NIST Finalizes 3 Post-Quantum Cryptography Standards

Health
By Liam

To protect existing cybersecurity protocols from easy decryption by a quantum computer, the National Institute of Standards and Technology Post-Quantum Cryptography Project has developed three algorithms — called FIPS 203, 204 and 205 — designed to withstand cyberattacks using quantum technology. It released the first three post-quantum encryption standards on Tuesday.

The standards will enable organizations to achieve quantum-safe transformation strategies. The agency said post-quantum encryption standards will protect a wide range of electronic information and encourages IT administrators to begin transitioning to the new standards now.

WHY IT IS IMPORTANT

Cyber-vulnerable healthcare organizations at various stages of their cybersecurity modernization are being pressured to address myriad cyberattack vectors. The rise of AI-enhanced attacks, for example, only adds to this burden, with numerous reports that generative AI is improving the quality and quantity of phishing attacks.

According to Scott Crowder, vice president of IBM’s quantum-safe adoption and business development team, which provides critical data and systems security services, the IBM Quantum Platform can now be made Quantum Safe now that the standards have been finalized.

The company is working with the Cleveland Clinic and other institutions to explore how quantum computing can benefit their research.

Crowder said Healthcare IT News It was announced on Tuesday that the standards allow healthcare institutions to take all steps to “reveal the factors that drive the organization toward quantum safety.”

The difficulty for quantum pioneers like IBM – and everyone else – was waiting for public cryptographic standards with public keys needed for mass access to the quantum protection protocol for data exchange.

According to Crowder, organizations must first identify their cryptography and generate a so-called cryptographic BOM (a catalog of artifacts).

“With a CBOM, the organization can now really see how compliant their cryptography is – for example according to current regulations – and where there may be vulnerabilities.”

“Now that the organization has a priority list, it can begin transforming its security to quantum-safe solutions,” he said.

According to IBM, these three steps – discover, observe and transform – enable an organization to become quantum-safe. IBM says the company helped develop NIST’s PQC algorithm standards.

Crowder also indicated that healthcare institutions can join post-quantum cryptography initiatives or start their own initiatives.

While NIST has has completed three federal information processing standards for PQC for use this year, more to follow.

We’ve also reached out to US Health and Human Services, the healthcare sector’s Resource Management Agency, to ask about the new standards and any recommendations for accelerating the migration to quantum-resistant cryptography. We’ll update this story if we hear back.

THE BIGGER TREND

The NIST PQC project was launched as a six-year project to develop public-key cryptographic algorithms that can protect sensitive and proprietary information.

The project is also working on developing a standard for FALCON, a fourth algorithm selected for development in 2022, and a second set of alternative defense algorithms to prepare for future vulnerabilities, NIST said when it first announced the three draft PQC algorithms last year.

In addition to its collaboration with IBM, the Cleveland Clinic is also using quantum technology in clinical research.

The company recently partnered with the Novo Nordisk Foundation for a fellowship program in quantum computing and AI, focusing on technologies that analyze large amounts of data to increase diagnostic accuracy, accelerate personalized medicine and improve clinical trials.

ON THE RECORD

“Quantum computing technology can play a significant role in solving many of society’s most intractable problems, and the new standards reflect NIST’s commitment to ensuring that our security is not compromised,” said Laurie Locascio, Under Secretary of Commerce for Standards and Technology and Director of NIST.

“These final standards are the cornerstone of NIST’s efforts to protect our confidential electronic information,” Locascio said in the agency’s report. announcement.

“The key factors in being prepared for cybersecurity risks and ready to transition to post-quantum cryptography include flexibility – being able to transition to another encryption method without significant disruption; having the necessary skilled workforce to enable the new post-quantum cryptography standards; and ultimately having cryptographic resilience, which means successful organizations anticipate their level of risk and don’t make decisions in isolation,” Crowder said.

“Both points highlight the need to understand the risk posed by malicious actors who can gain access to future quantum computing capabilities – and how moving to the new PQC standards now will mitigate this risk – and to work with other organizations to be collectively prepared.”

Andrea Fox is Editor-in-Chief of Healthcare IT News.
Email address: afox@himss.org
Healthcare IT News is a publication of HIMSS Media.

The HIMSS Healthcare Cybersecurity Forum is scheduled for October 31-November 1 in Washington, DC More information and registration.

You might also like More from author