Post-Quantum Crypto Meets Zero Trust

The Department of Defense (DoD) has set a target for all its components to implement a Zero Trust architecture by the fiscal year 2027. This strategy shifts from a traditional perimeter-based defense to a model of continuous verification for every access request, assuming that the network is already compromised. The DoD's framework is structured around seven pillars: User, Device, Application and Workload, Data, Network and Environment, Automation and Orchestration, and Visibility and Analytics. A significant threat driving this shift is the advent of quantum computing, which has the potential to break current public-key encryption standards like RSA and ECC. Adversaries are engaging in "harvest now, decrypt later" tactics, where they steal encrypted data today with the intent of decrypting it once quantum computers are sufficiently powerful. Experts estimate that a quantum computer capable of breaking current encryption could be available within the next decade. In response, the National Institute of Standards and Technology (NIST) has been standardizing post-quantum cryptography (PQC) algorithms. In August 2024, NIST finalized the first set of these standards: CRYSTALS-Kyber for key encapsulation, and CRYSTALS-Dilithium and SPHINCS+ for digital signatures. These new algorithms are designed to be resistant to attacks from both classical and quantum computers. The User and Identity pillar of the DoD's Zero Trust strategy is a critical area for PQC integration. This pillar focuses on continuous authentication and authorization for all users, including multi-factor authentication and privileged access management. Integrating PQC into identity and access management (IAM) systems will be essential for protecting digital credentials and ensuring the integrity of authentication processes in a post-quantum world. For detection engineering in Splunk, this convergence means building rules and dashboards that monitor for threats against these new cryptographic protocols and identity frameworks. This includes creating analytics to detect anomalous behavior related to user and device authentication, even when encrypted with PQC. Splunk can be configured to ingest and analyze logs from various sources within a Zero Trust architecture, providing visibility into traffic and helping to enforce access policies. Key Splunk use cases will involve monitoring for the compromise of PQC keys, detecting attempts to bypass new identity controls, and ensuring compliance with the DoD's evolving Zero Trust mandates. Dashboards can be developed to map security alerts to the seven pillars of the DoD's framework, providing a clear view of compliance and risk. This proactive monitoring is crucial for demonstrating continuous security and achieving the DoD's goal of a fully implemented Zero Trust architecture.