction to Crypto-Agility.”

4.13.1. Understanding Risk Mitigation Options

4.13.1.1. Strengthening Cybersecurity Controls

Some systems can have their risk reduced by bolstering the security controls around them. This involves enhancing isolation mechanisms and improving surrounding cybersecurity measures to lower the risk of breaches.

  • Network Segmentation: Divide the network into segments to limit the spread of an attack. Isolate critical systems to prevent unauthorized access.
  • Access Controls: Implement stringent access control measures, including multi-factor authentication and role-based access controls, to restrict access to sensitive systems.
  • Monitoring and Logging: Enhance monitoring and logging to detect and respond to anomalies quickly. Use intrusion detection systems (IDS) and security information and event management (SIEM) solutions to track suspicious activities.

By improving the security posture of dependent systems, the overall risk associated with the primary system is mitigated. This approach can be cost-effective and quicker to implement than replacing or upgrading cryptographic functions.

4.13.1.2. Tokenization

Tokenization replaces sensitive data with unique identifiers (tokens) that retain essential information without exposing the actual data. The actual data is stored separately and securely, reducing the risk if the tokenized data is exposed. This method reduces the risk of data breaches and complements traditional cryptographic techniques. Tokenization is particularly effective in environments where data security is critical, such as payment processing and personal data protection. By tokenizing some sensitive data, the scope of critical cryptographic systems could be reduced.

  • Tokenization Platform: Deploy a tokenization platform that securely maps sensitive data to tokens.
  • Secure Storage: Ensure the actual sensitive data is stored in a highly secure environment with robust access controls.
  • Data Masking: Implement data masking techniques alongside tokenization to further obscure sensitive data during processing and analysis.

Tokenization minimizes the exposure of sensitive data, reducing the potential impact of a breach. It also simplifies compliance with data protection regulations by limiting the scope of data that needs to be protected.

For more information on tokenization, see: Evaluating Tokenization in the Context of Quantum Readiness.

4.13.1.3. Vendor Dependence

For systems reliant on third-party vendors for cryptographic updates, it is crucial to engage these vendors early and ensure they are aligned with your security requirements.

  • Vendor Communication: Establish clear communication channels with vendors to discuss the necessity and timeline for cryptographic upgrades.
  • Contracts and SLAs: Update contracts and service level agreements (SLAs) to include requirements for timely cryptographic updates and quantum-resilient solutions.
  • Vendor Assessments: Regularly assess vendors’ capabilities to ensure they meet security standards and are proactive in addressing quantum threats.

Early engagement with vendors ensures that they are prepared to provide the necessary updates and support. This proactive approach helps avoid delays and ensures that systems remain secure.

4.13.1.4. Direct Upgrades

For systems where cryptographic modules are easily upgradeable, plan and execute these upgrades in a coordinated manner to ensure minimal disruption.

  • Upgrade Plan: Develop a detailed upgrade plan, including timelines, resource allocation, and testing phases.
  • Testing and Validation: Conduct thorough testing and validation of new cryptographic implementations to ensure they function correctly and securely.
  • Deployment: Roll out upgrades in phases, starting with non-critical systems and gradually extending to critical systems to manage risk and complexity.

Direct upgrades to quantum-resistant cryptographic algorithms ensure that systems are protected against future quantum threats. This approach can be systematically planned and executed, reducing long-term security risks.

4.13.1.5. Hybrid Approaches

Hybrid cryptographic approaches combine classical cryptography with PQC algorithms. This method leverages the strengths of both types of cryptography, using classical algorithms for performance-sensitive operations and PQC algorithms for long-term data protection. Hybrid methods allow for a smoother transition to PQC by balancing security and performance needs. It could also serve as interim, temporary measure until a full upgrade is performed. More on this below.

