The U.S. National Institute of Standards and Technology (NIST) is charged with setting cybersecurity standards and validating products, yet is woefully behind on both. As new threats emerge — we’re looking at you, quantum computing — continued delays could become a crisis.
Two areas that are particularly concerning are delays in FIPS 140-3 validations and the development of post-quantum cryptography.
FIPS 140-3 sets encryption and protection standards for everything from software, SSDs and HDDs to network switches and new quantum encryption standards, yet product validations have been running far behind historical norms. As quantum computing technology continues to develop, this problem will become a crisis if it can’t be resolved now.
FIPS 140-3 Delays
The FIPS 140 standard started in January 1994 with FIPS 140-1, developed by a government and industry working group composed of vendors and users of cryptographic equipment. FIPS 140-2 was issued in May 2001 and FIPS 140-1 was sunsetted a year later.
FIPS-140 became the main input to the international standard ISO/IEC 19790:2006, Security requirements for cryptographic modules, issued in March 2006, so NIST was leading the standards process for much of the world. Hundreds, if not thousands, of products were validated under FIPS 140-2. The vendor community knew how to develop and maintain those products for almost two decades, and historically, validation took from six months to at most 12 months, unless something egregious was found, which did not happen very often because the process was well known and vendors knew what to do and how to do it.
FIPS 140-3 was issued in March 2019 and validation submissions began in September 2020. The FIPS 140-3 standard did not change encryption algorithms or key size. What did change in FIPS 140-3 is that the standard now evaluates security requirements at all stages of cryptographic module creation, including design, implementation and final operational deployment. FIPS 140-3 also requires different authorization levels and users for management activities, similar to what SELinux requires with a SecAdmin user (security admin) and an AuditAdmin (the administrator of the audit files). So the vendor community had some changes to make, but hardware vendors most likely did not have to create a new ASIC with new algorithms and merely had to modify firmware.
Today we are almost three years into FIPS 140-3 submissions, and while we had a Covid shutdown during some of that time, it doesn’t explain why there have only been seven FIPS 140-3 validations as of last week, the last one nearly six months ago (chart below), and another 189 (and growing) in the validation process. I doubt the vendor community is so incompetent that they couldn’t comply with the minor changes required to get products validated. Add to this that both hardware and software FIPS 140-2 products are likely gone, as the last submission to FIPS 140-2 was March 2022 and those products likely reached end-of-life some time ago.
FIPS 140-3 validated products as of July 18, 2023
Certificate Number | Vendor Name | Module Name | Module Type | Validation Date | Status |
---|---|---|---|---|---|
4442 | VMware, Inc. | VMware’s ESXboot Cryptographic Module | Software | 02/23/2023 | Active |
4402 | Advanced Micro Devices (AMD) | AMD Ryzen PRO 4000 Series PSP Cryptographic CoProcessor | Firmware-hybrid | 12/30/2022 | Active |
4401 | Advanced Micro Devices (AMD) | AMD Ryzen PRO 5000 Series PSP Cryptographic CoProcessor | Firmware-hybrid | 12/30/2022 | Active |
4392 | Apple Inc. | Apple corecrypto Module v11.1 [Apple silicon, Kernel, Software] | Software | 12/07/2022 | Active |
4391 | Apple Inc. | Apple corecrypto Module v11.1 [Apple silicon, User, Software] | Software | 12/07/2022 | Active |
4390 | Apple Inc. | Apple corecrypto Module v11.1 [Intel, Kernel, Software] | Software | 12/07/2022 | Active |
4389 | Apple Inc. | Apple corecrypto Module v11.1 [Intel, User, Software] | Software | 12/07/2022 | Active |
The lack of FIPS 140-3 products is seriously hurting our security posture, and there are no public statements from NIST on when or if the validation process will catch up.
See the Top Enterprise Encryption Products
Quantum-Resistant Algorithms
Those delays are coming at the same time the agency is overseeing a process to evaluate and standardize quantum-resistant public-key cryptographic algorithms.
This process has been going on since 2016, and since that time there has been a huge increase in quantum technology and an equally large increase in quantum understanding and interest. Yet seven years later, we have only four algorithms, although last week NIST announced that a number of other candidates are under consideration, a process that is expected to take “several years.”
The delay in developing quantum-resistant algorithms is especially troubling given the time it will take to get those products to market. It generally takes four to six years with a new standard for a vendor to develop an ASIC to implement the standard, and it then takes time for the vendor to get the product validated, which seems to be taking a troubling amount of time.
I am not sure that NIST is up to the dual challenge of getting the algorithms out and products validated so that vendors can have products that are available before quantum computers can break current technology. There is a race between quantum technology and NIST vetting algorithms, and at the moment the outcome is looking worrisome.
Since NIST is both the standards and validation body for standards for our nation and much of the world, I find the situation both disheartening and pretty scary. Not a week goes by without some new quantum announcement from vendors, and not a day goes by without another major cybersecurity incident. And encrypted data stolen now can be decrypted later, so the potential for “harvest now, decrypt later” (HNDL) attacks is a quantum computing security problem that’s already here.
We deserve and need standards that provide the nation a modicum of security, and we need a standards body that is looking ahead to the future and ensuring that we will be protected. At the moment we have neither, and can only hope that the Biden Administration’s Cybersecurity Strategy can fix this.
Read next: