The National Security Agency (NSA) expects National Security Systems (NSS) owners and vendors to start using post-quantum algorithms by 2035.
To plan for that goal, NSA recommended that NSS vendors begin to prepare for upcoming post-quantum algorithmic requirements needed on classical networks that harbor sensitive data related to national security.
However, NSA explained that NSS owners and vendors should not deploy quantum-resistant algorithms on mission networks until vetted by the National Institute of Standards and Technology (NIST) and the National Information Assurance Partnership (NIAP). There will be a transition period for that process, for which NSA will release NSS transition requirements.
“We want people to take note of these requirements to plan and budget for the expected transition, but we don’t want to get ahead of the standards process,” Rob Joyce, director of NSA Cybersecurity, said in a press release.
The Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) cybersecurity advisory outlines NSA’s new encryption standards.
The algorithms in CNSA 2.0 are an update to those in the currently required CNSA 1.0. The upgraded algorithm includes new public and symmetric key encryption and software and firmware updates. CNSA 2.0 algorithms were analyzed and deemed secure against classical and quantum computers.
In addition, NSA’s CNSA 2.0 algorithm selections are based on NIST’s recently announced selections for standardization for quantum-resistant cryptography. NSA also urged NSS owners and vendors to pay attention to NIST selections and the future requirements outlined in CNSA 2.0, while CNSA 1.0 compliance continues to be required in the interim.
“This transition to quantum-resistant technology in our most critical systems will require collaboration between government, National Security System owners and operators, and industry,” said Joyce. “Our hope is that sharing these requirements now will help efficiently operationalize these requirements when the time comes.”