In the latest episode of Tech in Translation, Keith Stacy, Managing Director of Networking, and Dylan Lamarre, CSfC Solutions Architect at Iron Bow Technologies, explore how Commercial Solutions for Classified (CSfC) is revolutionizing secure infrastructure design and preparing organizations for the quantum computing threat.
What is CSfC?
CSfC represents the National Security Agency (NSA)’s commercial cybersecurity strategy. It leverages industry innovation to deliver efficient and secure solutions. Dylan Lamarre describes it as "a cookbook using the right ingredients configured to the right recipe," where approved commercial off-the-shelf (COTS) products replace traditional government encryption devices. The foundation lies in dual-layer encryption—an inner and outer layer—ensuring that if one layer is compromised, the classified data remains protected.
The Quantum Threat: Harvest Now, Decrypt Later
Keith Stacy highlights a critical concern facing organizations today: adversaries are actively collecting encrypted data with the intention of cracking it once quantum computing matures. This "harvest now, decrypt later" strategy poses an immediate threat to data security.
CSFC addresses this threat through dual-layer encryption with diverse platforms and crypto libraries, plus the integration of post-quantum cryptography (PQC) measures like pre-shared keys and RFC 8784. With the recent publication of CNSA 2.0, new PQC algorithms such as ML-Kem and ML-DSA are being introduced into CSfC capability packages.
The Critical Role of Trusted Integrators
The NSA strongly recommends trusted integrators for CSFC deployments. Keith reveals a surprising statistic: of over 100 companies on the NSA's trusted integrator list, fewer than 10 have completed multiple registrations for multiple capability packages. Organizations should vet integrators carefully, asking about past registrations, understanding of local policies like RMF processes, and vendor relationships.
Beyond Government: Commercial Applications
While CSFC is unique to government, Dylan notes that critical infrastructure sectors like financial services, energy, and healthcare are adopting "CSFC-lite" architectures incorporating layered crypto, vendor diversity, and continuous monitoring. Executive Order 14306 mandates migration to CNSA 2.0 by 2035, with national security systems required to complete the transition by 2030.
Key Takeaways
Keith's message to IT leaders is clear: recognize quantum as a real threat and work with trusted advisors to ensure new procurements include PQC roadmaps. Dylan emphasizes starting now by inventorying equipment, identifying what can support post-quantum cryptography, and implementing higher-strength algorithms like AES-256 and SHA-384. The future requires crypto agility—infrastructure that can adapt to new algorithms without complete hardware replacement.
Want to learn more?
|
|
|
.svg){kind=small}
COMMENTS