  • Hybrid Schemes: Implement hybrid cryptographic schemes that use classical algorithms for performance-sensitive operations and PQC algorithms for long-term security.
  • Evaluation: Continuously evaluate the effectiveness of hybrid approaches to ensure they maintain an acceptable level of security.
  • Transition Plan: Develop a plan for transitioning from hybrid schemes to fully quantum-resistant algorithms as they mature and become more practical.

Hybrid approaches provide a balanced solution that enhances security without significantly impacting performance. They offer a transitional strategy while full PQC adoption is being planned.

4.13.1.6. Critical Legacy Systems

In the process of mitigating risks associated with quantum threats, you will inevitably encounter systems—often legacy ones—for which no other remediation options are viable. These systems, due to their age, complexity, or bespoke nature, may not be suitable for direct upgrades, tokenization, or the application of hybrid cryptographic methods. As a result, these systems may become candidates for complete replacement. Given the potential scale and expense of such projects, it is crucial to plan for them as early as possible.

  • Assessment and Identification: Begin by conducting a thorough assessment of your infrastructure to identify legacy systems that are critical to business operations but cannot be feasibly upgraded to support post-quantum cryptographic algorithms. These systems often have outdated hardware and software dependencies, lack vendor support, or are so integrated into the business processes that any change poses significant risks.
  • Risk Evaluation: Evaluate the specific risks posed by these legacy systems. Determine the potential impact on security, compliance, and operational continuity if these systems remain unprotected against quantum threats. Assess the likelihood of these systems being targeted and the consequences of a breach.
  • Comprehensive Planning: Developing a replacement strategy for critical legacy systems involves comprehensive planning. This strategy should outline the scope of the replacement, timelines, required resources, and projected costs. Given the complexity and scale of these projects, involve cross-functional teams including IT, security, compliance, finance, and business units from the outset.
  • Budgeting and Resource Allocation: Secure the necessary funding and resources to support these large-scale projects. Replacement of critical systems can be extremely costly and resource-intensive, often requiring new hardware, software, and significant integration efforts. Early budgeting and allocation ensure that the project does not stall due to financial constraints.
  • Vendor and Solution Evaluation: Evaluate potential vendors and solutions that can replace the legacy systems. Look for solutions that are not only compatible with your current environment but also offer future-proofing against evolving cryptographic standards. Ensure that chosen vendors have a proven track record in delivering complex system replacements.
  • Phased Approach: Implement a phased approach to replacing critical legacy systems. If possible. This methodical process helps manage risks and ensures minimal disruption to business operations. It allows for incremental testing and validation of new systems before full-scale deployment.
  • Integration and Testing: Thoroughly test new systems to ensure they integrate seamlessly with existing infrastructure and business processes. Validate that the new systems meet all security, performance, and compliance requirements. Continuous testing and validation are crucial to identifying and resolving issues early.

Addressing such legacy systems ensures that even the most vulnerable parts of the infrastructure are secured. Planning for their replacement minimizes long-term security risks and aligns with future-proofing the organization’s IT landscape.

4.13.2. Practical Steps for Cryptographic Strategy Development

  1. Assess Budget and Risk Appetite: Understand the financial constraints and risk tolerance of the organization. This understanding will guide prioritization and ensure that the strategy is realistic and aligns with organizational goals.
  2. Evaluate Interdependencies: Carefully consider the business and financial interdependencies, in addition to technical interdependencies evaluted in previous steps. Changes in one area can impact another, and spending limited budget on one initiative might reduce available resources for others. Plan for these interdependencies to avoid unintended consequences.
  3. Categorize Remediation Options: Based on the risk assessment, categorize cryptographic systems into different remediation buckets described above.
  4. Develop a Phased Implementation Plan: Based on comprehensive inventories and the related risk assessment, create a detailed phased implementation plan outlining steps, timelines, and resources required for transitioning to PQC. Begin with pilot projects in non-critical systems to gain insights and gradually extend to more critical systems.
  5. Prioritize Critical Systems: Focus on systems handling the most sensitive data and operations. Develop a roadmap for upgrading or replacing these systems with PQC-ready solutions to minimize risk and ensure data protection.
  6. Implement Hybrid Cryptographic Methods: Balance security and performance by using classical algorithms for real-time, performance-sensitive operations, and PQC algorithms for long-term data protection. This approach helps maintain operational efficiency while enhancing security.
  7. Enhance Data Security Through Tokenization: Replace sensitive data with tokens to reduce the risk of exposure. Tokenization acts as an additional security layer, complementing your overall cryptographic strategy and protecting critical information.
  8. Build a Crypto-Agile Framework: Establish a framework that allows for rapid adoption and deployment of new cryptographic algorithms. Update cryptographic libraries, protocols, and systems to support easy integration and replacement of cryptographic methods, ensuring your organization can quickly adapt to new threats and standards.

