There is a consensus across industry and governments that organizations should start planning how they will maintain security of IT systems and data given likely advances in quantum computing. Going forward, our cryptographic estates are likely to be less stable, requiring more regular algorithm updates (see The end of the Golden Age of crypto? | Entrust Blog).
One piece of advice that is regularly proposed is to improve cryptographic agility. This is smart advice, recognizing that becoming “post-quantum safe” is a multi-faceted and ongoing activity involving people, processes, and technology. I would argue that even without the post-quantum (PQ) threat to classic cryptography, robust, holistic, and efficient cryptographic agility reduces risk.
What is cryptographic agility, and how do you know if you have it? RFC 7696 talks about cryptographic algorithm agility, and it offers sound guidance at a software development level. I feel that this is insufficient to understand the “macro” cryptographic agility of an organization, such as the risk assessments, security controls, retraining, software supply chain, and so on. What if I want to understand how cryptographically agile my organization is? When thinking about this, consider the opposite situation. What attributes would hinder an organization’s cryptographic agility? Examples could include the following:
- Not having a central Policy Management Authority responsible for establishing clear policies and procedures on how and where cryptography should be used.
- No clearly defined accountability of compliance to corporate cryptographic standards across business units.
- Limited or no inventory of meta data for sensitive business information assets.
- Limited or no inventory of cryptographic assets and artifacts (crypto libraries, keys, secrets, etc).
- Lack of resources/staff with knowledge of how cryptography is used to manage risk, and how to adhere to policies and controls.
- Supplier contracts with no provisions for cryptographic standards or agility.
- Having a wide range of cryptographic libraries, keys, and key management systems deployed across your organization with no centralized visibility or reporting capability.
- Performing all cryptographic management manually, without automated management of cryptographic assets.
Many of these points relate to governance. No one can comply to a policy that does not exist, and a cross-organizational policy must be defined by a suitable body. So, step 1 to becoming cryptographically agile is to establish an accountable Policy Management Authority with appropriate terms of reference. This would typically be a cross-business and multi-skilled body that already meets regularly, is suitably empowered, and includes a remit for a longer-term roadmap against emerging threats. Indeed the first action on U.S. federal government departments from Presidential Memorandum M-23-02 (Migrating to Post-Quantum Cryptography) was to “designate a cryptographic inventory and migration lead for their organization.”
How is cryptographic policy implemented and audited? Cryptography is often embedded into IT systems, applications, network equipment, device chipsets etc., across functions, with budgets often delegated to lines of business. Should a centralized cryptography team become accountable across this estate? How are budgets for cryptography refreshes managed? Having clear accountability, responsibility, and audits of compliance is essential to cryptographic agility.
Once you have appropriate governance, you can examine your estate. What data is protected with encryption? Where is it? For how long must it be stored securely? You need to understand what types of data you are protecting. You also need to itemize your current cryptographic estate and maintain up-to-date software and hardware for all critical systems. What algorithms and libraries are you using, and do these comply with your policies? You can only manage what you have visibility of, so technology to discover cryptographic assets could be helpful here but is not the sole remedy. Because of unscannable cryptographic assets, manual capture of changes must also be encompassed.
Policies are implemented by people, so you need trained staff. Developers should be embedding cryptographic agility for in-house applications and services. Senior executives should be aware of the PQ cryptography risk, which should be on the emerging risk register, and multi-year budgeting for the wholesale changes in the landscape should be assigned now. This will ensure the risk is managed appropriately as a cross-organizational change management program. Having stakeholders trained at the appropriate level is essential to organizational cryptographic agility.
Legal and procurement teams need to understand the impact on contracts with customers and suppliers. It is likely that cryptographic agility will become a contractual obligation as, for example, applications are outsourced to cloud providers. Is your payroll supplier currently monitoring the PQ threat? Does your PKI vendor have a PQ roadmap?
Agility is hindered by complexity, but you can act now to make the PQ migration journey easier. For instance, if you centralize, simplify, and consolidate disparate PKI, key management (such as KMIP servers) and code signing systems/services, it will greatly aid the implementation and testing of the new algorithms, associated firmware etc. as well as audit and accreditation. This must flow from a central policy, to reverse the proliferation of disparate cryptographic systems and libraries that will cripple agility.
Cryptographic agility will be enhanced through automation. Automating the update of keys and certificates will increase efficiency and reduce cost of maintaining appropriate security controls. Wherever possible, centralized key and certificate management systems should push key and certificate updates to target systems. This will also reduce ongoing operational costs and reduce manual errors, which therefore should have a positive impact on system availability as well as security posture.
Cryptographic agility will be critical as organizations manage risk by maintaining security of IT systems over the next decade and beyond. Entrust recommends that assessing your current organizational cryptographic agility, holistically, would be a great starting point with regard to the PQ risk so you understand the scale of your changes and how you can improve your current cryptographic agility posture. These are the key measures that we deliver through our Post-Quantum Cryptography Readiness Assessment. Once you have a baseline of your current state, you can define a roadmap to modernize your cryptographic estate and continuously improve your cryptographic agility to effectively manage risk into the future. Your migration to post-quantum cryptography can be managed as a change and not a crisis.
For more resources on how to prepare for post quantum, click here.