Countdown to Encryption – Only 120 Days Remain for Meeting the White House Executive Order on Encrypting Data in Motion

Could a quantum-safe VPN like Phio TX-D have prevented the ransomware attack on the Colonial Pipeline? One thing is certain: relying on a software-based VPN to protect the nation’s critical infrastructure is not an option.

As government agencies, critical infrastructure operators, and supply-chain partners scramble to recover from the SolarWinds, Colonial Pipeline one-two punch, a new mandate has emerged in the form of a Presidential Executive Order.

On May 12, the White House issued an Executive Order to improve the nation’s cybersecurity and protect federal government networks. Recognizing outdated security models and unencrypted data have led to compromises of systems in the public and private sectors, the Executive Order (Section 3.d) gives agencies 180 days to encrypt data in transit, while Section 3.c emphasizes the need to “prioritize identification of the unclassified data considered by the agency to be the most sensitive and under the greatest threat.”

Quantum Xchange’s CTO Shahryar Shaghaghi in an expert article appearing in Government Computer News, warns before agencies rush to check-the-boxes of the Executive Order, they should first perform a cybersecurity risk assessment to identify gaps, define a risk profile, and align mitigation priorities and strategies with the overall risk appetite of the organization. A sound enterprise risk management profile should consider modern-day vulnerabilities and present risk scenarios but also those in the foreseeable future, including quantum. 

Because government data security requirements have a much longer shelf-life than other industries – up to 50 years in the case of official intelligence – it is reasonable to assume this data may be vulnerable to quantum attack if not protected properly today. We also know that any country that attains a quantum computing system of sufficient power will be able to decrypt stored data with ease – and odds are an adversary is unlikely to divulge this intelligence advantage. These facts, and the continued use of outdated security models and unencrypted data by critical infrastructure operators require organizations to make bold, future-proof changes to their cybersecurity practices.

Government agencies and their partners looking to update their encryption infrastructures to comply with the Executive Order and protect long-duration data should deploy quantum-safe solutions like Phio TX. Anything else would be shortsighted and could cause premature obsolescence – a costly and risk-intense scenario best avoided.

Phio TX checks all the necessary boxes when it comes a dynamic, future-proof solution for protecting your data in motion today and in the quantum future:

• It’s FIPS certified and can be easily dropped into your existing crypto infrastructure with minimal lift or outlay.
• Provides quantum-enhanced protection instantly and works across any network media.
• Dramatically and immediately improves your existing cybersecurity posture.
• Offers an affordable, crypto-agile pathway to quantum safety.
• Is available in a variety of deployment options to meet your business and budgetary requirements.

For more on the topic, don’t miss the opinion piece by company advisor and Medal of Honor recipient Jack Jacobs appearing in The Hill, Protecting American Data is the Real Crisis in National Security.

Learn how Quantum Xchange helps protect pipelines and power lines in our critical infrastructure solutions brief and more on Phio TX’s use by federal agencies and partners.