Are you prepared for the post-quantum era? That’s the question everyone is asking their organizations right now. And last year, we also asked this question of a panel of industry experts at Machine Identity Management Summit 2023. And I’d like to share some of the insights we gained in a panel discussion about the evolving threat landscape and the role of post-quantum cryptography (PQC) in futureproofing machine identity security. Here’s a recap of the lively discussion that moderator David Mahdi, CIO at Transmit Security and Former Analyst at Gartner, engaged in lively conversations with esteemed panelists:
- Bruno Couillard (Co-founder, CEO & CTO, Crypto4A)
- Greg Crabb (Cybersecurity Consulting Executive, 10-8, LLC & Former CISO, U.S. Postal Service)
- Ryan Hurst (Advisor, SandboxAQ)
David Mahdi: Today, we're going to talk about post quantum readiness, why you need to think about this now, and the things that you can start to do today. We want to make this actionable and give some advice and guidance that you can take away today. Even though it sounds like science fiction, there are things that we need to do today to get started on this journey because it's going to happen pretty fast and furious and what you need to do to be ready for post quantum cryptography (PQC) and what you're doing today anyway.
Greg Crabb: From a practitioner perspective, as we look at how do we build more robust systems, we've got to start with threat modeling in mind. Moving that whole shift left and understanding from a design perspective, where are our cryptographic artifacts sitting and how do we inventory those and recognize the specific attacks that are being made against those artifacts today? So that we can prepare for the way those will be attacked in 2030 as the Cloud Security Alliance is talking about when we should expect quantum.
There will be a couple of different attacks when we see quantum. But if you can't handle the specific attacks of today, there's no way you're going to be able to be prepared with the agility and speed that you need to be able to address those attacks eight years from now or seven years from now. And so instilling that discipline of threat modeling at design time, having proper architecture diagrams that really point to not only the database and the web server and the firewall, but also what are those cryptographic artifacts that you're relying on from an architectural perspective that need to be addressed from a threat perspective. And making sure that you're defining those countermeasures that help you to keep those artifacts up to date from a not only from a lifecycle management perspective, but also looking into post quantum when we need to roll into new algorithms to protect that infrastructure.
Prepare for the Future of Cybersecurity: InfoSec's Guide to Post-Quantum Readiness
David Mahdi: Do you think this is madness that we're talking about PQC readiness or are there tangible tactical things that based on your background, what, what should these folks be thinking about today?
Ryan Hurst: I think it's important to look at previous shifts that we've had to have to make in the context of key management and cryptography. You know, when the shift between MD5 to SHA-1, the shift from triple DES to AES, how long did it take to make that that shift as an industry? It's roughly around 15 years. So when people ask me, what do you think about post quantum key management and certificate management, I usually will say post quantum key management is competent classical key management.
Basically, if you have a capability, let's say to rotate a key and you never exercise that capability to rotate a key, that capability effectively doesn't exist. Say I have a plan, but I've never tested that plan. I don't use that, that, that motion regularly. So what we need to be doing is, you know, reducing the lifespan of the cryptographic key material that we use and rotating it regularly. Now we get this, this capability that like, OK, when this does happen, how quickly do I have to respond and how quickly can I respond, and will I know how complete my migration is? Did I respond effectively? So it's about getting all that automation in place, the monitoring in place and understanding your environment.
The other thing that I tend to focus on is our definition of agility. We use that word a lot. I think it's very different in this post quantum world. The difference is when we blessed AES as an industry and we started to adopt it, there was really no question on whether or not it is going to be secure for the long run. But if we look at post quantum algorithms, they're very young.
And in fact, there was one of the candidates that was chosen by NIST, it was just approved. And within 48 to 72 hours, it was shown to be insecure. And so agility needs to also include our ability to be agile in the way that we operate the systems that consume cryptography. If there was another open SSL random number generator problem, could you replace all your open SSL cryptographic implementations, you know, in a week, a month, a year? How long would it take you? That's basically the same problem you're going to have when, let's say, the next NIST candidate falls because of an insecurity.
So you need to be focused on operational agility, not just the concept of cryptographic agility at the same time. And a big part of that is measurement, so you know the whole number. Am I solving the whole problem?
