Preparing for Post-Quantum Critical Infrastructure

Assessments of Quantum Computing Vulnerabilities of National Critical Functions

by Michael J. D. Vermeer, Edward Parker, Ajay K. Kochhar

Download

Download eBook for Free

Full Document

Does not include Appendix B.

FormatFile SizeNotes
PDF file 1 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.

Appendix B

FormatFile SizeNotes
PDF file 1.2 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.

Purchase

Purchase Print Copy

 FormatList Price Price
Add to Cart Paperback60 pages $22.00 $17.60 20% Web Discount

Research Questions

  1. How are the NCFs vulnerable to future quantum computing capabilities?
  2. How should the federal government prioritize assistance to critical infrastructure owners and operators?

Future quantum computing capabilities are expected to be able to break the security of current implementations of public-key cryptography. Public-key cryptography forms the foundational building block of security for national information and communication infrastructure. Quantum computers will therefore create vulnerabilities in critical infrastructure, although migrating to new post-quantum cryptography standards being developed by the National Institute of Standards and Technology should mitigate vulnerabilities. The U.S. Department of Homeland Security asked the Homeland Security Operational Analysis Center to perform high-level assessments of quantum vulnerabilities in the 55 national critical functions (NCFs) identified by the department. Researchers evaluated the significant issues affecting each NCF, then rated each NCF in the categories of urgency, scope, cost per organization, and other mitigating or exacerbating factors. The researchers then combined these ratings to create an assessment of each NCF's priority for assistance. They rated six of the NCFs as high priority for assistance, 15 as medium priority, and 34 as low priority. In addition, the team identified three NCFs as critical enablers of the transition to the new cryptographic standard. Finally, the researchers identified four key findings: (1) All NCFs need to prepare for the transition, (2) a significant portion of the vulnerability can be addressed with relatively few actions by the critical enablers, (3) catch-and-exploit vulnerabilities are urgent for only a few stakeholders, and (4) many factors related to the cryptographic transition are still uncertain and in need of more-detailed assessment.

Key Findings

  • All NCFs need to prepare for the transition.
  • A significant portion of the vulnerability can be addressed with relatively few actions by the critical enablers.
  • Catch-and-exploit vulnerabilities are urgent for only a few stakeholders.
  • Many factors related to the cryptographic transition are still uncertain and in need of more-detailed assessment.
  • Six NCFs are high priority for assistance, 15 as medium priority, and 34 as low priority.
  • Three NCFs are critical enablers of the transition to the new post-quantum cryptography standard.

Table of Contents

  • Chapter One

    Introduction

  • Chapter Two

    Assessments of Quantum Vulnerabilities of the National Critical Functions

  • Chapter Three

    Key Findings and Conclusion

  • Appendix A

    Methods Used in the Assessments

Research conducted by

This research was sponsored by the National Risk Management Center (NRMC) and conducted by the Strategy, Policy and Operations Program within the Homeland Security Operational Analysis Center.

This report is part of the RAND Corporation Research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.