US President Joe Biden signed into law this week (December 21, 2022) the Quantum Computing Cybersecurity Readiness Act.
The legislation is designed to protect federal systems and data from the threat of quantum-enabled data breaches ahead of “Q Day,” the point at which quantum computers can break existing cryptographic algorithms. . Experts believe that quantum computing will reach this stage in the next five to ten years, and under current cryptographic protocols, all digital information could become vulnerable to cyber threat actors. increase.
Co-sponsored by Senators Rob Portman (Republican-Ohio) and Maggie Hassan (Democrat-New Hampshire), the bipartisan legislation establishes a number of mandates for federal agencies to prepare for the transition to quantum-secure cryptography. I’m here.
This includes requirements for each agency to establish and maintain a current inventory of information technologies in use that are vulnerable to quantum computer decipherment. A process should also be created to assess progress in transitioning IT systems to post-quantum cryptography.
These requirements must be completed within six months of enactment of the law.
Additionally, within a year of the National Institute of Standards and Technology (NIST) publishing its post-quantum cryptography standards, the Office of Management and Budget (OMB) announced that federal agencies would prioritize IT systems for the transition to post-quantum cryptography. Issue guidance requiring that Each institution should then develop a plan for the transition.
In July 2022, NIST selected four cryptographic algorithms to be part of the post-quantum cryptography standard. It will be completed in about 18 months.
The provision applies to all federal agencies except national security systems, which are exempt.
OMB has another important role under this law. Within 15 months of the law coming into force, a strategy should be developed to manage the risks posed by quantum cryptography. It should also produce a report on the funds the enforcement agency needs to protect itself.
The institution will also send an annual report to Congress containing strategies on how to address post-quantum risks, funding that may be needed, and an analysis of government-wide coordination and transition to post-quantum cryptography. I have an obligation. standards and information technology.
Law co-sponsor Senator Hassan said:
“This law will help ensure the federal government is prepared to protect the country from data breaches that could be exploited by quantum computing. We are pleased to have completed this and look forward to continuing to strengthen the county’s cyber defenses.”
In August 2022, the Cybersecurity and Infrastructure Security Agency (CISA) released guidelines to help organizations transition to post-quantum cryptography.
