While the widespread advent of quantum computing – and the concerns that it poses especially to current day cryptography and the cybersecurity technologies that rely upon it – may still be years away, a top Federal cybersecurity expert is mapping out three steps that organizations should be taking now to prepare.
Dylan Presman, director for Budget and Assessment at the Office of the National Cyber Director (ONCD), outlined those steps today at the Shared Services Summit event hosted by ACT-IAC.
“There’s sort of three concrete steps that departments and agencies and industry need to be taking now,” he said.
The first step, Presman said, is to take an inventory of systems in order to “know what you have.”
“Developing cryptographic inventories … developing comprehensive inventories of your cryptographic systems, is a key step in all Federal departments and agencies and all of our industry at large in the critical infrastructure sectors,” he said.
The second step for organizations both within government and the private sector is to prioritize areas that are most critical to infrastructure and cybersecurity.
“We simply don’t have the capacity to do everything all at once,” Presman said. “This is a far too heavy lift, so it will be important that those inventories that somebody has taken … prioritize them so we are addressing our most sensitive needs first.”
The final step, Presman said, is to create a plan to transition to post-quantum cryptography.
“The third step will be to develop a comprehensive plan to transition to post-quantum cryptography and that will involve developing budget estimates,” he said. “What are the costs, so we have a clear map of that funding requirements across the journey.”