On July 6, 2022, the Cybersecurity and Infrastructure Security Agency (CISA) announced the establishment of a Post-Quantum Cryptography (PQC) Initiative to unify and coordinate agency efforts addressing threats that quantum computing poses to existing cryptographic systems. The announcement came one day after NIST selected the first four post-quantum cryptographic algorithms for standardization.
The initiative was organized across four areas: risk assessment of the 55 National Critical Functions (NCFs), interagency engagement, tool development, and published guidance. CISA stated it would coordinate with interagency and industry partners, building on existing Department of Homeland Security efforts and NIST’s ongoing standardization work, to support critical infrastructure operators and government network owners during the transition to post-quantum cryptography.
CISA Director Jen Easterly stated that the agency “continually works to understand and anticipate the risks to critical infrastructure from evolving technologies including quantum computing.” The initiative extended the vision set out by Secretary of Homeland Security Alejandro N. Mayorkas in March 2021, when he identified the transition to post-quantum encryption as a cybersecurity resilience priority.
Alongside the announcement, CISA released a current activity alert encouraging users and administrators to review the DHS/NIST Post-Quantum Cryptography Roadmap, which identifies where organizations should develop transition plans. CISA noted that while NIST did not expect to publish a standard for commercial products until 2024, organizations should begin preparing for the transition immediately.