The President’s National Security Telecommunications Advisory Committee (NSTAC) announced during its quarterly meeting today that the group plans to study the government’s national preparedness for its transition to post-quantum cryptography (PQC).
The National Institute of Standards and Technology (NIST) published three standards for PQC earlier this month and urged organizations to begin integrating them into their systems.
NSTAC said its new study topic will identify barriers to the adoption of quantum-resistant cryptography and develop recommendations to eliminate roadblocks and encourage adoption of the new cryptographic standards.
The committee is housed within the Cybersecurity and Infrastructure Security Agency (CISA) and is made up of private sector experts who advise the White House on telecommunications issues that affect national security and emergency preparedness.
“The potential for quantum computers to break existing cryptographic systems poses a significant threat to national and economic security, network security, and more,” said Noopur Davis, NSTAC member and Comcast’s chief information security and product privacy officer. “Quantum computers will jeopardize military and civilian communications, undermine critical infrastructure, and compromise financial transactions.”
“PQC also leads us to think not just about future transactions, but also about stored data,” she continued, “Encrypted data that has already been compromised but is currently unreadable may be exposed, potentially compromising older but still important secrets.”
“Addressing these threats to PQC in collaboration between government and industry is not just a technological necessity, but a national imperative,” Davis said.
She highlighted that NSTAC’s forthcoming study will consider lessons learned from past technological transitions, as well as identify barriers to adoption – such as cost – and develop strategies to overcome these challenges.
“The proposed report will also address other barriers to PQC implementation, including awareness and education … managing coexistence during the migration, and cross-sector dependencies,” Davis said. “The study will also look at opportunities for policy and incentives that are worth examining, including government support, international coordination, and continued investment to maintain U.S. leadership in quantum-resistant technologies. This investment will include fostering public-private partnerships in research and development.”
NSTAC Draft Report on Cloud Security Coming Soon
Separately during today’s meeting, Co-Chair of the NSTAC Principles for Baseline Security Offerings from Cloud Service Providers Subcommittee and Founder of cybersecurity firm Mandiant, Kevin Mandia noted that the advisory committee plans to release a draft report on cloud security in the coming weeks.
“We have heard from all the major cloud hyperscalers, several cloud customers from different sectors – academia and representatives from the government, including but not limited to CISA, NIST, DHS, the Office of the National Cyber Director, OMB, and TSA,” Mandia said. “The subcommittee has commenced drafting the report already and has begun to deliberate potential findings.”
Mandia highlighted that some “preliminary concepts” of the report include “a lack of clarity around shared responsibility between customers and service providers” and a need to modernize the government’s Federal Risk and Authorization Management Program (FedRAMP).
NSTAC’s next meeting will be held in November.
