Ensuring Critical Infrastructure Security with Quantum-Resistant Cryptography
Summary of the Whitehouse Report on Post-Quantum Cryptography
Introduction
Federal agencies and critical infrastructure must urgently prepare for the next frontier in cybersecurity: quantum-resistant cryptographic systems (PQC). The growing capabilities of quantum computing pose a significant threat to traditional public-key cryptography, which is foundational to most digital security protocols. To safeguard sensitive information, agencies must first establish a thorough cryptographic inventory. This inventory is the baseline for deploying quantum-resistant measures effectively, as mandated by Executive Order 14028 on cybersecurity improvements. Adopting a Cryptographic Bill of Materials (CBOM) is a key step in identifying vulnerabilities in existing cryptographic assets and bolstering federal defenses against quantum-driven threats.
Why Quantum-Resistant Cryptography is Essential for Federal Agencies and Critical Infrastructure
The Emerging Quantum Threat to Public-Key Cryptography
Advancements in quantum computing signal a fundamental shift in cybersecurity. While quantum computers promise breakthroughs in fields like healthcare and artificial intelligence, they also bring unprecedented risks. A cryptanalytically relevant quantum computer (CRQC) will have the capability to break today’s cryptographic systems, putting the confidentiality, integrity, and authenticity of sensitive data at risk. Public-key cryptography, critical to secure communication across government, the private sector, and critical infrastructure, could be made obsolete by a CRQC. This highlights the importance of implementing quantum-resistant public-key cryptographic systems.
Record-Now-Decrypt-Later Attacks: A Looming Threat
One of the most pressing concerns is the potential for “record-now-decrypt-later” attacks. In this scenario, an adversary intercepts and stores encrypted data, intending to decrypt it once quantum computing advances further. These attacks are not limited to internet data; even internal agency networks could be vulnerable, especially under a zero-trust model where data must be encrypted at every point. Though current encryption practices and rapid key rotation add layers of security, they are only temporary barriers against well-funded adversaries with quantum ambitions.
The Role of Executive Order 14028 in Cybersecurity
Executive Order 14028, “Improving the Nation’s Cybersecurity,” has set new standards for cybersecurity resilience in federal agencies and critical infrastructure. The order emphasizes improving software supply chain integrity through Software and Hardware Bills of Materials (SBOM and HBOM) and has introduced the concept of a Cryptographic Bill of Materials (CBOM). The CBOM offers agencies a clearer picture of their cryptographic assets, facilitating the migration to quantum-resistant measures that are robust enough to withstand CRQC threats.
The Foundation of PQC Migration: A Comprehensive Cryptographic Inventory
What is a Cryptographic Inventory?
A cryptographic inventory is a detailed catalog of cryptographic assets within an organization. This inventory enables agencies to pinpoint where cryptographic protocols are implemented, identify assets vulnerable to quantum threats, and plan the transition to PQC. Given the widespread use of public-key cryptography, agencies must adopt an exhaustive inventory process to assess the readiness of their systems against quantum threats.
Benefits of a Cryptographic Bill of Materials (CBOM)
The Cryptographic Bill of Materials (CBOM) is an essential tool that provides a high-level view of cryptographic assets across federal networks. By identifying vulnerable or outdated cryptographic protocols, CBOM helps agencies to detect weak cryptographic links that could be exploited. CBOM serves as an anchor in the PQC migration process, supporting compliance with mandates like Executive Order 14028 and aligning with best practices in cybersecurity.
Role of Automated and Manual Cryptographic Inventories
Maintaining an accurate cryptographic inventory requires both automated and manual processes. Automated tools simplify inventory tracking by scanning systems for cryptographic implementations, but they may lack the visibility to capture all cryptographic instances. As a result, agencies conduct annual manual inventories to catch any instances that automated tools miss, ensuring a complete and reliable cryptographic assessment.
