Cybersecurity

NIST pushes new encryption protocols for quantum, connected devices

encryption concept (BeeBright/Shutterstock.com) 

The National Institute of Standards and Technology is inching closer to developing two new encryption standards designed to protect the federal government from new and emerging cybersecurity threats.

Many experts believe the advanced computing capabilities of quantum computers will render most traditional encryption protocols used today obsolete. While true quantum computing is still decades away, the federal government is already preparing contingencies for how to defend its current IT assets and equipment from the threat.

In a March 20 briefing to the Information Security and Privacy Advisory Board, Matthew Scholl, Chief of the Computer Security Division at NIST, said the agency spent much of the past year evaluating 69 algorithms for its Post Quantum Cryptography Standardization project, a 2016 project designed to protect the machines used by federal agencies today from the encryption-breaking tools of tomorrow.

The submitted algorithms are all designed to work with current technology and equipment, each offering different ways to protect computers and data from attack vectors – known and unknown – posed by developments in quantum computing. NIST chose 26 of the most promising proposals in January 2019, and the agency will be conducting a second evaluation this year to whittle that list down even further.

Scholl told the board that the agency isn't shooting for a specific number of algorithms at the end of the process and wants to leave room for agencies to deploy multiple options to protect their assets.

"This is to ensure that we have some resilience so that when a quantum machine actually comes around -- not being able to fully understand the capability or the effect of those machines -- having more than one algorithm with some different genetic mathematical foundations will ensure that we have a little more resiliency in that kit going forward," Scholl said.

Switching encryption protocols is disruptive. NIST turned to the history books to study previous cryptographic transitions in the federal government and found they were plagued by poor communication, unrealistic timelines and overall confusion regarding expectations. Scholl said the agency is planning to do more proactive outreach to agencies and industry during second round evaluations.

NIST is also working on another revamp of encryption standards for small "lightweight" computing devices, focusing on components such as RFID tags, industrial controllers, sensor nodes and smart cards that are inherent in many Internet of Things devices.

The agency received 57 proposals for the project at the end of February, extending the submission timeline by a month due to the partial government shutdown, and plans to consider candidate algorithms at a public workshop in November.

The government's current encryption standards are largely designed for personal computers, laptops and other general purpose computing platforms. NIST officials believe new standards are needed to tackle a range of problems, from increasing reliance on connected devices to dissatisfaction with current identity and access management tools.

NIST will be able to rely on a rich catalogue of prior cryptographical research, Scholl said.

"The nice thing about the program is that many implementations and algorithms have a long history…unlike quantum where attack models are very new and different, lightweight is a more mature space," he said.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Featured

  • FCW Perspectives
    human machine interface

    Your agency isn’t ready for AI

    To truly take advantage, government must retool both its data and its infrastructure.

  • Cybersecurity
    secure network (bluebay/Shutterstock.com)

    Federal CISO floats potential for new supply chain regs

    The federal government's top IT security chief and canvassed industry for feedback on how to shape new rules of the road for federal acquisition and procurement.

  • People
    DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

    DHS chief Nielsen resigns

    Kirstjen Nielsen, the first Homeland Security secretary with a background in cybersecurity, is being replaced on an acting basis by the Customs and Border Protection chief. Her last day is April 10.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.