SlideShare a Scribd company logo

Joe Biden’s Memorandum Post-Quantum Cryptography

Download as PPTX, PDF
The Cryptography Centre For Excellence
The Cryptography Centre For Excellence

Joe Biden’s Memorandum Post-Quantum Cryptography

Technology
1 of 6
Joe Biden’s Memorandum Post-Quantum Cryptography
Joe Biden Memorandum On May 4th, President Biden signed a new executive order focusedon post-quantum cryptography,his second featuring this subjectin 2022, and we’ve still 8 months of the year to go. The January memorandum directed all federalagencies to prepare for post-quantum cryptography by reporting on all vulnerable cryptography on national security systems. But compared to what has just been signed at The White House, the January memorandum was light weight. The May 4th Memorandum is loaded with new directions for agency collaboration, communication, planning, and technical work, all with the focus of adopting post quantum cryptography.
Much more Collaboration,Communication& Planning The advent of quantum computers will mean cryptography has to be replacedeverywhere, and with everyoneabout to go through this migration, what could be better than sharing best practices and learning fromeach other? To this end, the memorandum includes directions to establish a “Migration to Post-Quantum Cryptography Project” whose purpose will be to “develop programs fordiscoveryand remediationof any system that does not use quantum-resistant cryptography”. There are also instructions for cycles of communication designed to keep the whole US government laser focused on delivering a speedy and successful migration. These include annual reports with “recommendations for accelerating those entities’ migration to quantum-resistant cryptography”,ongoing inventoryreports that “documentall instances where quantum-vulnerable cryptography is used by NSS”, and working groups to “identify needed tools and data sets, and other considerations to inform the development by NISTof guidance and best practices to assistwith quantum resistant cryptography planning and prioritisation”.
Specific requirements for Federal Crypto-Inventories In the January memorandum the requirement for a Crypto-Inventorywas definitely being hinted at but not made explicit. However this time around we have extremely clear language in Sec5.(c)(v): “...aninventory of their IT systems that remain vulnerable to CRQCs, with a particular focus on High Value Assets and High Impact Systems.” Now it is explicit: Federal agencies need to build a Crypto-Inventory, and this now comes with specific requirements: “Inventories should includecurrent cryptographic methods used on IT systems, including system administratorprotocols, non- security software and firmware that require upgraded digital signatures, and information on other key assets.” We also see that where January’s focus wassolely on National Security Systems (NSS), this directive goes further, requiring the Directors of NIST, CISA, and theNSA to: “establishrequirements for inventorying all currently deployed cryptographic systems, excluding National Security Systems (NSS).” All Federalcryptography is now in scope, and that means much morework ahead.
Recognising an “Imperative”role for Crypto-Agility Even our shiny new PQ cryptography willneed to be replaced at somepoint; and if Rainbow is anything to go by then wewill need to be prepared to respond quickly in such a scenario. It’s this awareness (along with the lingering trauma of migrating from MD5, SHA-1, and 3DES) thatleads to organisations prioritising crypto-agility. As the Memorandum puts it: “Central to this migration effort will be an emphasis on cryptographic agility, both to reduce the time required to transition and to allow for seamless updates for future cryptographic standards. This effort is imperative across all sectors of the United States economy, fromgovernment to critical infrastructure, commercialservices to cloud providers, and everywhere elsethat vulnerable public-key cryptography is used.” What is most interesting is the immediate recognition that crypto-agility is not just a nice-to-have or a pie-in-the-sky ideal. Instead, it is recognised as imperative to the overall initiative. This should come as no surprise; because of the sheer size and scale of the federal infrastructure, the NSA estimates that deploying new cryptography across all NSS alone would take about 20 years. The bigger the project, the morecritical crypto-agility becomes.
Big Asks, Short Timescales As ever, the memorandum is scattered with ambitious timescales, perhaps more ambitious than usual given the current geopolitical climate. As we hear from businesses on an almost daily basis; building an accurate, useful, and dependable crypto-inventory is incredibly challenging, and requires constant attention to keep up to date. On the other side, crypto-agility remains painfully ill-defined for practical purposes.

