US President Biden signed the Quantum Computing Cybersecurity Preparedness Act into law on 21 December 2022. The law is designed to secure the federal government systems and data against the threat of quantum-enabled data breaches ahead of ‘Q Day,’ the point at which quantum computers can break existing cryptographic algorithms. Experts believe quantum computing will advance to this stage in the next five to 10 years, potentially leaving all digital information vulnerable to cyber-threat actors under current encryption protocols. The bi-partisan Act, co-sponsored by Senators Rob Portman (R-OH) and Maggie Hassan (D-NH), sets out several obligations on federal agencies to prepare their migration to quantum-secure cryptography.
This includes a requirement for each agency to establish and maintain a current inventory of information technology in use that is vulnerable to decryption by quantum computers. They must also create a process for evaluating progress in migrating IT systems to post-quantum cryptography. These requirements must be completed within six months of the law being enacted.[1]
Additionally, within one year of the US National Institute of Standards and Technology (NIST) issuing post-quantum cryptography standards, the US Office of Management and Budget (OMB) will publish guidance requiring federal agencies to prioritize IT systems for migration to post-quantum cryptography. The agencies will then have to develop a plan for the migration. In July 2022, NIST selected four encryption algorithms to become part of its post-quantum cryptographic standard, which should be finalized in around 18 months. The provisions apply to all federal agencies except national security systems, which are exempt.
The OMB has another critical role under the Act. Within 15 months of the law coming into effect, it must create a strategy to manage the risk posed by quantum encryption, along with a report on the funding that executive agencies need to protect themselves. The body will also be obliged to send an annual report to Congress that includes a strategy to address post-quantum cryptography risks, the funding that might be necessary, and an analysis of whole-of-government coordination and migration to post-quantum cryptography standards and information technology.
Commenting, co-sponsor of the Act Senator Hassan said: “To strengthen our national security, we must address potential vulnerabilities in our cybersecurity systems, including new threats presented by quantum computing. This law will help ensure that our federal government is ready to defend our country against data breaches that could be exploited by quantum computing. I was glad to work with members of both parties to get this law across the finish line, and I will continue working to strengthen our county’s cyber defenses.”
In August 2022, the US, DHS, Cybersecurity and Infrastructure Security Agency (CISA) released guidelines to aid organizations’ transition to post-quantum cryptography.”[2]
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://www.oodaloop.com/archive/2023/01/12/in-late-december-2022-president-biden-signed-quantum-cybersecurity-preparedness-act-into-law/
Comments