Fostering Trust: Why NIST and the NSA Must Prioritise Transparency in Post-Quantum Cryptography.
Zaiku's Deep-Tech Newsletter | October 19, 2023.
Dear friends,
In the ever-evolving cybersecurity landscape, the relationship between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) has often been shrouded in scepticism, particularly concerning post-quantum cryptography (PQC) standards. Indeed, it is imperative that both agencies must prioritise transparency to enhance trust and collaboration in the wider PQC community for the following reasons:
PQC is the future of securing digital communications in an era where quantum computers could potentially break existing encryption algorithms. The role of NIST in setting cryptographic standards is pivotal, as it influences the cybersecurity practices adopted globally. However, concerns have arisen regarding the level of transparency in the NIST-NSA relationship, raising questions about the true motives and intentions behind the standards they endorse (see here and here).
To foster trust not only within the cryptography community but also among a broader audience, it is essential for organisations like NIST and the NSA to prioritise and enhance transparency in various critical areas, including:
Clear Documentation: A more detailed, public documentation of the entire standardisation process, from inception to finalisation, will ensure that the cryptographic community can scrutinise and understand the choices made.
Inclusive Collaboration: Involve a wider diverse group of experts including the cynics, not limited to government agencies, in the development of cryptographic standards. Encourage open discussions and debates to ensure a well-rounded perspective.
Independent Audits: Allow for a more independent audits and assessments of the standards and processes to ensure they are free from bias/influence and manipulation.
Regular Updates: Provide more regular updates on the progress and any changes to cryptographic standards to keep stakeholders informed.
Recognising the pivotal role of intelligence agencies such as the NSA and our own UK domestic agency, GCHQ, in preserving national security and protecting critical digital infrastructure is of utmost importance. Additionally, it's essential to acknowledge the substantial transformation of the security landscape as large scale fault-tolerant quantum computers become a reality. This transformation underscores the heightened significance of fostering collaboration with the private sector and other stakeholders to fortify our collective security. This imperative arises for several compelling reasons, including but not limited to:
Cyber Threats are Borderless: In today's interconnected world, cyber threats transcend borders. Intelligence agencies must collaborate with private enterprises and the wider community to tackle threats collectively, to safeguard national security.
Protection of Critical Infrastructure: In the modern digital economy, critical infrastructure forms the backbone of essential services, encompassing power grids, financial systems, data centres supporting cloud services, and communication networks. Safeguarding these indispensable assets from cyberattacks is paramount. Thus, a robust collaboration between intelligence agencies and the private sector is indispensable in ensuring the security and resilience of these vital components of our interconnected world.
Fostering Innovation: Promoting transparency and fostering collaboration cultivates an environment conducive to innovation. This, in turn, enables the creation of robust cybersecurity measures driven by the collective efforts of the community. Such measures, benefiting the nations served by intelligence agencies, are essential for safeguarding our digital infrastructure and national security.
Are you interested in gaining a realistic and insightful perspective on the future of post-quantum cybersecurity? If so, between November 10 and December 18, we invite you to schedule a free one-on-one call with our co-founder, Bambordé Baldé via https://calendly.com/bamborde/post-quantum-cybersecurity. During the call, you will explore the subject without resorting to hype or scare tactics, aiming to provide you with a well-grounded understanding of what lies ahead in the realm of post-quantum cybersecurity.
Many thanks for reading. We look forward to sharing our deep-tech community & venture building journey with you.
Zaiku Group team
{Twitter} {LinkedIn}
Disclaimer: Any opinions, newsletters, research, analyses or other information offered by ZAIKU GROUP is provided as general market commentary, and does not constitute investment advice. ZAIKU GROUP will not accept liability for any loss or damage, including without limitation to, any loss of profit, which may arise directly or indirectly from use of or reliance on such information.