Palo Alto Networks — Strategic Partner on the Road to Quantum Readiness

Palo Alto Networks Participates in White House Quantum Security Roundtable; Selected to U.S. Cyber Center of Excellence for Post-Quantum Cryptography.

Every day, the security of billions of global digital transactions, from email and online banking to internet-connected medical devices, relies on a time-tested form of encryption called public key cryptography. But, the arrival of encryption-breaking quantum computers (possibly as soon as within a decade) will undermine this foundational cryptographic underpinning of modern cybersecurity. As a U.S. Government advisory warned, organizations everywhere should begin now to plan their transition to “Quantum Readiness” as a fundamental part of their security and business continuity strategies.

The good news is that many industry and government experts have been preparing for this challenge for a long time. In early 2024, the U.S. National Institute of Standards and Technology (NIST) is expected to conclude a seven-year process, and publish the first set of Post-Quantum Cryptographic (PQC) algorithms, with the ultimate goal of establishing new, secure, quantum computer-resistant encryption standards. Upon their release, organizations will be able to begin validating whether their existing security technologies are interoperable with the newly selected PQC algorithms.

At Palo Alto Networks, we’re committed to being a strategic partner to organizations on their journey towards quantum readiness. We’ve begun implementing quantum-resistant capabilities across our technologies, starting with a Post-Quantum VPN and new capability to discover PQC algorithm use within your network, released as part of our PAN-OS 11.1 Cosmos release last year. Last week, we launched a multi-episode video series called the CISO’s Guide to Quantum Security to aid organizations in their early quantum migration planning.

While Palo Alto Networks is leaning forward on quantum security, we also know that no one cybersecurity company, government agency or critical infrastructure organization can tackle this challenge alone. With this principle of partnership in mind, last week we were honored to be invited to a White-House-organized roundtable on Post-Quantum Cryptography. At the White House, we joined government and industry partners to share our perspective on how federal agencies and critical infrastructure operators should formulate their quantum readiness strategies.

In these and other partner engagements, we always emphasize the importance of embracing several core principles that we see as essential capabilities of a comprehensive PQC security capabilities:

• Open Standards Based: PQC security capabilities should be built on open standards, such as the cryptographic standards being developed by NIST. Too many PQC technologies rely on proprietary technologies, leading to multi-vendor interoperability challenges and forcing organizations to manually build complex integrations.
• Integrated: PQC security capabilities should be fully integrated into existing cybersecurity technologies that organizations already know and trust. Many new PQC solutions are point products that overlay on top of existing security technologies, leading to unnecessary operational complexity that can ultimately worsen security outcomes.
• Scalable: PQC security capabilities should be able to be deployed in a tailored manner, commensurate with risk. Not all digital assets require the same level of quantum security protections, and organizations need the ability to implement layers of PQC security capabilities only when the high value asset requires it.
• Agile: PQC security capabilities must be capable of rapidly shifting to use different cryptographic algorithms seamlessly, with minimal operational disruption. Shifting to new algorithms may become necessary if future vulnerabilities are discovered in new PQC algorithms that render them insecure.

We recognize that it's critical to not just believe in these core principles, but to demonstrate them technically in real world and test lab environments. Towards that end, we’re honored to announce our selection to join NIST’s National Cybersecurity Center of Excellence (NCCoE) Migration to Post-Quantum Cryptography project. At the NCCoE, Palo Alto Networks will partner with NIST, the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA) and over thirty industry peers. The project will provide a critical forum to demonstrate our latest technological innovations and our commitment to open-standards-based interoperability with the broader technology ecosystem.

The outcome of this public-private partnership will be a series of NIST Special Publications – blueprints to help organizations tackle common quantum security use cases, like conducting baseline cryptographic inventories, prioritizing which high value digital assets require PQC protections, and ultimately implementing validated PQC security solutions that demonstrate core attributes, like multi-vendor interoperability, crypto-agility and alignment to open standards.

As the global community continues to wrestle with this significant challenge over the coming decade, Palo Alto Networks is focused on being a productive partner within the global ecosystem. Through both our own technological innovations and through government partnership, we’re committed to being a leader in advancing post-quantum migration and ultimately bolstering long-term global cybersecurity.

To learn more about the cybersecurity impact of quantum computers and how your organization can begin your Quantum Readiness journey now, check out our new CISO’s Guide to Quantum Security video series.