4.14. Hybrid and Interim Strategies for Protecting Data Against Quantum Threats Without Implementing Full Post-Quantum Cryptography

While post-quantum cryptography (PQC) is being developed and standardized, some users may be reluctant to adopt these new technologies prematurely due to the risks and complexities associated with non-standardized systems. However, there are strategies available to protect data immediately against future quantum threats without immediately implementing PQC. These approaches should be considered as a part of your comprehensive post-quantum strategy.

4.14.1. Retained Shared Secrets

One such strategy involves the use of retained shared secret data in the key derivation process, supplementing the key material obtained from public key operations. Retained shared secrets approaches, which leverage concepts from from protocols like ZRTP (Zimmermann Real-time Transport Protocol), rely on pre-shared pieces of information that are known only to the communicating parties. Unlike keys derived from public key infrastructure (PKI), which are vulnerable to quantum attacks, retained shared secrets are not exchanged over potentially insecure channels and therefore remain secure even against quantum adversaries. By combining these secrets with the key material obtained through traditional public key operations, users can enhance the security of their cryptographic systems.

The key derivation process involves generating cryptographic keys from a combination of inputs. In this strategy, the derived key is constructed using both the retained shared secret and the key material from a public key operation (e.g., RSA or ECC). This dual-input approach ensures that even if the public key operation is compromised by a quantum computer, the retained shared secret provides an additional layer of security, making it significantly more difficult for an attacker to derive the full cryptographic key.

ZRTP is an example of a Retained Shared Secret approach. It’s a cryptographic key-agreement protocol mostly used in VoIP (Voice over IP) communications, designed by Phil Zimmermann. It establishes a secure communication channel by combining Diffie-Hellman key exchange with retained shared secrets. The protocol is independent of the underlying transport layer and works by exchanging hashed values of the shared secret over the communication channel. Key steps in the protocol include:

  1. Initial Key Exchange: During the initial setup, ZRTP performs a Diffie-Hellman key exchange to establish a session key.
  2. Hash Comparison: The parties compare short authentication strings (SAS) derived from the session key to verify the integrity of the exchange.
  3. Retention of Shared Secret: The protocol allows for the retention of shared secrets between sessions, which are used to strengthen the key exchange in subsequent communications.

Security benefits of the approach include:

  • Forward Secrecy: ZRTP provides forward secrecy by ensuring that session keys are ephemeral and not stored long-term.
  • Resistance to Man-in-the-Middle Attacks: The comparison of SAS ensures that any tampering with the key exchange is detected by the communicating parties.
  • Enhanced Security with Retained Secrets: By retaining shared secrets, ZRTP enhances the security of subsequent sessions, making it more resilient to potential attacks, including those from quantum computers.
4.14.1.1. Retained Shared Secrets: Viable Interim Solution?

The approach provides immediate enhancement of security. Implementing retained shared secrets does not require a complete overhaul of the existing cryptographic infrastructure. Organizations can integrate shared secrets into their current key derivation processes, providing an immediate boost to security.

While not entirely quantum-proof, retained shared secrets add an additional layer of security that quantum computers cannot easily compromise. This approach delays the impact of quantum threats on critical communications and data.