David Mahdi: So there's all the talk from NES about the candidates for PQC algorithms. If you’re responsible for application security but don’t want to get into the weeds of this stuff, what would be the key takeaways they should be aware of today?
Bruno Couillard: If you're at all involved with the US government, probably one of the key takeaways here is that NSA year ago came out with something called the CNSA 2.0. In that policy they basically outlined what will need to be done by vendors that produce products for national security systems. And as part of this outlining, they have now kind of put some timelines, one of them being 2025. And, as you all know, 2025 is kind of tomorrow.
I was at a conference fairly recently where the question was asked to NSA, would you allow us to delay a bit to change perhaps a few years? The answer is absolutely not. So that sort of thing, if you're involved in any of those kinds of sectors, I would say you may want to start paying attention to that.
But NIST is also doing a fantastic job at moving the standards, moving the draft documentation, and getting the industry to collaborate. They have established a lab in Maryland, the at the NCCoE to operate with a bunch of companies. We're about 30 of us now and this is about doing interoperability with HSMs, PKI certificate management and all sorts of capabilities that will require PQC capabilities.
So I would say right now there's a lot of work, but there is already a lot of work being done. And I think it's positive news on that front.
David Mahdi: Let’s bring it back to your app developer. What do they need to take away from PQC readiness?
Greg Crabb: I think we need to learn from what we've seen in the threats landscape this year. For example, let’s look at the CircleCI breach that happened with State Department recently from a from a Microsoft signing key perspective. So the CircleCI breach was where a developer laptop popped their authentication tokens into their code and deployment pipelines were compromised as a result. A lot of their customers had insecure development pipelines as a result of that attack. Are you prepared for that type of cryptographic attack against your organization? If no, do you have a playbook to be able to deal with that from an incident perspective? So, from a modeling perspective, we need to think about that.
You need to understand that lifecycle back to threat modeling of how your cryptography is made within the organization, the dependencies that you've got on that signing infrastructure. And then you need to alert on it as well as have a response plan for when it goes bad.
Ryan Hurst: I think Storm-0558 is actually an interesting example. If you look at Storm-0558, what happened in this particular situation is an application had a problem and it was using the key and it threw up the key to the file system. And then somebody took a copy of that thrown up cache that included the key out of that environment and then was able to sign things.
So one of the things that I think that I would want you to take home is do you know where your keys are, and do you know how they're being protected? I think HSMs are an important part of that, but they're not the only way that you keep keys safe. There are other signing oracles that are software, they'll simply take those keys out of memory so that they're not associated with the application workload. Some workloads absolutely need to have HSMs, but we need to protect our keys from the workload and not just let the workload have access to the key. That's one Storm take away.
And access management on top of that. If you're not rotating your keys regularly, all cryptographic keys are only theoretically secure for a period of time. If you're not rotating your keys, you are not going to be ready to respond to post quantum evolution as it happens because you don't have the infrastructure and the muscle memory to be able to do it.
Bruno Couillard: If you do have in your inventory or in your design or architectures, anything that's hardware, HSMs, tokens, cards, anything that's a fixed asset that you bought many years ago. All of these things today are built around classic crypto. You need to replace them all and that replacement process, as you all know and as we've all experienced, the supply chain for hardware is not the same as the supply chain for software. You can download a patch; you cannot download a new HSM.
But there are ways for you to get started. Like you don't have to replace today, but you can have crypto agile and quantum safe HSM that can be purchased or deployed proof of concepts. I would definitely suggest that you may want to think about if you have HSMs, you may want to start thinking about how you go about replacing them as soon as possible. Get started now. It will be long project.
Ryan Hurst: I also want to add another thought on justifying budgets. We all struggle with that. I don't care which part of security that you're in. We're actually in the most ideal time ever thanks to the SCC. I think if you look at recent attacks, you're going to be able to draw from those and say, post quantum key management is competent classical key management. We can just look at all the various examples that are happening right now and be able to draw parallels for our leadership.
David Mahdi: I would just say one thing to add to the great advice that that you guys gave, it's not, there's no end date here. This, this is a journey, right? It's not like we can say it's 2030 because, you know, they said it's 2030. It is, it's a journey that we need to get there. We need to start now, which is making sure you're, you're already crypto agile and that's a part of your normal incident response anyway.