Steps Toward Quantum-Resistant Infrastructure
Identifying Quantum-Vulnerable Systems and Prioritizing PQC Migration
Agencies must identify and prioritize critical systems for PQC migration to ensure that the most sensitive data and high-impact assets are protected. Key criteria include systems with high-value data, logical access controls using public-key infrastructure, and assets that must remain secure well into the 2030s. Prioritization ensures that resources are allocated to defend the most vulnerable cryptographic components.
Overcoming Interoperability Challenges in PQC Migration
Interoperability is a significant concern in PQC migration. If a system adopts PQC-based encryption but its counterpart does not, an encrypted connection cannot be established, potentially impacting operations. Agencies must collaborate to ensure cross-compatibility, carefully planning transitions to PQC with attention to both interoperability and fail-secure configurations that prevent data from being transmitted if encryption fails.
Early Detection of Non-Upgradeable Systems
To minimize disruption, agencies need to identify systems that cannot support PQC as early as possible. Some legacy systems may lack the capacity for PQC algorithms, making replacement essential. Modernizing these systems can be a time- and resource-intensive process but is necessary to ensure a smooth PQC migration.
SecureG’s Role in Bolstering Federal Cybersecurity with CBOM
SecureG’s Analytics Framework
SecureG has pioneered a certificate analytics framework that enhances cryptographic visibility across federal infrastructure. By scanning, cataloging, and assessing cryptographic assets, SecureG generates a comprehensive CBOM that helps agencies pinpoint vulnerabilities. This framework plays a critical role in strengthening federal cybersecurity and ensuring compliance with the standards outlined in Executive Order 14028.
How CBOM Mitigates Security Risks in Federal Infrastructure
CBOM allows agencies to take proactive measures against cybersecurity risks by identifying weak cryptography and expired certificates. This inventory-driven approach empowers agencies to stay ahead of vulnerabilities, preventing cyber threats that could compromise mission-critical communications or inject malicious code into essential systems.
Preparing for the Future of Quantum-Resistant Cryptography
NIST’s Role in Standardizing PQC Protocols
The National Institute of Standards and Technology (NIST) leads the global charge in PQC standardization. By fostering an open standard development process, NIST ensures that PQC algorithms are both secure and interoperable. Since 2016, NIST has meticulously reviewed candidate algorithms and conducted public assessments. As PQC standards are finalized, agencies will gain the tools they need to implement resilient cryptographic protocols across federal systems.
Continuous Assessment and Updating of Cryptographic Policies
The journey to quantum-resistant infrastructure is continuous, with ongoing assessment and policy updates needed to address emerging threats. Agencies must periodically update their cryptographic policies, even after full PQC migration, to respond to advancements in both quantum and classical computing. Such ongoing vigilance will be essential to maintain secure cryptographic protocols well into the future.
Conclusion
Securing federal systems and critical infrastructure in a quantum era is imperative. With advancing quantum computing capabilities, adversaries may soon possess the tools to bypass current cryptographic protections, endangering sensitive data and national security. Through comprehensive cryptographic inventories, agencies can assess and strengthen their cryptographic foundations to deploy quantum-resistant measures effectively. SecureG’s CBOM solution plays a critical role, offering a proactive approach to safeguarding cryptographic assets across federal networks. By prioritizing cryptographic resilience now, federal agencies can protect vital systems and ensure the integrity of national security for the future.
Learn more about SecureG’s cryptographic solutions and take the next step in quantum-resilient cybersecurity for federal systems.
In today’s digital age, the simple act of answering a phone call has become a gamble. With the surge in spam, robocalls, and voice phishing (vishing), consumers are increasingly hesitant to pick up calls from unknown numbers. Close to 80% of consumers don’t answer unknown phone calls. This hesitation not only affects personal communication but also hampers legitimate businesses trying to reach their customers.
Enter Branded Calling ID (BCID), a groundbreaking solution poised to restore trust in voice calling and accelerate the adoption of branded calls. Unlike traditional methods like STIR/SHAKEN, which have limitations, BCID offers a more comprehensive approach. This article explores how BCID is changing the landscape by supporting international callers, aligning financial incentives, and implementing rigorous Know-Your-Business (KYB) verification with strong roots of trust.