Recommended

Gunnar Hellekson - Open Source: A Platform for Government Innovation
Gunnar Hellekson - Open Source: A Platform for Government InnovationGunnar Hellekson - Open Source: A Platform for Government Innovation
Gunnar Hellekson - Open Source: A Platform for Government Innovation
Alfresco Software
 
Aztec - His Majesty’s Treasury – Consultation Response - Dated 29 April 2023.pdf
Aztec - His Majesty’s Treasury – Consultation Response - Dated 29 April 2023.pdfAztec - His Majesty’s Treasury – Consultation Response - Dated 29 April 2023.pdf
Aztec - His Majesty’s Treasury – Consultation Response - Dated 29 April 2023.pdf
AztecLabs
 
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Cade Zvavanjanja
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technology
Ulf Mattsson
 
Latest Technologies
Latest TechnologiesLatest Technologies
Latest Technologies
SriRemo
 
TURNING THE DISRUPTIVE POWER OF BLOCKCHAIN IN THE INSURANCE MARKET INTO INNOV...
TURNING THE DISRUPTIVE POWER OF BLOCKCHAIN IN THE INSURANCE MARKET INTO INNOV...TURNING THE DISRUPTIVE POWER OF BLOCKCHAIN IN THE INSURANCE MARKET INTO INNOV...
TURNING THE DISRUPTIVE POWER OF BLOCKCHAIN IN THE INSURANCE MARKET INTO INNOV...
IJNSA Journal
 
Blockchain technology overview
Blockchain technology overviewBlockchain technology overview
Blockchain technology overview
RishabhMalik32
 
Data Sovereignty, Security, and Performance Panacea: Why Mastercard Sets the ...
Data Sovereignty, Security, and Performance Panacea: Why Mastercard Sets the ...Data Sovereignty, Security, and Performance Panacea: Why Mastercard Sets the ...
Data Sovereignty, Security, and Performance Panacea: Why Mastercard Sets the ...
Dana Gardner
 

Recommended

Gunnar Hellekson - Open Source: A Platform for Government Innovation
Gunnar Hellekson - Open Source: A Platform for Government InnovationGunnar Hellekson - Open Source: A Platform for Government Innovation
Gunnar Hellekson - Open Source: A Platform for Government Innovation
Alfresco Software
 
Aztec - His Majesty’s Treasury – Consultation Response - Dated 29 April 2023.pdf
Aztec - His Majesty’s Treasury – Consultation Response - Dated 29 April 2023.pdfAztec - His Majesty’s Treasury – Consultation Response - Dated 29 April 2023.pdf
Aztec - His Majesty’s Treasury – Consultation Response - Dated 29 April 2023.pdf
AztecLabs
 
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Cade Zvavanjanja
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technology
Ulf Mattsson
 
Latest Technologies
Latest TechnologiesLatest Technologies
Latest Technologies
SriRemo
 
TURNING THE DISRUPTIVE POWER OF BLOCKCHAIN IN THE INSURANCE MARKET INTO INNOV...
TURNING THE DISRUPTIVE POWER OF BLOCKCHAIN IN THE INSURANCE MARKET INTO INNOV...TURNING THE DISRUPTIVE POWER OF BLOCKCHAIN IN THE INSURANCE MARKET INTO INNOV...
TURNING THE DISRUPTIVE POWER OF BLOCKCHAIN IN THE INSURANCE MARKET INTO INNOV...
IJNSA Journal
 
Blockchain technology overview
Blockchain technology overviewBlockchain technology overview
Blockchain technology overview
RishabhMalik32
 
Data Sovereignty, Security, and Performance Panacea: Why Mastercard Sets the ...
Data Sovereignty, Security, and Performance Panacea: Why Mastercard Sets the ...Data Sovereignty, Security, and Performance Panacea: Why Mastercard Sets the ...
Data Sovereignty, Security, and Performance Panacea: Why Mastercard Sets the ...
Dana Gardner
 
Blockchain
BlockchainBlockchain
Blockchain
EishaKhan18
 
The Six Biggest Blockchain Trends Everyone Should Know About In 2021
The Six Biggest Blockchain Trends Everyone Should Know About In 2021The Six Biggest Blockchain Trends Everyone Should Know About In 2021
The Six Biggest Blockchain Trends Everyone Should Know About In 2021
Bernard Marr
 
