Preparing for Post-Quantum Critical Infrastructure

Future quantum computing capabilities are expected to be able to break the security of current implementations of public-key cryptography. Public-key cryptography forms the foundational building block of security for national information and communication infrastructure. Quantum computers will therefore create vulnerabilities in critical infrastructure, although migrating to new post-quantum cryptography standards being developed by the National Institute of Standards and Technology should mitigate vulnerabilities. The U.S. Department of Homeland Security asked the Homeland Security Operational Analysis Center to perform high-level assessments of quantum vulnerabilities in the 55 national critical functions (NCFs) identified by the department. Researchers evaluated the significant issues affecting each NCF, then rated each NCF in the categories of urgency, scope, cost per organization, and other mitigating or exacerbating factors. The researchers then combined these ratings to create an assessment of each NCF's priority for assistance. They rated six of the NCFs as high priority for assistance, 15 as medium priority, and 34 as low priority. In addition, the team identified three NCFs as critical enablers of the transition to the new cryptographic standard. Finally, the researchers identified four key findings: (1) All NCFs need to prepare for the transition, (2) a significant portion of the vulnerability can be addressed with relatively few actions by the critical enablers, (3) catch-and-exploit vulnerabilities are urgent for only a few stakeholders, and (4) many factors related to the cryptographic transition are still uncertain and in need of more-detailed assessment.