BCID restores trust in voice calling and is set to outpace existing solutions because:
- Pay-for-performance aligns with financial incentives: Brands can calculate ROI because they only pay when the service provider proves delivery of branded data
- BCID Expands to include International Callers: While STIR/SHAKEN is confined to the U.S., BCID enables verification and branding for callers worldwide.
- BCID focuses on branded calls, not just robocalls: While STIR/SHAKEN has reduced robocalls, BCID enables brands to present their verified brand when calling customers.
- Rigorous Know-Your-Business (KYB) with Strong Trust Model: Enterprise and brand data is meticulously vetted and verified. BCID certificates expire and are re-issued every 24 hours. Compliance audits enforce policies and adherence to best practices.
The Trust Crisis in Voice Calling
The proliferation of spam, vishing, and robocalls has eroded consumer trust in voice communication. These unwanted calls not only annoy recipients but also pose security risks through phishing and fraud attempts. As a result, many people have resorted to ignoring calls from unknown numbers altogether.
This behavior has significant repercussions for enterprises and communication service providers. Legitimate businesses struggle to reach their customers, impacting service delivery and customer satisfaction. The decline in answer rates also affects the revenue streams of service providers facilitating these calls.
What Is BCID?
Branded Calling ID (BCID) is an innovative technology that improves the calling experience by displaying verified business information and call reasons on the recipient’s phone screen. When a call is made using BCID, the person answering can see the caller’s name, logo, and what the call is about. This makes them feel more confident to answer.
BCID uses a secure Public Key Infrastructure where enterprise data is vetted and verified before being displayed. It supports international callers, making it a global solution for businesses aiming to improve their reach and engagement.
STIR/SHAKEN Made Great Stride Reducing Robo Calls
Limitations of STIR/SHAKEN
STIR/SHAKEN is a framework implemented in the United States to combat caller ID spoofing by verifying the authenticity of calls. While it has made strides in reducing fraudulent calls, it has notable limitations:
- Geographical Constraint: STIR/SHAKEN primarily works within the U.S., leaving international calls unverified and spoofable.
- Limited Adoption: Implementation lacked financial incentives to make the required significant infrastructure changes, making it less accessible for smaller service providers.
Advantages of BCID
BCID addresses these limitations by offering:
- Global Support: BCID works across international borders, enabling enterprises worldwide to benefit from enhanced call verification.
- Enhanced Security Features: With rigorous KYB processes and strong roots of trust, BCID ensures that only legitimate business information is displayed.
BCID Restores Trust in Voice Calling and Aligns Incentives
Global Reach: BCID Supports International Callers
One of the significant advantages of BCID over STIR/SHAKEN is its ability to support international callers. In a globalized economy, businesses often need to reach customers across borders. BCID ensures that these calls are verified and trusted, overcoming the geographical limitations of STIR/SHAKEN.
For international enterprises, this means improved answer rates and better customer engagement. By displaying recognized brand information, businesses can reassure recipients about the legitimacy of the call.
Aligned Financial Incentives Between Brand and Service Providers
BCID introduces a simple mode to align financial incentives between brands and service providers. Enterprises pay for calls when the terminating service provider proves their data was delivered to the end-user. This system ensures that all parties are motivated to maintain the integrity and efficiency of the communication process.
For service providers, this creates a new revenue stream while promoting the delivery of high-quality services. Enterprises benefit by ensuring their calls are more likely to be answered, improving communication effectiveness.
Rigorous Know-Your-Business (KYB) Verification
Trust is built on verification. BCID employs a rigorous Know-Your-Business (KYB) process with strong roots of trust. Enterprise data is thoroughly vetted and verified before being used in calls. This process prevents fraudulent entities from misrepresenting themselves, thereby protecting consumers.