A survey on security and policy aspects of blockchain technology
A survey on security and policy aspects of blockchain technologyA survey on security and policy aspects of blockchain technology
A survey on security and policy aspects of blockchain technology
TELKOMNIKA JOURNAL
 
DWS16 - Fintech forum - Alexis Collomb, CNAM
DWS16 - Fintech forum - Alexis Collomb, CNAMDWS16 - Fintech forum - Alexis Collomb, CNAM
DWS16 - Fintech forum - Alexis Collomb, CNAM
IDATE DigiWorld
 
The realist’s guide to quantum technology and national security
The realist’s guide to quantum technology and national securityThe realist’s guide to quantum technology and national security
The realist’s guide to quantum technology and national security
Deloitte United States
 
RefugeeDo -A Hand to the Deserving.
RefugeeDo -A Hand to the Deserving.RefugeeDo -A Hand to the Deserving.
RefugeeDo -A Hand to the Deserving.
IRJET Journal
 
Digital Assets in United States: All you need to know before the US regulatio...
Digital Assets in United States: All you need to know before the US regulatio...Digital Assets in United States: All you need to know before the US regulatio...
Digital Assets in United States: All you need to know before the US regulatio...
BlockZero
 
1. Sean WroteThe first and most critical success factor is effe.docx
1. Sean WroteThe first and most critical success factor is effe.docx1. Sean WroteThe first and most critical success factor is effe.docx
1. Sean WroteThe first and most critical success factor is effe.docx
jackiewalcutt
 
Project 2020 Scenarios for the Future of.docx
Project 2020 Scenarios for the Future of.docxProject 2020 Scenarios for the Future of.docx
Project 2020 Scenarios for the Future of.docx
briancrawford30935
 
Blockchain the inception of a new database of everything by dinis guarda bloc...
Blockchain the inception of a new database of everything by dinis guarda bloc...Blockchain the inception of a new database of everything by dinis guarda bloc...
Blockchain the inception of a new database of everything by dinis guarda bloc...
Dinis Guarda
 
The Cybersecurity Executive Order
The Cybersecurity Executive OrderThe Cybersecurity Executive Order
The Cybersecurity Executive Order
Booz Allen Hamilton
 
Blockchain beyond fintech by ridgelift.io
Blockchain beyond fintech by ridgelift.ioBlockchain beyond fintech by ridgelift.io
Blockchain beyond fintech by ridgelift.io
Udayan Modhe
 
Aztec Labs - Digital Pound Consultation Response.pdf
Aztec Labs - Digital Pound Consultation Response.pdfAztec Labs - Digital Pound Consultation Response.pdf
Aztec Labs - Digital Pound Consultation Response.pdf
AztecLabs
 
TGC12 e book
TGC12 e bookTGC12 e book
TGC12 e book
Sadiq Malik
 
Nist.ir.8202
Nist.ir.8202Nist.ir.8202
Nist.ir.8202
IT Strategy Group
 
Cybersecurity regulation will be challenging
Cybersecurity regulation will be challengingCybersecurity regulation will be challenging
Cybersecurity regulation will be challenging
Joe Orlando
 
Inside TorrentLocker (Cryptolocker) Malware C&C Server
Inside TorrentLocker (Cryptolocker) Malware C&C Server Inside TorrentLocker (Cryptolocker) Malware C&C Server
Inside TorrentLocker (Cryptolocker) Malware C&C Server
Davide Cioccia
 
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
IJERA Editor
 
Paradigm Capital Blockchain, Cryptocurrency & Apps Report
Paradigm Capital Blockchain, Cryptocurrency & Apps ReportParadigm Capital Blockchain, Cryptocurrency & Apps Report
Paradigm Capital Blockchain, Cryptocurrency & Apps Report
Daniel Lee
 
the world of technology is changing at an unprecedented pace, and th.docx
the world of technology is changing at an unprecedented pace, and th.docxthe world of technology is changing at an unprecedented pace, and th.docx
the world of technology is changing at an unprecedented pace, and th.docx
pelise1
 
