Quantum computing isn’t here yet, but the National Security Agency wants the owners, operators and vendors of national security systems (NSS) to be ready when it arrives. NSA released a suite of “post-quantum algorithms” that will eventually be requirements for NSS, along with a series of deadlines for the transition.
The new Commercial National Security Algorithm suite 2.0 (CNSA 2.0) establishes a variety of timelines, depending on implementation, though NSA does provide a final end date for the transition.
“NSA expects the transition to QR algorithms for NSS to be complete by 2035 in line with [National Security Memorandum 10]. NSA urges vendors and NSS owners and operators to make every effort to meet this deadline,” the CNSA 2.0 says. “Where feasible, NSS owners and operators will be required to prefer CNSA 2.0 algorithms when configuring systems during the transition period. When appropriate, use of CNSA 2.0 algorithms will be mandatory in classes of commercial products within NSS, while reserving the option to allow other algorithms in specialized use cases.”
CNSA 2.0 establishes software and firmware signing as NSA’s highest priority; it says these applications should “begin transitioning immediately, support and prefer CNSA 2.0 by 2025, and exclusively use CNSA 2.0 by 2030.” Other applications, such as web browsers, cloud services, operating systems, and custom and legacy technologies have longer to implement.
CNSA 2.0 draws from guidance published by the National Institute of Standards and Technology in July. NIST Special Publication 800-208 announced the selection for standardized, quantum-resistant cryptography algorithms. These selections will be the standard for non-national security government systems. CNSA 2.0 narrows the field of NIST selections to those that are acceptable for NSS.
But NSA cautioned in its press release that “there are neither final standards nor [Federal Information Processing Standard (FIPS)]-validated implementations available yet.” The release says that CNSA 1.0 remains the current compliance benchmark, but encourages NSS owners and operators to use CNSA 2.0 and the NIST selections to begin preparing.
“We want people to take note of these requirements to plan and budget for the expected transition, but we don’t want to get ahead of the standards process,” said Rob Joyce, director of NSA Cybersecurity, in the press release.
NSA was also careful to note in the FAQ accompanying CNSA 2.0 that there is no existing consensus on when quantum computing will arrive; this guidance is merely precautionary based on the progress that has been made so far.
“I’m probably more skeptical than most about when we’ll actually have a cryptanalytically relevant quantum computer … the best definition I’ve heard is with anywhere from 10 years to never. But we are starting to get in a window of concern,” said Gil Herrera, NSA’s director of research, during a Sept. 8 Intelligence National Security Alliance webinar.
Herrera said the main roadblock currently to quantum computing is the inability to model predicted solutions. Modeling was what allowed rapid advancement in semiconductors and microelectronics, he said. As long as they could manufacture what was modeled, they knew it would work. None of the existing theories links manufacturing to models.
“And that’s why it is so difficult to predict when we’ll have a quantum computer, because there’s not a strong enough underlying theoretical basis for how the devices actually work. And that’s why I don’t believe anybody’s predictions in quantum computing, even mine,” Herrera said. “But if somebody were able to make one, our national security systems and financial systems are at jeopardy, and that’s why the White House and NSA are warning people go to a point of resistance.”
Daisy Thornton is Federal News Network’s digital managing editor. In addition to her editing responsibilities, she covers federal management, workforce and technology issues. She is also the commentary editor; email her your letters to the editor and pitches for contributed bylines.