The robust KYB framework ensures that only legitimate businesses can use BCID while maintaining the integrity of the ecosystem. This level of scrutiny is essential in rebuilding consumer confidence in voice calls.
BCID Security and Transparency Improve Trust
Open, Transparent, and Trusted Ecosystem
BCID fosters an ecosystem where transparency is paramount. By openly displaying verified business information, it reduces ambiguity and suspicion. This openness encourages trust between consumers, enterprises, and service providers.
Collaboration among stakeholders is crucial. BCID’s framework allows for shared benefits, promoting widespread adoption and cooperation.
Standards-Based Rich Call Data (RCD) Solution
BCID utilizes a standards-based Rich Call Data (RCD) solution, incorporating end-to-end security by design. This ensures that the data transmitted is secure from the point of origin to the recipient’s device.
End-to-end security minimizes the risk of data interception or tampering, further enhancing trust in the system. High-assurance roots of trust
Compliance with Industry Best Practices
Adherence to common BCID terms and conditions and industry best practices is mandatory. These guidelines are subject to compliance reviews, ensuring all participants maintain high standards.
This compliance framework not only protects consumers but also ensures that enterprises and service providers operate within agreed-upon parameters, promoting fairness and reliability.
Enhancing Trust with Approved Call Reasons
Showing the reason for a call makes it more likely that someone will answer. It also tells them what the call is about without them having to answer the call. BCID allows businesses to display pre-approved call reasons, providing context to the recipient. These call reasons include:
Account Alert
Account Notification
Account Services
Accounting Department
Agent Call Back
Appointment Confirmation
Appointment Reminder
Confirm Appointment
Confirm Card Use
Confirm Order
Confirm Receipt
Confirm Statu | Customer Service
Delivery ETA
Flight Arrival
Flight Boarding
Flight Cancellation
Flight Delay
Follow-Up Calls
Fraud Alert
General Support
Identity Verification
Investor Relations
Item Ready | Order Confirmation
Order Ready
Policy Update
Recall
Reschedule Request
Reservation Ready
Responding to Your Inquiry
Response Requested
Returning Your Call
Rx Ready
Sales Call
School Closing Alert | Service Outage Notification
Snow Alert
Technical Support
Today’s Delivery
Upcoming Delivery
Verification Code
Weather Alert
Your Account
Your Order |
By informing the recipient why they are being contacted, BCID reduces uncertainty and enhances the user experience. This transparency is instrumental in rebuilding trust.
The Impact of BCID on Consumer Behavior
Statistics Supporting BCID Adoption
Numbers tell a compelling story:
- Close to 80% of consumers don’t answer unknown phone calls.
- 7 out of 10 consumers are more likely to answer calls with visual trust indicators.
These statistics underscore the necessity for solutions like BCID. BCID significantly improves call answer rates by providing visual trust indicators, benefiting both consumers and businesses.
Benefits for Enterprises and Service Providers
For enterprises, higher answer rates translate to better customer engagement and potentially increased revenue. Service providers benefit from aligned financial incentives and improved customer satisfaction.
Next Steps for Service Providers and Enterprises
Service Providers: Adopt BCID and Apply for a Verified Certificate
Service providers are encouraged to integrate BCID into their offerings. By applying for a BCID-verified certificate, they can authenticate calls and participate in this trusted ecosystem.
Enterprises: Request a Demo of SecureG’s Call Signing Service
Enterprises looking to contact rates should consider SecureG’s high-performance call signing service. A demo can showcase how BCID can transform its customer interactions.
Conclusion
Rebuilding trust in voice calling is essential for effective communication today. BCID offers a comprehensive solution that addresses the limitations of existing frameworks like STIR/SHAKEN. By supporting international callers, aligning financial incentives, and implementing a rigorous trust model, BCID restores trust and accelerates the adoption of branded calls.
Service providers and enterprises stand to gain significantly from adopting BCID. It’s time to embrace this technology and move toward a more trusted communication landscape.