Implementing this strategy comes with specific practical considerations. One major drawback is the need to maintain and securely store pairwise shared secret data. Each pair of communicating entities must have a unique shared secret that they retain over time. This requirement imposes a stateful architecture, where systems must remember and manage previous interactions. Consequently, this approach is best suited for environments with a limited number of peers, such as a closed network of trusted devices or partners, rather than open, large-scale systems with numerous and dynamic connections.

In real-world applications, this strategy can be particularly useful for systems that already maintain state and have relatively stable and limited sets of peers. For instance, within an organization, internal communications between critical systems can employ retained shared secrets to bolster security without needing immediate PQC adoption. Similarly, secure channels between long-term business partners or between a company and its remote offices can benefit from this approach, ensuring that their communications remain secure.

4.14.1.2. Practical Steps to Implement Retained Shared Secrets:
  1. Establish Secure Initial Communication for Key Exchange and Secret Sharing: Use a secure initial communication channel to exchange the shared secrets. This could be done in person, over a secure phone call, or using a pre-existing secure channel. Generate strong shared secrets using a high-entropy random number generator (or a QRNG) to ensure they are difficult to guess or brute-force.
  2. Store Shared Secrets Securely: Store the shared secrets in a secure, encrypted form using a hardware security module (HSM), secure enclave, or a well-protected software solution. Ensure that only authorized entities have access to the shared secrets and implement strict access controls and audit logging.
  3. Integrate Shared Secrets into Key Derivation: Use a robust key derivation function (e.g., HKDF – HMAC-based Extract-and-Expand Key Derivation Function) that can combine the shared secret with the key material from public key operations. Ensure that the KDF is resistant to known cryptographic attacks and follows best practices for security.
  4. Implement Stateful Systems: Design your systems to maintain state, ensuring that the shared secrets are persistently stored and managed. Implement mechanisms to manage the lifecycle of shared secrets, including rotation, expiration, and revocation procedures.
  5. Limit the Set of Peers: Restrict the use of retained shared secrets to a limited set of trusted peers. This reduces complexity and enhances security. Establish policies and procedures for managing the peer group, including adding and removing peers securely.
  6. Regularly Rotate Shared Secrets: Implement regular rotation of shared secrets to minimize the risk of long-term exposure. Automate the rotation process where possible. Ensure that new secrets are securely distributed and stored, replacing the old ones without service interruption.
  7. Monitor and Audit: Continuously monitor the usage of shared secrets and key derivation processes to detect any anomalies or unauthorized access. Conduct regular audits of the system to ensure compliance with security policies and to identify any potential weaknesses.
  8. Educate and Train Staff: Provide training for staff on the importance of secure key management and the specific procedures for handling retained shared secrets. Ensure that all relevant personnel understand the security implications and operational requirements of using shared secrets.

4.14.2. Hybrid Cryptographic Schemes

Hybrid cryptographic schemes combine classical and quantum-resistant algorithms to provide an additional layer of security. By using both types of algorithms together, organizations can ensure that even if one is compromised, the other remains secure. For instance, a hybrid scheme could involve using RSA or ECC for key exchange alongside a quantum-resistant algorithm like lattice-based cryptography. This approach leverages the strengths of both types of cryptography, providing a more robust security framework.

In practical terms, implementing a hybrid scheme involves setting up a key exchange protocol that derives a shared secret from both the classical and quantum-resistant algorithms. This shared secret can then be used for subsequent symmetric encryption, ensuring that the data remains secure even if one of the key exchange methods is broken by a quantum attack.

Hybrid cryptographic schemes are particularly suitable for scenarios where immediate quantum resistance is desired without completely overhauling the existing cryptographic infrastructure. They are ideal for: securing long-term data such as classified government information or long-term financial records; for high-value transactions; for security during a transition period towards PQC.

