Start your day with intelligence. Get The OODA Daily Pulse.

Subscribe Sign In

Home > Analysis > NIST Selects 12 Companies for Implementing Quantum Resistant Cryptographic Algorithms

OODA CTO Bob Gourley recently posted a synopsis and analysis of the July 5th NIST Quantum Resistant Cryptographic Algorithms Announcement and provided an update of the OODA Loop Executive’s Guide to Quantum-Safe Security and the OODA Loop Quantum List.  We also provided an analysis of  CISA and Quantum Security industry leader’s reactions and recommendations based on the NIST announcement.

On May 18th, the U.S. Naval Research Laboratory (NRL) announced the establishment of the Washington Metropolitan Quantum Network Research Consortium (DC-QNet), designed to “advance quantum network capabilities and leadership” and “to create, demonstrate and operate a quantum network as a regional testbed.”  Overall, the design of the DC-QNet network incorporates the design characteristics of an Exponential Organization (ExO), which is, like some of the OODA Loop “Quantum List” companies, strategically structured for exponential speed and scale.

Another core value proposition and business model design principle necessary for exponential speed and scale is a sophisticated ecosystem of open-source, value-add platforms and strategic public and private sector partnerships. Such a “Quantum Computing Ecosystem” is emerging but, again, the interoperability required for effective innovation at speed and scale between organizations and platforms within this emergent ecosystem remains unclear. For example, it is still to be determined how the DC-QNet will intertwine with and formally collaborate with the NSM10: The National Quantum Initiative (NQI) and the NQI Advisory Committee.

For now,  the NIST contributions to building this ecosystem continue to trend in the right direction with the recent selection of 12 companies to implement the four quantum resistant cryptographic algorithms.

NIST Public/Private Quantum Computing Innovation Efforts:  The National Cybersecurity Center of Excellence (NCCoE) Migration to Post-Quantum Cryptography

The National Cybersecurity Center of Excellence (NCCoE), part of NIST, is a public-private collaboration for accelerating the widespread adoption of integrated cybersecurity tools and technologies. The NCCoE brings together experts from industry, government, and academia under one roof to develop practical, interoperable cybersecurity approaches that address the real-world needs of complex Information Technology (IT) systems. By accelerating the dissemination and use of these integrated tools and technologies for protecting IT assets, the NCCoE will enhance trust in U.S. IT communications, data, and storage systems; reduce risk for companies and individuals using IT systems; and encourage the development of innovative, job-creating cybersecurity products and services. (1)

In October 2021, NIST invited “collaborators to participate in the standardization process under a Cooperative Research and Development Agreement”: (2)

The National Institute of Standards and Technology (NIST) invites organizations to provide letters of interest describing products and technical expertise to support and demonstrate security platforms for the Migration to Post-Quantum Cryptography project. This notice is the initial step for the National Cybersecurity Center of Excellence (NCCoE) in collaborating with technology companies to address cybersecurity challenges identified under the Migration to Post-Quantum Cryptography project. Participation in the project is open to all interested organizations. (1)

Each of the 12 selected companies responded to the NIST Federal Register notice.

According to the July 15th announcement by NIST:  The NIST NCCoE will be joined by the following technology collaborators in the Migration to Post Quantum Cryptography Project: 

  • Amazon Web Services, Inc. (AWS) 
  • Cisco Systems, Inc. 
  • Cryptosense SA 
  • Crypto4A Technologies, Inc. 
  • InfoSec Global 
  • ISARA Corporation 
  • Microsoft 
  • Samsung SDS Co., Ltd. 
  • SandboxAQ 
  • Thales DIS CPL USA, Inc. 
  • Thales Trusted Cyber Technologies 
  • VMware, Inc. 

What Next?

Matthew Scholl is the chief of the computer security division of NIST’s Information Technology Laboratory.  In July, Scholl briefed NIST’s Information Security and Privacy Advisory Board.  He spoke about the public/private collaboration and the benchmarks and challenges ahead:

  • “‘While we have identified the algorithms … there still is a significant and important block of work ahead of us.’
  • Over the next, ‘good couple of months,’ [NIST] along with the Cybersecurity and Infrastructure Security Agency and the private-sector entities selected, will generate a primary set of standards for implementing the new algorithms.
  • ‘We will work with the submission team and openly with the public community to define the specifics of those implementations so that they meet the requirements that NIST laid out in our initial Federal Register [notice] back in 2016 about the security strengths of those implementations.’
  • ‘We will also decide on the implementation parameters … which will allow it to be built into commercial products with enough specificity that it can be interoperable, and that also we can ensure its correctness.’
  • NIST and CISA have ‘a goal of mitigating as much of the quantum risk as is feasible,’ by 2035.
  • To promote a sense of urgency, [Scholl] also cited a study by the Quantum Economic Development Consortia, which reported that it took five years for a single tech enterprise to transition internally to advanced encryption standards.
  • ‘We’re in the window … to transition from a theoretical issue to an engineering issue,’ he said, noting implementers will endure ‘a kind of cryptographic turbulence’ over the next five to ten years.
  • ‘We are updating our signature standard right now, which will be coming out very soon, Not only are we going to bring new items in but we’re going to be starting to drop items as well. It’s gonna be a little bit of a mixed bag … we are going to be pulling things from inventories.’ Up next to officially go is the use of a three-key triple data encryption standard, which NIST will disallow starting this December.”  (2)

Scholl also spoke directly about industry’s role in the effort:

  • “‘We’re also going to be looking at what industry is using commercially, has been using historically safely and securely, and whether or not we should also be including that, even though they may or may not be quantum-safe going forward as well.’
  • Beyond shaping the standardization process, industry will also have the opportunity to market another round of technology to federal agencies as part of the post-quantum cryptography initiative.
  • ‘Border proxies that need line speed and security are hardwired, and so, my border firewalls are all in silicon rather than software. And they don’t update so there might be an opportunity for industry to resell to the government.’  (2)

Finally, to summarize the takeaways related to the building out of a QuantumComputing Ecosystem built for exponential speed and scale:

First, the Quantum Economic Development Consortia is a unique find and its marketing tagline is instructional:  The Quantum Consortium: Enabling the Quantum Ecosystem.

Scholl’s entire presentation was structurally ‘mapped’ to NSM10, which is validation that the document is having some success as a whole of government blueprint agencies are using for the implementation of Quantum ecosystem efforts.  As Scholl noted:  “‘One of the things that is going to have to happen with the NSM 10 work is for government to identify where those expenses are, where we don’t have the agility, where we’re gonna have to do some of these re-purchases and then start to plan and budget for that as well. So yeah, agility is going to be one of the things that makes me concerned.  Scholl added: ‘We are relying a lot on the industry side to help us do that.’” (2)  Scholl’s deck is really enlightening and actionable. Find it here.

According to nextgov.com Natasha Cohen, who is leading CISA’s part in the implementation process, joined Scholl in a presentation at NIST, where she spoke about risk awareness in the Federal IT ecosystem to “emphasize the extent to which a successful transition relies on industry doing its part:  ‘The vast majority of risk lies in the vendors,’ Cohen said. ‘And so if we can get the really important companies that provide the foundation for IT security and IT management in critical infrastructure to transition, then updating technologies to supported technologies—so moving unsupported technologies out of our ecosystem—we’ll get the vast majority of risk out of our ecosystem.'”

OODA Loop will continue to track the evolving interoperability and cooperative efforts between the OODA Loop Quantum List Companies, the 12 companies chosen by NIST for formal collaboration, DC-QNet, The National Quantum Initiative (NQI) and the NQI Advisory Committee.

In the meantime:  Are there other platforms, open-source architectures or ecosystem value proposition designs or innovative business models which the OODA Loop membership has experience with (or feels are deficient) in these current Quantum Computing Ecosystem efforts?  If so, drop us a note.

Stay Informed

It should go without saying that tracking threats are critical to inform your actions. This includes reading our OODA Daily Pulse, which will give you insights into the nature of the threat and risks to business operations.

Related Reading:

Explore OODA Research and Analysis

Use OODA Loop to improve your decision-making in any competitive endeavor. Explore OODA Loop

Decision Intelligence

The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Strategies, Business Intelligence, and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence

Disruptive/Exponential Technology

We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, and Space Technology. Explore Disruptive/Exponential Tech

Security and Resiliency

Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation-state conflict, non-nation state conflict, global health, international crime, supply chain, and terrorism. Explore Security and Resiliency

Community

The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders, and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences, and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member-only video library. Explore The OODA Community.

Tagged: Quantum
Daniel Pereira

About the Author

Daniel Pereira

Daniel Pereira is research director at OODA. He is a foresight strategist, creative technologist, and an information communication technology (ICT) and digital media researcher with 20+ years of experience directing public/private partnerships and strategic innovation initiatives.

Related Posts

OODALoop Logo

Informing your decisions with actionable intelligence

Become a Member

Copyright © 2024 — All Rights Reserved.

Subscribe Sign In