https://community.isc2.org/t5/Industry-News/Post-Quantum-Cryptography-guidance-and-suggestions/m-p/82849#M7597 <P>Great read. There's a lot of buzz around this topic lately. What are your thoughts on <A href="https://cheapsslweb.com/blog/post-quantum-cryptography-migration-security-against-quantum-threats/#:~:text=In%20July%202022%2C%20NIST%20announced%20the%20first%20four%20PQC%20algorithms%20as%20acceptable%20for%20general%20use" target="_blank" rel="noopener">NIST algorithms on PQC</A>?</P> Tue, 05 Aug 2025 10:14:33 GMT wilson3adams 2025-08-05T10:14:33Z https://community.isc2.org/t5/Industry-News/Post-Quantum-Cryptography-guidance-and-suggestions/m-p/82667#M7588 <P>Hi All</P><P>&nbsp;</P><P>Now that US, EU and Australia have now publicly stated that critical infrastructure must migrate to Quantum cryptography algorithms by 203, this is less than five years away.&nbsp;&nbsp;</P><P>&nbsp;</P><P>Most non technical people head for the hills or run away due to the fact it is a compliance situation and run away from it all.&nbsp; &nbsp;Let the technical specialist sort it out.</P><P>&nbsp;</P><P>I have seen plenty of you tube videos, so called simple explanations which rapidly turn into technical diatribes on Quantum Cryptography.&nbsp;&nbsp;</P><P>&nbsp;</P><P>But in reality we need stories that non technical people including CEO's can understand without the mathematics and technical what will happen if you do not migrate expose.</P><P>&nbsp;</P><P>Any one have suggestions, stories to share or do we have to break this down for each industrial sector, health care, financial, Energy, Water, and others?</P><P>&nbsp;</P><P>The reality is that it took 10 years to migrate from DES to AES and there are still some pockets of resistance even in 2025!&nbsp; It took the Payments Industry 6 years after resistance to migrate to TLS 1.2 from TLS 1.0 and SSL V3.</P><P>&nbsp;</P><P>We have to pitch a message that tells a story, that is understandable and relates to what organisations need to do and commence publishing it widely.&nbsp;&nbsp;</P><P>&nbsp;</P><P>Yes, Browsers like Chrome and Firefox are ready getting ready to migrate to TLS V1.3 by default, but there is so much more that needs to be done to make this transition smooth.</P><P>&nbsp;</P><P>There is no point giving it to an AI, because you don't know for sure where that information came from and that it is accurate.&nbsp; Especially if you can hi-jack Gen-AI with a Prompt and root the system which occurred to Microsoft Co-Pilot recently.&nbsp;&nbsp;</P><P>&nbsp;</P><P>Suggestions folks that can assist the community get the message out, Post Quantum Cryptography is coming, and the runway is getting shorter every year.&nbsp; &nbsp;</P><P>&nbsp;</P><P>Thoughts, comments, lets get a dialogue started.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 29 Jul 2025 20:49:25 GMT https://community.isc2.org/t5/Industry-News/Post-Quantum-Cryptography-guidance-and-suggestions/m-p/82667#M7588 Caute_cautim 2025-07-29T20:49:25Z https://community.isc2.org/t5/Industry-News/Post-Quantum-Cryptography-guidance-and-suggestions/m-p/82849#M7597 <P>Great read. There's a lot of buzz around this topic lately. What are your thoughts on <A href="https://cheapsslweb.com/blog/post-quantum-cryptography-migration-security-against-quantum-threats/#:~:text=In%20July%202022%2C%20NIST%20announced%20the%20first%20four%20PQC%20algorithms%20as%20acceptable%20for%20general%20use" target="_blank" rel="noopener">NIST algorithms on PQC</A>?</P> Tue, 05 Aug 2025 10:14:33 GMT https://community.isc2.org/t5/Industry-News/Post-Quantum-Cryptography-guidance-and-suggestions/m-p/82849#M7597 wilson3adams 2025-08-05T10:14:33Z https://community.isc2.org/t5/Industry-News/Post-Quantum-Cryptography-guidance-and-suggestions/m-p/82871#M7598 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1282346449">@wilson3adams</a>&nbsp; &nbsp; My thoughts, is start the discovery process now, and create an cryptography inventory of your existing applications, authentication methods, communications methods, and any embedded systems including devices.</P><P>&nbsp;</P><P>Organisations should approach post-quantum cryptography migration systematically:<BR />1. Start with an inventory Map out everywhere encryption is currently used - applications, databases,<BR />communication systems, certificates, VPNs, APIs, and third-party services. Many organisations are<BR />surprised by how extensively they rely on encryption.<BR />2. Assess risk and prioritize Identify which systems handle the most sensitive data or are most critical<BR />to operations. These should be migrated first. Consider what would happen if each system's encryption<BR />was compromised.<BR />3. Choose standardised algorithms Use the post-quantum cryptographic algorithms that NIST has<BR />already approved and standardised, such as ML-KEM, ML-DSA, and SLH-DSA. Avoid experimental<BR />or non-standardised approaches.<BR />4. Plan for hybrid approaches During the transition, use both traditional and post-quantum encryption<BR />together. This provides protection even if one method has unexpected weaknesses.<BR />5. Update in phases Start with the highest-risk systems and work systematically through your<BR />infrastructure. Don't try to change everything at once, as this increases the chance of errors or<BR />downtime.<BR />6. Test thoroughly Post-quantum algorithms often require more processing power and create larger<BR />data sizes. Test performance impacts and ensure systems can handle the changes before full<BR />deployment.<BR />7. Work with vendors Coordinate with software and hardware vendors to understand their post quantum<BR />roadmaps. Some systems may need vendor updates before you can migrate.<BR />8. Train your team Ensure IT and security staff understand the new algorithms and how to implement<BR />them properly.<BR />9. Create a timeline Start now and plan to complete migration well before quantum computers become<BR />a real threat. The process typically takes 2-5 years for large organisations.<BR />10. Monitor and maintain Cryptographic standards may evolve, so plan for ongoing updates and<BR />monitoring of new developments in the field.</P><P>&nbsp;</P><P>&nbsp;</P><P>The main issue is start the process now, I have put together a draft explanation in non technical terms for organisations who will run a mile, if the subject is raised and they think they can mitigate the problem by passing to the compliance and audit team.&nbsp; &nbsp;The entire organisation needs to be made aware, it is coming and is inevitable.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P> Tue, 05 Aug 2025 21:38:30 GMT https://community.isc2.org/t5/Industry-News/Post-Quantum-Cryptography-guidance-and-suggestions/m-p/82871#M7598 Caute_cautim 2025-08-05T21:38:30Z https://community.isc2.org/t5/Industry-News/Post-Quantum-Cryptography-guidance-and-suggestions/m-p/82878#M7599 <P>Insightful. Thanks</P> Wed, 06 Aug 2025 05:13:42 GMT https://community.isc2.org/t5/Industry-News/Post-Quantum-Cryptography-guidance-and-suggestions/m-p/82878#M7599 wilson3adams 2025-08-06T05:13:42Z