Non-Fungible Token (NFT).pptx
Non-Fungible Token (NFT).pptxNon-Fungible Token (NFT).pptx
Non-Fungible Token (NFT).pptx
The Cryptography Centre For Excellence
 
Introduction multiparty computation
Introduction multiparty computationIntroduction multiparty computation
Introduction multiparty computation
The Cryptography Centre For Excellence
 

More Related Content

Similar to Joe Biden’s Memorandum Post-Quantum Cryptography

A survey on security and policy aspects of blockchain technology
A survey on security and policy aspects of blockchain technologyA survey on security and policy aspects of blockchain technology
A survey on security and policy aspects of blockchain technology
TELKOMNIKA JOURNAL
 
1. Sean WroteThe first and most critical success factor is effe.docx
1. Sean WroteThe first and most critical success factor is effe.docx1. Sean WroteThe first and most critical success factor is effe.docx
1. Sean WroteThe first and most critical success factor is effe.docx
jackiewalcutt
 
Project 2020 Scenarios for the Future of.docx
Project 2020 Scenarios for the Future of.docxProject 2020 Scenarios for the Future of.docx
Project 2020 Scenarios for the Future of.docx
briancrawford30935
 
Blockchain the inception of a new database of everything by dinis guarda bloc...
Blockchain the inception of a new database of everything by dinis guarda bloc...Blockchain the inception of a new database of everything by dinis guarda bloc...
Blockchain the inception of a new database of everything by dinis guarda bloc...
Dinis Guarda
 
Inside TorrentLocker (Cryptolocker) Malware C&C Server
Inside TorrentLocker (Cryptolocker) Malware C&C Server Inside TorrentLocker (Cryptolocker) Malware C&C Server
Inside TorrentLocker (Cryptolocker) Malware C&C Server
Davide Cioccia
 
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
IJERA Editor
 
the world of technology is changing at an unprecedented pace, and th.docx
the world of technology is changing at an unprecedented pace, and th.docxthe world of technology is changing at an unprecedented pace, and th.docx
the world of technology is changing at an unprecedented pace, and th.docx
pelise1
 

Similar to Joe Biden’s Memorandum Post-Quantum Cryptography (20)

Blockchain
BlockchainBlockchain
Blockchain
 
The Six Biggest Blockchain Trends Everyone Should Know About In 2021
The Six Biggest Blockchain Trends Everyone Should Know About In 2021The Six Biggest Blockchain Trends Everyone Should Know About In 2021
The Six Biggest Blockchain Trends Everyone Should Know About In 2021
 
A survey on security and policy aspects of blockchain technology
A survey on security and policy aspects of blockchain technologyA survey on security and policy aspects of blockchain technology
A survey on security and policy aspects of blockchain technology
 
DWS16 - Fintech forum - Alexis Collomb, CNAM
DWS16 - Fintech forum - Alexis Collomb, CNAMDWS16 - Fintech forum - Alexis Collomb, CNAM
DWS16 - Fintech forum - Alexis Collomb, CNAM
 
The realist’s guide to quantum technology and national security
The realist’s guide to quantum technology and national securityThe realist’s guide to quantum technology and national security
The realist’s guide to quantum technology and national security
 
RefugeeDo -A Hand to the Deserving.
RefugeeDo -A Hand to the Deserving.RefugeeDo -A Hand to the Deserving.
RefugeeDo -A Hand to the Deserving.
 
Digital Assets in United States: All you need to know before the US regulatio...
Digital Assets in United States: All you need to know before the US regulatio...Digital Assets in United States: All you need to know before the US regulatio...
Digital Assets in United States: All you need to know before the US regulatio...
 
1. Sean WroteThe first and most critical success factor is effe.docx
1. Sean WroteThe first and most critical success factor is effe.docx1. Sean WroteThe first and most critical success factor is effe.docx
1. Sean WroteThe first and most critical success factor is effe.docx
 
Project 2020 Scenarios for the Future of.docx
Project 2020 Scenarios for the Future of.docxProject 2020 Scenarios for the Future of.docx
Project 2020 Scenarios for the Future of.docx
 
Blockchain the inception of a new database of everything by dinis guarda bloc...
Blockchain the inception of a new database of everything by dinis guarda bloc...Blockchain the inception of a new database of everything by dinis guarda bloc...
Blockchain the inception of a new database of everything by dinis guarda bloc...
 
