CBP Leads Federal Post-Quantum Cryptography Work
The agency began its post-quantum cryptography migration two years ago and thinks others would benefit from its lessons learned.
Customs and Border Protection (CBP) is already seeing some returns on its post-quantum cryptography preparation work that included being an early adopter for NIST’s first quantum-related standards released this year.
CBP has dubbed the work a proof of concept for other agencies in their preparation for “Q-Day,” or when computing power will become so advanced that it breaks current encryption methods and introduces critical vulnerabilities in systems. Technology experts say this time will come over the next 10 years.
“CBP is one of the first federal agencies to explore post-quantum cryptography to harden security within its systems,” noted CBP CIO Sonny Bhagowalia in a recent update. “It is necessary to strengthen our agency’s data through post-quantum cryptography encryptions now, in order to be prepared for the security threats of the future.”
Some of the agency’s initial work included creating initial inventories and plans for the migration that also complemented its work around zero trust architecture.
Through the agency’s data cataloging effort that began in 2022, it learned more about its numerous and complex data systems.
“It turns out there’s a whole bunch of third-party stuff that’s out there where you have systems calling other systems, non-human entity communication, and a whole lot more complexity,” said CBP IT Deputy Assistant Commissioner Ed Mays at an October webinar. “We discovered something that we did not expect, but I think that discovery is going to help us and potentially other agencies.”
The agency has long been a leader adapting to emerging technology. CBP and its parent agency, the Department of Homeland Security, began the migration to post-quantum cryptography even before the Office of Budget and Management directed agencies to do so in a 2022 memo.
For Mays, it was an imperative.
“It’s not like challenges that we’ve had in the past where you had a long time to get ready. Once this occurs, it’s going to be very difficult for us to catch up … from a software perspective, from a hardware perspective, from an architecture perspective,” said Mays.
Quantum Standards Require Collaboration
National Institutes of Science and Technology (NIST) Mathematician and Fellow Lily Chen added during the webinar that previous encryption standards weren’t as complex as current ones. Its first cryptographic standards were created in 1977. Now with modern systems, post-quantum cryptography requires a new set of standards.
Industry, government and academia have worked together to research and develop ways to make the migration process easier. Chen discussed the role of NIST’s National Cybersecurity Center of Excellence (NCCoE) in CBP’s own journey, citing its “Migration to Post-Quantum Cryptography” project that brings together both public and private sector.
She also noted there might be some demystification needed as many people don’t grasp how much systems, services or products rely on public-key cryptographic algorithms. This is especially true when many agency systems like CBP include a lot of third-party tools.
“With a third-party software, you don’t know which algorithm they used. That kind of [collaboration] will help the enterprise,” said Chen.
CBP’s post-quantum cryptography roadmap was published in 2021 and aims to complete migration by 2030.
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Trump's DHS Secretary Pick Prioritizes Tech to Boost Security
South Dakota Governor Kristi Noem has prioritized advancements in cyber, quantum and biometrics to enhance state and national security.
7m read -
Data Drives the Future of Health Care
Federal data initiatives across the Department of Health and Human Services aim to improve health outcomes by enhancing data sharing, privacy and security across the health care ecosystem.
30m watch -
HUD’s New CIO Focuses on AI, Zero Trust
HUD's new CIO Sairah Ijaz is focusing on implementing artificial intelligence and zero trust to mature and secure the agency's IT framework.
4m read -
New Year, New Administration: What's Next for VA in 2025
VA sets its sights on modernizing its EHR, advancing interoperability and adopting emerging tech amid the presidential transition.
4m read