For Caribbean and international professionals working on government digitalisation

Logo Rijksoverheid, to the homepage

Be prepared

Government organisations and IT providers need to start preparing now for the risks linked to quantum computing. This is especially important for organisations handling data that needs long-term confidentiality or that develop and operate systems with extended lifespans.

The PQC Migration Handbook by the AIVD can help determine whether you are in the urgent adopter category, meaning you have to start now. You are an urgent adopter if you are dealing with:

  • Sensitive organisational information with a long confidentiality horizon, at risk from ‘Store Now, Decrypt Later’ attacks.
  • Personal data requiring long-term confidentiality, such as passport information.
  • Provision of systems supporting critical infrastructure, including payment systems, energy networks and transport.
  • Provision of long-lifecycle systems, for example, in water management, the chemical industry, drinking water supply and rail infrastructure.

Take the following actions to prepare:

  • Protect all information that must remain confidential in the long term; understand your Te Beschermen Belangen (TBB), a Dutch term meaning ‘interests to be protected’, and identify the key assets that need safeguarding.
  • Include the quantum threat in your risk management process.
  • Are you using symmetric cryptography? Extend key lengths to increase security value. For example, AES-256 is currently considered quantum-safe.
  • Include requirements for (future) cryptography in procurement processes.
  • Gain insight into which cryptographic assets are present in your infrastructure, so you know which will eventually need to be migrated to post-quantum cryptography. The Government-Wide Cryptography Policy Framework (Dutch) helps you develop a cryptography policy. Although it does not provide direct insight into cryptographic assets, it helps shape your organisation’s cryptography policies and procedures.

Preparations for future changes:

  • Make sure you know where cryptography is used and ensure this is captured in the management of IT assets (Asset Management).
  • Implement preparatory changes. For example, replace Transport Layer Security version 1.2 with version 1.3 (TLS 1.3).
  • Engage with your suppliers regarding the cryptography used in their products.

Useful resources

Would you like more tips? Explore these useful resources.

Collaborating to manage risks in time: Quantum-Safe Cryptography for Government

A programme has been set up to help the Dutch Government manage, in a timely manner, the risks posed by quantum technology to cryptography. This is the Government-Wide Quantum-Safe Cryptography programme (QvC Rijk). How does QvC Rijk provide support and encouragement?

People

  • Raising awareness and urgency: action is needed now.

  • Providing awareness, knowledge, and communication in collaboration with research and science.

  • Encouraging the exchange of this knowledge across all target groups within the government.

Process

  • Providing direction on what needs to be done.

  • Making appropriate policies, frameworks, and guidelines available to help departments fulfil their responsibilities.

Technology

  • Supporting the how: guidance on practical implementation.

  • Offering tools and an expertise centre to facilitate the safe and timely management of risks.

Sharing results

  • Results achieved by the programme that can be shared publicly will be included in this file. The file also links to relevant supporting resources from other public organisations.

Learn more

Should you require more information or have any queries, please email QvC-Rijk@rijksoverheid.nl.

Got a query, thought, comment, or suggestion?

If you're working on digitalising the government and got something on your mind, please share your thoughts with us.