Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
6 hours ago
6 hours ago

PQC Post Quantum Cryptography latest update

Hi All

 

Updates on Post Quantum Cryptography (PQC)

 

 

The US government pushes for PQC adoption and extensive use of cryptography.

On Jan. 16th, 2025, the Biden administration published the "Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity" (EO 14144). The Trump administration revoked several Biden Executive Orders on the inauguration day, but this EO was not one of them.

This EO shows near-future requirements by US agencies to their vendors. These requirements may permeate to the financial sector as requisites from US agencies to their providers or as features that will be more relevant in major technology products and offerings. It also shows interesting trends on actions that may need to be prioritized.

The EO focuses on making cybersecurity controls effective to avoid organizations and the supply chain to comply minimally with no impact in improving security. It seeks accountability of software and cloud services providers.

👉 Highlights on cryptography
There are several requirements promoting the use of cryptography and accelerating the transition to PQC:
✔ Use of public-key cryptography to implement phishing-resistant authentication.
✔ Implement Internet routing protections to defend against malicious traffic diversions
✔ Implement cryptography-protected DNS, email, voice, video conference and instant messaging.
✔ Implement PQC "as soon as practicable".
✔ Improve key management onprem and in the cloud.


👍 Introducing or improving cryptography in various processes and protocols.
👍 Protecting Internet traffic routing, as it is a first step for HNDL attacks.

More details:
📌 The order highlights “the People’s Republic of China presenting the most active and persistent cyber threat” to the US.
📌 Use of Route Origin Authorizations and performing Route Origin Validation filtering.
📌 NIST to publish updated guidance on BGP security methods, route leak mitigation and source address validation.
📌 Encrypted DNS must be deployed wherever supported.
📌 Email messages must be encrypted in transport and, where practical, use end-to-end encryption.
📌 Expand the use of authenticated transport-layer encryption between email servers and with clients.
📌 Voice, VC and IM must enable transport encryption and use end-to-end encryption by default.
📌 Implement PQC key establishment or hybrid key establishment including a PQC algorithm as soon as practicable upon support from the vendors.
📌 Support TLSv1.3 ASAP but no later than 2029.
📌 Cryptographic keys with extended life-cycles should be protected with HSMs, TEEs, etc.

Executive order: https://lnkd.in/d-ifZtrf

 


National Institute of Standards and Technology (NIST) responsibilities: https://lnkd.in/dnhUbrfH

 

 

Thanks to Jaime Gomez Garcia

 

 Regards

 

Caute_Cautim

Reply
0 Replies