The Cybersecurity Executive Order
The Cybersecurity Executive OrderThe Cybersecurity Executive Order
The Cybersecurity Executive Order
 
Blockchain beyond fintech by ridgelift.io
Blockchain beyond fintech by ridgelift.ioBlockchain beyond fintech by ridgelift.io
Blockchain beyond fintech by ridgelift.io
 
Aztec Labs - Digital Pound Consultation Response.pdf
Aztec Labs - Digital Pound Consultation Response.pdfAztec Labs - Digital Pound Consultation Response.pdf
Aztec Labs - Digital Pound Consultation Response.pdf
 
TGC12 e book
TGC12 e bookTGC12 e book
TGC12 e book
 
Nist.ir.8202
Nist.ir.8202Nist.ir.8202
Nist.ir.8202
 
Cybersecurity regulation will be challenging
Cybersecurity regulation will be challengingCybersecurity regulation will be challenging
Cybersecurity regulation will be challenging
 
Inside TorrentLocker (Cryptolocker) Malware C&C Server
Inside TorrentLocker (Cryptolocker) Malware C&C Server Inside TorrentLocker (Cryptolocker) Malware C&C Server
Inside TorrentLocker (Cryptolocker) Malware C&C Server
 
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
 
Paradigm Capital Blockchain, Cryptocurrency & Apps Report
Paradigm Capital Blockchain, Cryptocurrency & Apps ReportParadigm Capital Blockchain, Cryptocurrency & Apps Report
Paradigm Capital Blockchain, Cryptocurrency & Apps Report
 
the world of technology is changing at an unprecedented pace, and th.docx
the world of technology is changing at an unprecedented pace, and th.docxthe world of technology is changing at an unprecedented pace, and th.docx
the world of technology is changing at an unprecedented pace, and th.docx
 

More from The Cryptography Centre For Excellence

More from The Cryptography Centre For Excellence (13)

Non-Fungible Token (NFT).pptx
Non-Fungible Token (NFT).pptxNon-Fungible Token (NFT).pptx
Non-Fungible Token (NFT).pptx
 
Introduction multiparty computation
Introduction multiparty computationIntroduction multiparty computation
Introduction multiparty computation
 
Cryptography is all we can trust
Cryptography is all we can trustCryptography is all we can trust
Cryptography is all we can trust
 
fips140-3compliance
fips140-3compliancefips140-3compliance
fips140-3compliance
 
Exemplar of Cryptography Vulnerabilities
Exemplar of Cryptography VulnerabilitiesExemplar of Cryptography Vulnerabilities
Exemplar of Cryptography Vulnerabilities
 
Poor uses of cryptography
Poor uses of cryptographyPoor uses of cryptography
Poor uses of cryptography
 
Quantum Cryptography
Quantum Cryptography Quantum Cryptography
Quantum Cryptography
 
Blockchain
BlockchainBlockchain
Blockchain
 
Introduction to bitcoin
Introduction to bitcoinIntroduction to bitcoin
Introduction to bitcoin
 
Bitcoin: A Peer-to-Peer Electronic Cash System
Bitcoin: A Peer-to-Peer Electronic Cash SystemBitcoin: A Peer-to-Peer Electronic Cash System
Bitcoin: A Peer-to-Peer Electronic Cash System
 
Bitcoins introduction
Bitcoins introduction Bitcoins introduction
Bitcoins introduction
 
Prepare For Post-Quantum Cryptography
Prepare For Post-Quantum CryptographyPrepare For Post-Quantum Cryptography
Prepare For Post-Quantum Cryptography
 
Cryptography Inventory
Cryptography Inventory Cryptography Inventory
Cryptography Inventory
 

Recently uploaded

The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
Safe Software
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
FIDO Alliance
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Skynet Technologies
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Srushith Repakula
 
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
SOFTTECHHUB
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
FIDO Alliance
 

Recently uploaded (20)

