Legislation aimed at kickstarting a national effort toward handling post-quantum cybersecurity (PQC) continues to make its way through U.S. Congress, as other members of the administration are raising the alert level about quantum’s ability to crack current cybersecurity measures. One side effect may be a rush on PQC providers in the quantum space to provide solutions — fast.
After similar legislation passed the House recently, U.S. Senators Maggie Hassan (D-NH) and Rob Portman (R-OH) introduced a bipartisan bill that will require the federal government to beef up its defenses against potential attacks of quantum computers. Because quantum computers can theoretically crack most cryptographic techniques used currently to secure the government’s data, new post-quantum techniques are required. While that quantum threat may be years away, cybersecurity experts warn that hackers could steal data now and then use quantum computers later to decrypt the messages.
Specifically, the legislation will:
- Require the Office of Management and Budget (OMB) to prioritize the acquisition and migration of federal agencies’ information technology to post-quantum cryptography
- Instruct OMB to create guidance for federal agencies to assess critical systems one year after the National Institute of Standards and Technology (NIST) issues planned post-quantum cryptography standards
- Direct OMB to send an annual report to Congress that includes a strategy on how to address post-quantum cryptography risks, the funding that might be necessary, and an analysis on whole-of-government coordination and migration to post-quantum cryptography standards and information technology
“The development of quantum computers is one of the next frontiers in technology, and with this emerging technology comes new risks as well,” said Hassan. “Our national security information must remain secure as this technology quickly develops, and it is essential that the federal government is prepared to address cybersecurity concerns. I encourage my colleagues on both sides of the aisle to support this bipartisan bill to strengthen our cybersecurity defenses and protect our national security.”
The legislation is not designed to curtail advances in quantum, rather it is meant to focus on the possible negative disruptions of quantum, said Portman.
“Quantum computing will provide for huge advances in computing power, but it will also create new cybersecurity challenges,” said Portman. “This bipartisan legislation will require the government to inventory its cryptographic systems, determine which are most at risk from quantum computing, and upgrade those systems accordingly. I urge my colleagues to join us in supporting this legislation.”
Hassan is a leader in the support of quantum in Congress to invest in quantum research. Senators Hassan and John Thune’s (R-SD) measure to encourage quantum research efforts was included in the National Defense Authorization Act and they also teamed up introduced a bipartisan bill to strengthen national security by advancing U.S. capabilities in quantum networking and establishing a more comprehensive approach to workforce development in this field.
If passed the legislation may have a ripple effect — as the government insists on PQC methods and measures to enhance its own security, vendors would likely follow suit. The vendors’ suppliers, then, would soon fall in line.
Other authorities are sounding the alarm about post-quantum cybersecurity.
While speaking at Aspen Security Forum recently, Anne Neuberger, deputy national security advisor for cyber and emergency technology, referred to quantum’s ability to crack current codes as a “a nuclear threat to cybersecurity.”
“We’re on a rapid transition in government but, frankly, private sector, e-commerce is vulnerable as well, and the nation’s economy is as much a priority of course is our national security,” she added.