“It is imperative for all organizations, especially critical infrastructure, to begin preparing now for migration to post-quantum cryptography.” – Jen Easterly, Director of the US Cybersecurity & Infrastructure Security Agency (CISA)
Quantum Threats to Critical Infrastructure
Critical infrastructure sectors such as healthcare, energy, finance, and agriculture can be defined as industries essential to a nation’s economy and daily functioning.
Over the last decade, these critical infrastructure sectors have increasingly come under threat from cyber-attacks due, in part, to the lasting damage and ripple effects these attacks can have if even one critical sector is compromised. The advent of quantum computing’s accelerated development amplifies the risks of quantum decryption and presents a substantial and growing threat to the stability and security of these essential industries.
Collaboration platforms have become vital to business communications within critical sector organizations, a trend that has accelerated since the COVID-19 pandemic. Remote work environments and rapid information dissemination are prevalent among critical sector businesses, with group messaging, video huddles, and real-time document sharing evolving to become essential elements of organizational communications.
The security risks associated with these platforms, however, are significant. Collaboration apps come with security measures and controls, some of which may not meet an organization’s compliance standards; BYOD (Bring Your Own Device) practices and the growing interconnectivity of operational technologies (Internet of Things) have led to a surge in access point vulnerabilities.
Complicating this move towards integrating messaging platforms into official organizational communications is the emerging threat of quantum computers to break those traditional encryption protocols that protect the vast majority of business communications today.
Organizations worldwide are taking steps to guard against the evolving quantum computing-enabled cyberattacks, with concerns centered on the coming of “Q-Day,” when practical scaled quantum computers can break standard encryption protocols such as RSA and ECC. More of a milestone than a date, Q-Day signals the crossing of a computational “line in the sand” that modern cryptographic algorithms have defended for over four decades.
Although opinions differ on when scalable, fault-tolerant quantum computers will emerge, current digital communications—from email and internet use to data storage and financial transactions—will be vulnerable to quantum decryption once Q-Day is achieved.
After eight years of development and public review, three post-quantum cryptography (PQC) standards have been released, spearheaded by the U.S. National Institute of Standards and Technology (NIST). The three quantum-resistant standards are:
- Public Key Encapsulation: (1) ML-KEM.
- Digital Signatures: (2) ML-DSA and (3) SLH-DSA.
The Imperative for Securing Critical Infrastructure
NIST and the US Cybersecurity & Infrastructure Security Agency (CISA) currently advise critical infrastructure stakeholders to adopt PQC due to the danger posed by Harvest Now Decrypt Later (HDNL) attacks and in the context of the required time for full adoption of the new security standards.
HDNL are cyber attack strategies that see threat actors intercept and store encrypted sensitive data today, only to decrypt later when quantum decryption is practical and scalable. Security experts argue that critical infrastructure organizations need to adopt PQC standards as soon as possible to reduce their exposure to HNDL threats. In response, some collaboration platform providers have started offering PQC at the transport layer, hoping that this will provide adequate protection from the quantum threat.
However, only a single messaging platform also offers PQC at the message layer. SENTRIQS has combined Message Layer Security (MLS) with PQC for the ultimate in communications security. MLS dynamically encrypts each message within a TLS-encrypted path, providing unmatched encryption protection while enabling granular control over device access to communication channels.
The recently published SENTRIQS white paper details the rising use of messaging platforms in critical sectors with the need for integrating PQC standards with Messaging Layer Security.
SENTRIQS outlines its GLYPH messaging and collaboration platform aimed at critical sectors, delivering quantum-safe instant messaging and group communications built on a novel modular security architecture.