The House of Representatives has passed the Quantum Computing Cybersecurity Preparedness Act.
The legislative measure aims to safeguard against future quantum computing attacks, as well as support a strategy for the migration of information technology systems of the federal government to post-quantum cryptography.
Cryptography is essential for the national security of the United States, and the most widespread encryption protocols today rely on the computational limits of classical computers to provide cybersecurity. The rapid progress of quantum computing poses a risk to the U.S., with the potential for adversaries to steal sensitive encrypted data today using classical computers and wait until sufficiently powerful quantum systems are available to decrypt it, the bill suggests.
There should be a government and industry-wide approach to post-quantum cryptography that prioritizes developing applications, hardware intellectual property, and software that can be easily updated to support cryptographic agility.
The Quantum Computing Cybersecurity Preparedness Act would:
- Require the Office of Management and Budget (OMB) in consultation with the Chief Information Officers Council to prioritize the migration to post-quantum cryptography and assess critical systems one year after the National Institute of Standards and Technology (NIST) standards are issued.
- Instruct the director of OMB to send a report to Congress that includes a strategy on how to address this risk, the funding that might be necessary, and an analysis of the current efforts one year after the bill becomes law.
- Direct OMB to provide a yearly report to Congress on the progress of the Federal Government in transitioning to post-quantum cryptography standards one year after the NIST standards are issued.
The bill would ensure data protection and strengthen national security if passed by the U.S. Senate and President Joe Biden.
Theon Technology CEO Scott Bledsoe says the measure is certainly a symbolic move in the right direction. “However, it may be just a little too late,” he says. “We all know that terabytes and terabytes of data have already been compromised using modern-day encryption, waiting for quantum to be available for our adversaries to decrypt at a later time. A lot of that data from our government that has been compromised is PII and financial data that could be used to blackmail any American citizen.”
Bledsoe believes the U.S. government should focus on data motion — how we communicate with each other, with the U.S. government and how the U.S. government communicates with others, instead of focusing on data rest first.