To protect existing cybersecurity protocols from being easily decrypted by a quantum computer, the National Institute of Standards and Technology’s Post-Quantum Cryptography Project has developed three algorithms — called FIPS 203, 204 and 205 — designed to withstand quantum-powered cyberattacks. On Tuesday, it released the first three post-quantum encryption standards.
With these standards, organizations can achieve quantum-safe transformation strategies. The agency said post-quantum encryption standards secure a wide range of electronic information and encourages IT administrators to start transitioning to the modern standards now.
WHY IS THIS IMPORTANT
Cyber-vulnerable healthcare organizations at various stages of cybersecurity modernization are under pressure to address myriad attack vectors. For example, the rise of AI-assisted attacks only adds to the burden, with numerous reports indicating that generative AI is improving the quality and quantity of phishing attacks.
The IBM Quantum platform can now become quantum-safe with the finalization of standards, according to Scott Crowder, vice president of quantum-safe implementation and business development at IBM, which offers services to protect critical data and systems.
The company is working with the Cleveland Clinic and other facilities to explore how quantum computers can benefit their research.
Crowder said Tuesday that with these standards, healthcare organizations can take all the steps “to uncover the factors that will guide the organization toward quantum security.”
The difficulty for quantum pioneers like IBM – and everyone else – has been waiting for open standards for public-key cryptography, necessary for mass access to a protocol for protecting quantum data exchange.
Crowder said organizations must first identify their cryptography and generate what is called a cryptographic bill of materials, or artifact catalog.
“With CBOM, an organization can now truly see how compliant their cryptography is—for example, against current regulations—and where they may have vulnerabilities.”
“With the sorted list, an organization can now begin to transform its security to provide quantum-safe solutions,” he said.
These three steps – discovery, observation and transformation – will lead the organization to a quantum-safe state, according to IBM, which the company says helped develop NIST’s PQC algorithm standards.
Healthcare organizations can join post-quantum cryptography initiatives or start their own, Crowder advised.
While NIST has Three federal information processing standards for PQC have been finalized to be used this year, there will be more of them.
We also reached out to the US Health and Human Services, the healthcare Sector Resource Management Agency, to ask about the modern standards and any recommendations for accelerating the migration to quantum-resistant cryptography. We will update this story if we hear back.
BIGGER TREND
The NIST PQC project was launched as a six-year effort to develop public-key cryptographic algorithms that can protect confidential and sensitive information.
The project is also developing a standard for FALCON, the fourth algorithm selected for development in 2022, as well as a second set of alternative defense algorithms for future weaknesses, NIST said when it first announced the three PQC algorithm projects last year.
In addition to its collaboration with IBM, the Cleveland Clinic is using quantum technology in its clinical trials.
The company recently partnered with the Novo Nordisk Foundation on a fellowship program in quantum computing and artificial intelligence, which focuses on technologies that enable the analysis of massive amounts of data to improve diagnostic accuracy, accelerate personalized medicine and improve clinical trials.
IN THE DOCUMENT
“Quantum computing technology has the potential to power many of society’s most challenging challenges, and these new standards demonstrate NIST’s commitment to ensuring they do not compromise our security,” said Laurie Locascio, Under Secretary of Commerce for Standards and Technology and Director of NIST.
“These finalized standards are the culmination of NIST’s ongoing efforts to protect our confidential electronic information,” Locascio said in an agency statement. announcement.
“The key factors in preparing for cybersecurity threats and being ready to move to post-quantum cryptography include agility – the ability to transition to another encryption method without significant disruption; having the necessary skilled workforce to enable new post-quantum cryptography standards; and ultimately having cryptographic resilience, which means successful organizations anticipate their risk levels and don’t make decisions in isolation,” Crowder said.
“Both points underscore the need to understand the risks posed by bad actors who may gain access to future quantum computing capabilities — and how moving to new PQC standards now will mitigate those risks — and to work with other organizations to prepare, collectively.”