Service providers: adopt Branded Calling ID now and apply for a BCID-verified certificate. Enterprises: request a demo of SecureG’s high-performance call signing service.
Communication networks are evolving to support faster, more efficient, interconnected services. Among these advancements, 5G and FutureG networks promise unprecedented levels of wireless performance. However, with increased connectivity comes the need for enhanced security measures. In this blog post, we explore the crucial role of digital certificates in securing these newer networks and discuss five intriguing points about their applications.
Enhanced Security
Security is paramount in 5G and FutureG networks, considering the vast amount of data being exchanged and the multitude of interconnected devices. Digital certificates serve as the linchpin of security by authenticating the identity of devices, networks, and users. By incorporating digital certificates, these networks can effectively thwart unauthorized access, data tampering, and man-in-the-middle attacks, bolstering the overall security posture.
Trust and Privacy
Maintaining trust and preserving user privacy are key considerations in modern networks. Digital certificates establish trust between network entities, ensuring that devices and applications can verify the legitimacy and integrity of the data they receive. This enables secure, encrypted communication between devices, preventing unauthorized interception or tampering of sensitive information and safeguarding user privacy.
Authentication and Authorization
In 5G and FutureG networks, where numerous devices and services are interconnected, robust authentication and authorization mechanisms are vital. Digital certificates provide a reliable means to authenticate devices, users, and services, verifying their identity and permissions. By employing digital certificates, these networks can ensure that only authorized entities can access specific network resources, mitigating the risk of unauthorized access.
Seamless Roaming and Handover
One of the key features of mobile networks is the ability to roam between different network environments. Digital certificates play a crucial role in this process by enabling secure handover. Devices can authenticate themselves to new network access points, ensuring a smooth transition while maintaining the security and integrity of communication. This capability enhances user experience and supports uninterrupted connectivity.
Scalability and Management
With the proliferation of devices and services modern networks, managing security at scale becomes a daunting task. Digital certificates provide a scalable solution by leveraging the existing Public Key Infrastructure (PKI). Certificate authorities (CAs) issue and manage digital certificates, ensuring their validity and revocation when necessary. This streamlined approach enables efficient deployment and management of digital certificates, facilitating secure and reliable communication across a wide range of devices and services.
As 5G and FutureG networks continue to evolve, incorporating robust security measures is crucial. Digital certificates emerge as a fundamental element in fortifying these advanced networks, offering enhanced security, trust, and privacy. Their application ensures authentication, authorization, and seamless roaming while enabling scalability and efficient management. By harnessing the power of digital certificates, we can confidently embrace the boundless opportunities that lie ahead in our increasingly interconnected world.
In Biden’s Executive Order on Improving the Nation’s Cybersecurity, mandates for the security of the software supply chain were explicitly laid out. It starts with requirements for the National Institute of Standards and Technology (NIST) to “issue guidance identifying practices” for identifying and tracking the third-party software packages in applications used by the government.
This shift raises the question: What will government IT departments do with this new information?
On the one hand, it seems incredible that enterprises and governments are using software without understanding what is in it. Historically, however, this is just how it goes with software—users have never quite known what is in the software they use, because they never get to see how it is made.
Big software applications typically consist of millions of lines of code and hundreds or thousands of third-party code packages. For most, the details of the process are out of sight, out of mind.
To ensure more reliable and secure applications, two new capabilities need to be applied to software:
1. An ability to identify and present in a manifest the source and version of all software contained in an application, and
2. A system to continuously identify and report vulnerabilities in all software packages such that their presence and potential security impact on a finished software application can be known at any time.
Even this approach does not solve all the problems—there are still issues of undiscovered vulnerabilities and unexpected code interactions across packages that can lead to weaknesses and breaches.
Software Bills of Materials (SBOMs) seek to address these requirements, but they only work if the user can trust the statements in the manifest. SecureG is working on the solution–digital certificates for your software inventories that let software vendors trust and trace the origin of all their components and prove to their customers they are in control.
Talk to SecureG for more information.
