France to Stop Certifying Non-Quantum-Safe Encryption
Overview
France is pushing for a major shift in its cybersecurity approach by announcing that it will stop certifying encryption products that are not resistant to quantum computing. This decision, communicated by the French cybersecurity agency ANSSI, will take effect in 2027, with a push for businesses to adopt quantum-safe encryption by 2030. The move will primarily impact government agencies and critical infrastructure operators, as ANSSI approval is mandatory for their encryption systems. The urgency behind this transition stems from the potential threats posed by quantum computers, which could break traditional encryption methods. By enforcing this policy, France aims to enhance the security of its digital communications and protect sensitive information from future quantum attacks.
Key Takeaways
- Affected Systems: Non-quantum-safe encryption products, government encryption systems, critical infrastructure security systems
- Action Required: Transition to quantum-safe encryption products by 2030, ensure compliance with ANSSI's certification requirements.
- Timeline: Disclosed on October 2023
Original Article Summary
France is accelerating its transition to post-quantum encryption: France’s cybersecurity agency ANSSI said on Tuesday it would stop certifying security products that lack quantum-resistant encryption, a move that will force government bodies and critical operators to shift away from older systems. Samih Souissi, ANSSI’s chief of staff, said at the France Quantum conference that the agency would halt such certifications from 2027, and that businesses should be buying only quantum-safe products by 2030. ANSSI approval is required for use in French government agencies and critical infrastructure, making the policy a de facto phase-out of older encryption...
Impact
Non-quantum-safe encryption products, government encryption systems, critical infrastructure security systems
Exploitation Status
No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.
Timeline
Disclosed on October 2023
Remediation
Transition to quantum-safe encryption products by 2030, ensure compliance with ANSSI's certification requirements
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.
Related Topics: This incident relates to Critical.