While hybrid cryptographic schemes offer enhanced security, they also come with several challenges:

  • Increased Complexity: Combining classical and quantum-resistant algorithms adds complexity to the cryptographic protocols, which can increase the risk of implementation errors.
  • Performance Overhead: The use of multiple cryptographic algorithms can lead to increased computational overhead, impacting the performance of cryptographic operations.
  • Compatibility Issues: Ensuring compatibility between classical and quantum-resistant algorithms can be challenging, particularly when integrating with existing systems and protocols.
  • Cryptographic Key Management: Managing and securely storing multiple cryptographic keys for different algorithms can complicate key management processes.
4.14.2.1. Practical Steps to Implement Hybrid Cryptographic Schemes
  1. Choose Appropriate Algorithms: Select both classical and quantum-resistant algorithms that are well-suited for your specific use case. For instance, pair RSA or ECC (Elliptic Curve Cryptography) with a quantum-resistant algorithm like a lattice-based cryptosystem (e.g., Kyber or NTRU).
  2. Design Key Exchange Protocol: Develop a key exchange protocol that incorporates both classical and quantum-resistant methods. A typical approach is to generate two separate key pairs (one classical and one quantum-resistant) and use them in parallel to derive a shared secret.
  3. Combine Keys: Use a key derivation function (KDF) to combine the keys obtained from both classical and quantum-resistant key exchanges. This combined key can then be used for subsequent encryption operations. For example, you might XOR the two keys or use a more complex KDF to ensure that the resultant key benefits from the security properties of both inputs.
  4. Integrate into Existing Systems: Ensure that the hybrid scheme can be integrated into your existing cryptographic systems and protocols. This might involve modifying existing libraries and applications to support the additional quantum-resistant operations.
  5. Performance Optimization: Optimize the performance of the hybrid cryptographic operations to minimize the impact on system efficiency. This could involve selecting more efficient quantum-resistant algorithms or optimizing the implementation of the hybrid protocol.
  6. Testing and Validation: Rigorously test the hybrid cryptographic scheme to ensure that it meets security requirements and performs as expected. This should include both functional testing to verify correctness and performance testing to assess the impact on system resources.

4.14.3. Ephemeral Key Exchange

Ephemeral key exchange refers to a cryptographic process where temporary keys are generated for each session or transaction. These keys are used only for the duration of the session and then discarded, providing enhanced security by ensuring that even if keys are compromised, they cannot be used to decrypt past communications. This technique is particularly important for ensuring forward secrecy, which means that compromising one key does not affect the security of past sessions. In protocols like TLS (Transport Layer Security), ephemeral Diffie-Hellman (DHE) key exchanges can be employed to ensure forward secrecy.

4.14.3.1. Practical Steps to Implement Ephemeral Key Exchange
  1. Choose a Suitable Protocol: Select a protocol that supports ephemeral key exchange. Common protocols include TLS (Transport Layer Security): Versions 1.2 and 1.3 support ephemeral Diffie-Hellman (DHE) key exchange; SSH (Secure Shell) supports ephemeral key exchanges to secure remote login sessions; IKE (Internet Key Exchange) for IPsec supports ephemeral key exchange for establishing VPN tunnels.
  2. Configure the Protocol for Ephemeral Key Exchange: Ensure your TLS configuration uses cipher suites that support DHE or ECDHE (Elliptic Curve Diffie-Hellman Ephemeral). Example cipher suites include TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and TLS_DHE_RSA_WITH_AES_256_GCM_SHA384.
  3. SSH Configuration: Configure SSH to use ephemeral key exchange methods such as diffie-hellman-group-exchange-sha256. Update the SSH configuration file (/etc/ssh/sshd_config) to include these methods.
  4. IPsec Configuration: Configure the IKE settings to use ephemeral Diffie-Hellman groups. Ensure that the IPsec policy includes options like modp2048 or modp3072 for stronger ephemeral key exchanges.
  5. Implement Key Exchange Mechanism: During the session initiation, generate ephemeral key pairs for each party involved in the communication. Use a secure random number generator to ensure the keys are unique and unpredictable.
  6. Perform Key Exchange: Exchange the public components of the ephemeral keys using the chosen protocol. Both parties use their private keys and the received public key to compute a shared secret.
  7. Derive Session Keys: Use a key derivation function (KDF) to derive session keys from the shared secret. These session keys are then used for encrypting and decrypting the communication for the duration of the session.
  8. Discard Ephemeral Keys After Use: Once the session ends, securely discard the ephemeral keys. Ensure that no ephemeral key material is retained in memory or storage.
  9. Key Management Practices: Regularly update the system’s key management policies to ensure ephemeral keys are handled securely. Conduct periodic audits to verify that ephemeral key exchange practices are followed correctly.
  10. Monitor and Maintain: Monitor the implementation of ephemeral key exchanges to detect any anomalies or security issues. Use intrusion detection systems (IDS) to identify potential breaches related to key management.
  11. Regular Updates: Keep the cryptographic libraries and protocols updated to protect against emerging threats. Ensure that the latest security patches are applied to maintain the integrity of the key exchange mechanisms.

4.14.4. Split Key Encryption

Split key encryption, also known as secret sharing, involves dividing a cryptographic key into multiple parts and distributing these parts among different parties. Each part of the key is useless on its own and requires a certain number of parts to be recombined to reconstruct the original key. This approach ensures that no single entity holds the complete key, making it significantly harder for an attacker to compromise the encryption.

An example of this is Shamir’s Secret Sharing scheme, where a key is split into several pieces, and only a subset of these pieces is needed to reconstruct the key. This method can be used in conjunction with other cryptographic techniques to enhance security and protect against quantum threats.

Like the other schemes here, implementing Split Key Encryption has its challenges. For example, the process of splitting and reconstructing keys adds complexity to the cryptographic system. Securely managing and distributing the key shares requires robust key management practices. And, the additional computational steps involved in splitting and reconstructing keys can impact performance.

4.14.4.1. Practical Steps to Implement Split Key Encryption
  1. Choose a Secret Sharing Scheme: For example, Shamir’s Secret Sharing is one of the most widely used secret sharing schemes. It splits the secret into parts such that any threshold number of parts can be used to reconstruct the secret. Or, Blakley’s Scheme is another method that uses geometric intersections to share secrets.
  2. Define Parameters: Threshold (k) – The minimum number of shares required to reconstruct the secret; and Total Shares (n) – The total number of shares to generate.
  3. Generate Key Shares: For example, using Shamir’s Secret Sharing: Choose a Prime Number (p) larger than the secret. Then construct a polynomial of degree k-1 where the constant term is the secret. Finally, evaluate the polynomial at n different non-zero points to generate the shares.
  4. Distribute Shares Securely: Use secure channels (e.g., encrypted email, secure file transfer) to distribute the shares to different parties. For highly sensitive keys, consider distributing some shares physically (e.g., on USB drives) in secure locations.
  5. Store Shares Securely: Encrypt each share before storage to provide an additional layer of security. Implement strict access controls to ensure that only authorized entities can access the shares.
  6. Reconstruct the Key: To reconstruct the key, any k shares are sufficient. Gather the required (at least k) number of shares. Apply Lagrange interpolation to reconstruct the polynomial and retrieve the secret.
  7. Regular Rotation and Management: Periodically regenerate and redistribute key shares to minimize the risk of long-term exposure. Regularly audit the management and access of key shares to ensure compliance with security policies.

Conclusion

The journey towards quantum resistance is not merely about staying ahead of a theoretical threat but about evolving our cybersecurity practices in line with technological advancements. Starting preparations now ensures that organizations are not caught off guard when the landscape shifts. It’s about being informed, vigilant, and proactive—qualities essential to navigating any future technological shifts.

Avatar of Marin Ivezic
Marin Ivezic
 | Website

For over 30 years, Marin Ivezic has been protecting critical infrastructure and financial services against cyber, financial crime and regulatory risks posed by complex and emerging technologies.

He held multiple interim CISO and technology leadership roles in Global 2000 companies.