How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
 
Navigating the Large Language Model choices_Ravi Daparthi
Navigating the Large Language Model choices_Ravi DaparthiNavigating the Large Language Model choices_Ravi Daparthi
Navigating the Large Language Model choices_Ravi Daparthi
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 

Joe Biden’s Memorandum Post-Quantum Cryptography

  • 1. Joe Biden’s Memorandum Post-Quantum Cryptography
  • 2. Joe Biden Memorandum On May 4th, President Biden signed a new executive order focusedon post-quantum cryptography,his second featuring this subjectin 2022, and we’ve still 8 months of the year to go. The January memorandum directed all federalagencies to prepare for post-quantum cryptography by reporting on all vulnerable cryptography on national security systems. But compared to what has just been signed at The White House, the January memorandum was light weight. The May 4th Memorandum is loaded with new directions for agency collaboration, communication, planning, and technical work, all with the focus of adopting post quantum cryptography.
  • 3. Much more Collaboration,Communication& Planning The advent of quantum computers will mean cryptography has to be replacedeverywhere, and with everyoneabout to go through this migration, what could be better than sharing best practices and learning fromeach other? To this end, the memorandum includes directions to establish a “Migration to Post-Quantum Cryptography Project” whose purpose will be to “develop programs fordiscoveryand remediationof any system that does not use quantum-resistant cryptography”. There are also instructions for cycles of communication designed to keep the whole US government laser focused on delivering a speedy and successful migration. These include annual reports with “recommendations for accelerating those entities’ migration to quantum-resistant cryptography”,ongoing inventoryreports that “documentall instances where quantum-vulnerable cryptography is used by NSS”, and working groups to “identify needed tools and data sets, and other considerations to inform the development by NISTof guidance and best practices to assistwith quantum resistant cryptography planning and prioritisation”.
  • 4. Specific requirements for Federal Crypto-Inventories In the January memorandum the requirement for a Crypto-Inventorywas definitely being hinted at but not made explicit. However this time around we have extremely clear language in Sec5.(c)(v): “...aninventory of their IT systems that remain vulnerable to CRQCs, with a particular focus on High Value Assets and High Impact Systems.” Now it is explicit: Federal agencies need to build a Crypto-Inventory, and this now comes with specific requirements: “Inventories should includecurrent cryptographic methods used on IT systems, including system administratorprotocols, non- security software and firmware that require upgraded digital signatures, and information on other key assets.” We also see that where January’s focus wassolely on National Security Systems (NSS), this directive goes further, requiring the Directors of NIST, CISA, and theNSA to: “establishrequirements for inventorying all currently deployed cryptographic systems, excluding National Security Systems (NSS).” All Federalcryptography is now in scope, and that means much morework ahead.
  • 5. Recognising an “Imperative”role for Crypto-Agility Even our shiny new PQ cryptography willneed to be replaced at somepoint; and if Rainbow is anything to go by then wewill need to be prepared to respond quickly in such a scenario. It’s this awareness (along with the lingering trauma of migrating from MD5, SHA-1, and 3DES) thatleads to organisations prioritising crypto-agility. As the Memorandum puts it: “Central to this migration effort will be an emphasis on cryptographic agility, both to reduce the time required to transition and to allow for seamless updates for future cryptographic standards. This effort is imperative across all sectors of the United States economy, fromgovernment to critical infrastructure, commercialservices to cloud providers, and everywhere elsethat vulnerable public-key cryptography is used.” What is most interesting is the immediate recognition that crypto-agility is not just a nice-to-have or a pie-in-the-sky ideal. Instead, it is recognised as imperative to the overall initiative. This should come as no surprise; because of the sheer size and scale of the federal infrastructure, the NSA estimates that deploying new cryptography across all NSS alone would take about 20 years. The bigger the project, the morecritical crypto-agility becomes.
  • 6. Big Asks, Short Timescales As ever, the memorandum is scattered with ambitious timescales, perhaps more ambitious than usual given the current geopolitical climate. As we hear from businesses on an almost daily basis; building an accurate, useful, and dependable crypto-inventory is incredibly challenging, and requires constant attention to keep up to date. On the other side, crypto-agility remains painfully ill-defined for practical purposes.