To protect existing cybersecurity protocols from being easily decrypted by quantum computers, the National Institute of Standards and Technology’s Post-Quantum Cryptography Project has developed three algorithms — known as FIPS 203, 204, and 205 — designed to withstand quantum-powered cyberattacks. The project released its first three post-quantum encryption standards on Tuesday.
With these standards, organizations can achieve quantum-secure transition strategies. The agency said post-quantum encryption standards secure many types of electronic information and encouraged IT administrators to start transitioning to the new standards now.
WHY IT MATTERS
Healthcare organizations at various stages of their cybersecurity modernization are being pushed to address a myriad of attack vectors. The rise of AI-enhanced attacks, for example, only adds to this burden, with multiple reports suggesting that AI is improving the quality and quantity of phishing attacks.
IBM’s Quantum Platform can now become Quantum Safe as standards are finalized, according to Scott Crowder, vice president of business development and adoption of secure quantum technologies at IBM, which provides services to protect critical systems and data.
The company is collaborating with the Cleveland Clinic and others on how quantum computing can benefit their research.
Crowder said Healthcare IT News Third, with these standards, healthcare organizations can take all the steps “to find the elements that help the organization move toward the goal of quantum safety.”
The difficulty for quantum pioneers like IBM – and everyone else – is waiting for the open public-key cryptography standards needed for mass access to quantum-protected data exchange protocols.
Crowder said organizations must first identify their cryptography and create what’s called a Cryptographic Materials Inventory, or catalog of artifacts.
“With CBOM, organizations can now truly see how compliant their code is – against current regulations, for example – and where they might have vulnerabilities.”
“Now, with a priority list, organizations can begin transitioning their security to quantum-safe solutions,” he said.
These three steps — discover, observe, and transform — will bring an organization closer to quantum safety, according to IBM, and IBM says this helped develop NIST’s PQC algorithm standards.
Crowder also advises healthcare organizations to either join post-quantum cryptography initiatives or start their own.
While NIST has finalized three Federal Information Processing Standards for PQC for use this year, many more are still to come.
We also reached out to the U.S. Department of Health and Human Services to ask about the new standards and any recommendations to accelerate the transition to quantum-resistant cryptography. We will update this story if we hear back.
THE BIGGER TREND
The NIST PQC project was launched as a six-year effort to develop public-key cryptographic algorithms capable of protecting sensitive and protected information.
NIST said when it first released three draft PQC algorithms last year, the project is also drafting standards for FALCON, a fourth algorithm selected for development in 2022, and a second set of alternative defense algorithms to predict future weaknesses.
In addition to partnering with IBM, Cleveland Clinic is also using quantum in clinical research.
The company recently partnered with the Novo Nordisk Foundation on a quantum computing and AI fellowship program focused on technologies that analyze large amounts of data to increase diagnostic accuracy, accelerate personalized medicine, and improve clinical trials.
ON THE RECORD
“Quantum computing technology has the potential to solve many of society’s most challenging problems, and the new standards demonstrate NIST’s commitment to ensuring that this technology does not simultaneously undermine our security,” said Laurie Locascio, Under Secretary of Commerce for Standards and Technology and Director of NIST.
“These final standards are the culmination of NIST’s efforts to protect our confidential electronic information,” Locascio said in the agency’s announcement.
“Key elements to preparing for cybersecurity risks and being ready to move to post-quantum cryptography include flexibility – being able to move to another encryption method without significant disruption; having the skilled workforce needed to adopt new post-quantum cryptography standards; and finally, cryptographic resilience, meaning that successful organizations will anticipate their risk exposure and not make decisions in isolation,” Crowder said.
“Both points underscore the need to understand the risk that bad actors who gain access to quantum computing capabilities in the future could pose – and how moving to new PQC standards now will mitigate this risk – as well as working with other organizations to prepare together.”
Andrea Fox is senior editor of Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS Media.
The HIMSS Healthcare Cybersecurity Forum is scheduled to take place October 31 through November 1 in Washington, DC. Learn more and register.
