The Cybersecurity and Infrastructure Security Agency (CISA) released new advice Wednesday on ways critical infrastructure should prepare for potential security risks stemming from quantum computing.
While quantum computing provides greater speed and power than classical computers, the emerging technology comes with potential risks, including data breaches, that could threaten the security of business transactions, secure communications, digital signatures and customer information.
“While post-quantum computing is expected to produce significant benefits, we must take action now to manage potential risks, including the ability to break public key encryption that U.S. networks rely on to secure sensitive information,” Mona Harrington, acting assistant director for CISA’s National Risk Management Center, said in a statement.
“Critical infrastructure and government leaders must be proactive and begin preparing for the transition to post-quantum cryptography now,” Harrington added.
Post-quantum cryptography refers to the cryptographic algorithms used to secure a system against an attack by a quantum computer.
Unlike classical computers, quantum computers uses quantum bits rather than binary bits to perform at greater speed and power, allowing them to potentially break through public key encryption used to secure data.
CISA urged all critical infrastructure owners and operators to follow the Preparing for Post-Quantum Cryptography road map released by the Department of Homeland Security (DHS) and the Department of Commerce’s National Institute of Standards and Technology.
The road map guides stakeholders in critical infrastructure on steps they can take to prepare their organizations for the transition to post-quantum cryptography, including identifying, prioritizing and protecting potentially vulnerable data, algorithms, protocols and systems.
“We must prepare for [the transition] now to protect the confidentiality of data that already exists today and remains sensitive in the future,” said DHS Secretary Alejandro Mayorkas at a March conference.
CISA’s guide follows a cybersecurity bill introduced in the Senate in July that would require federal agencies to improve and update their defenses against data breaches enabled by quantum computing.
“The development of quantum computers is one of the next frontiers in technology, and with this emerging technology comes new risks as well,” said Sen. Maggie Hassan (D-N.H.), a co-sponsor of the bill.