This week the National Institute of Standards and Technology (NIST) published new post-quantum cryptography (PQC) standards. NIST’s news item on this had these key points at the top of the article:
NIST has released a final set of encryption tools designed to withstand the attack of a quantum computer.
These post-quantum encryption standards secure a wide range of electronic information, from confidential email messages to e-commerce transactions that propel the modern economy.
NIST is encouraging computer system administrators to begin transitioning to the new standards as soon as possible.
This is long-expected and big news in the technology and cybersecurity spaces. I thought it would be fun to see how one or more GenAI tools could help me pretend to be a Chief Information Security Officer (CISO) briefing the CEO (or the board) on this news, how it impacts our organization, and what we might need to plan for in response to it.
I just got access to OpenAI’s SearchGPT this week. I’ve only had a chance to use it a couple times during the work week, but I thought I’d enlist it to help on the Pretend CISO mission. Here’s my search text:
”Post-Quantum Cryptography Standards Officially Announced by NIST”
The response from SearchGPT is good and offers a great example of why search via GenAI tools may take the place of, or at least force a major revamp of traditional web search. The response gives me a very good overview of what is new, why it’s important, and some of the key details of it. I did not have to scroll past 15 “sponsored” low quality results, and as you’ll see below I don’t even have to select a most promising looking link and click it to start to get useful information.
The inline links are valid too, no hallucinations, and the two links it highlights below the search results are good choices - the first link is to NIST’s own news item and the second is to an IBM Newsroom article, as IBM developed two of the three new PQC standards. Here’s the search result from SearchGPT:
Once I’ve verified and read through a few of the links, I’m comfortable that I’ve got a solid overview of these new PQC standards. I’d be ready to discuss these with a cybersecurity team and start our thinking and planning around these standards, or maybe decide that it’s good to be aware of these but we don’t need to start those efforts yet.
Briefing the CEO, or theC-level team or the board, probably requires a different approach. An approach that recognizes that those people likely have quite a number of business critical issues on their minds at all times. I might only have a few minutes at a meeting to brief them on the PQC news and how it affects the organization. This is where I got help from a second GenAI tool, Claude 3.5 Sonnet - because I know that Claude is excellent for summarizing large chunks of data and at producing draft quality writing in its summaries.
I uploaded NIST’s PDF on the new PQC standards, which you can see is in a wonderful glossy magazine style :)
Then I asked Claude to help me out with a concise briefing for the CEO, using this prompt:
Claude’s response is every bit as good as I have come to expect from it:
As with all things produced by GenAI tools, it is almost always a bad idea to use them verbatim. In this case, I would trim out the 1,2,3 items under the first paragraph. Those are technical details that are probably not needed in a conversation with the CEO and would take more minutes than a CEO likely has for the conversation to talk through. The Key points and Implications sections are great. I could easily use those as is or with just minor editing.
On the why this matters front, it’s the same old story with these same new GenAI tools. Searching in SearchGPT, validating and reviewing the links in the search results, and working with Claude on a briefing for the CEO, took under 10 minutes. If this was a real task assigned to me by a real CISO or my manager at work, I’m pretty happy with my response time.
Just by the way, I do not want to be a CISO. Ever ever. I don’t even want to be a manager. I’m quite happy at foot soldier level.
Post Quantum cryptography is very intriguing as a techie? I am not sure if we can put it practical use in our careers though.