Full Report
Most organizations assume encrypted data is safe. But many attackers are already preparing for a future where today’s encryption can be broken. Instead of trying to decrypt information now, they are collecting encrypted data and storing it so it can be decrypted later using quantum computers. This tactic—known as “harvest now, decrypt later”—means sensitive data transmitted today could become
Analysis Summary
# Best Practices: Defending Against "Harvest Now, Decrypt Later" (HNDL)
## Overview
These practices address the emerging "Harvest Now, Decrypt Later" threat, where adversaries intercept and store encrypted traffic today to decrypt it once cryptographically relevant quantum computers (CRQCs) become available. The goal is to transition current cryptographic infrastructures to Post-Quantum Cryptography (PQC) to protect long-term data sensitivity.
## Key Recommendations
### Immediate Actions
1. **Conduct a Data Sensitivity Audit:** Identify data that must remain confidential for 7–10+ years (e.g., healthcare records, national security secrets, PII).
2. **Inventory Cryptographic Assets:** Map where encryption is used across the network, focusing on asymmetric algorithms (RSA, Diffie-Hellman, ECC) used for key exchange.
3. **Draft a Quantum Risk Assessment:** Document the potential business impact if intercepted data were decrypted in the next decade.
### Short-term Improvements (1-3 months)
1. **Update Root Certificates:** Ensure all internal Certificate Authorities (CAs) are using the highest possible entropy and longest supported key lengths (e.g., move from RSA-2048 to RSA-4096 or ECC P-384).
2. **Implement Hybrid Key Exchange:** Begin testing "hybrid" encrypted tunnels that wrap classical encryption with initial PQC algorithms (like ML-KEM/Kyber) to provide immediate protection against harvest-and-decrypt.
3. **Upgrade TLS Versions:** Disable TLS 1.0 and 1.1; prioritize TLS 1.3, which reduces the handshake footprint and supports more robust key exchange mechanisms.
### Long-term Strategy (3+ months)
1. **Adopt Crypto-Agility:** Re-engineer applications to allow for the swapping of cryptographic algorithms without rewriting the core codebase.
2. **PQC Migration Roadmap:** Phased replacement of legacy classical algorithms with NIST-standardized PQC modules (ML-KEM, ML-DSA, and SLH-DSA).
3. **Supply Chain Evaluation:** Require vendors to provide "Quantum Readiness" disclosures for third-party software and cloud services.
## Implementation Guidance
### For Small Organizations
- **Focus on SaaS:** Rely on major cloud providers (AWS, Azure, Google) to update their underlying infrastructure to PQC; verify their progress via service dashboards.
- **Simplify:** Use standardized, modern VPNs (like WireGuard) that are more easily updated than legacy IPsec implementations.
### For Medium Organizations
- **Hardware Refresh:** When purchasing new networking gear or HSMs (Hardware Security Modules), ensure the hardware supports PQC firmware updates.
- **Internal Training:** Train IT staff on the differences between classical and lattice-based cryptography.
### For Large Enterprises
- **Establish a Quantum Task Force:** Dedicated cross-functional team to manage the migration across global business units.
- **Legacy Systems Deprecation:** Identify and isolate legacy systems that cannot support PQC, using "Quantum Wrappers" (PQC-encrypted tunnels for internal traffic).
## Configuration Examples
*While specific PQC code is evolving, initial "hybrid" configurations for OpenSSL 3.x focus on OQS (Open Quantum Safe) providers:*
- **Example (Logical):** `SSL_CTX_set1_groups(ctx, "p256_kyber768:x25519_kyber768");`
- **Action:** Configure web servers to prioritize Keccak-based hashing and lattice-based key encapsulation mechanisms alongside classical ECDHE.
## Compliance Alignment
- **NIST FIPS 203, 204, 205:** The primary standards for post-quantum algorithms (ML-KEM, ML-DSA, SLH-DSA).
- **CNSA 2.0 (NSA):** Timelines for government agencies to transition to PQC by 2035.
- **ISO/IEC 27001:** Maps to "Cryptography" controls (A.10.1), requiring updates based on emerging threats.
## Common Pitfalls to Avoid
- **"Wait and See" Approach:** Assuming quantum computers are too far away. If data is stored today, it is exposed tomorrow.
- **Proprietary Encryption:** Avoiding standardized NIST algorithms in favor of unvetted "quantum-proof" proprietary solutions.
- **Ignoring Data in Transit:** Focusing only on data at rest while leaving data in transit (backups, site-to-site replication) on legacy TLS.
## Resources
- **NIST Post-Quantum Cryptography Portal:** hxxps[://]csrc[.]nist[.]gov/projects/post-quantum-cryptography
- **Open Quantum Safe (OQS) Project:** hxxps[://]openquantumsafe[.]org/
- **CISA/NSA/NIST Joint Guidance:** hxxps[://]www[.]cisa[.]gov/quantum-migration-information-resources