- Quantum Computing Cybersecurity Preparedness Act is now a step away from being a law in the United States.
- Among other steps to mitigate the cyber-threat of quantum computers, the bill would require the Office of Management and Budget to prioritize post-quantum cryptography for federal agencies when the acquire or migrate to new IT systems.
- Between the lines, the legislation shows that quantum computing development is a national priority in the US.
The Quantum Computing Cybersecurity Preparedness Act has passed the Senate, according to Fed Scoop and other media reports. It now only awaits President Joe Biden’s signature to become law.
The bipartisan bill, co-sponsored by Sens. Rob Portman, R-Ohio, and Maggie Hassan, D-N.H., bill is aimed at the federal government’s protections against quantum computing-enabled data breaches. Quantum computers, once robust enough, have the potential to crack most encryption techniques. Several countries hostile to the U.S., such as China, are developing quantum computers, pushing most lawmakers to consider quantum computing development and mitigation a national security priority.
The bill would require the Office of Management and Budget to prioritize post-quantum cryptography for federal agencies when the acquire or migrate to new IT systems, according to Fed Scoop. The White House would also be required to create guidance for federal agencies to assess critical systems one year after the National Institute of Standards and Technology — NIST — issues post-quantum cryptography standards that the institute is currently developing.
Once the bill is enacted, the OMB would also be required to send a report to Congress each year covering a strategy for how to address post-quantum cryptography risks.
The White House set a deadline for federal agencies to provide an annual vulnerability report, according to a Nov. 18 memo.
At the time, OMB said also in its memo that agencies would be required to submit to both the Office of the National Cyber Director and the White House an assessment of extra funding needed for the adoption of post-quantum cryptography within 30 days.
A working group for post-quantum cryptographic systems, chaired by the federal chief information security officer, is also part of the plan.
The bill passed the House in July.