Zurich Zurich

White House Releases National Cybersecurity Strategy With PQC Call-out

Quantum Source Quantum Source

The Biden-Harris Administration released the National Cybersecurity Strategy to secure the full benefits of a safe and secure digital ecosystem for all Americans, according to a fact sheet on the report.

The strategy seeks to rebalance the responsibility to defend cyberspace, realign incentives, and use all tools of national power in a coordinated manner to protect national security, public safety and economic prosperity.

The administration reports that the strategy sets out a vision to make the digital ecosystem defensible resilient, and values-aligned.

The approach includes building and enhancing collaboration around five pillars: defending critical infrastructure, disrupting and dismantling threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships to pursue shared goals.

Responsive Image

Post-Quantum is specifically covered in Strategic Objective 4.3.

The report states: “Strong encryption is foundational to cybersecurity and global commerce. It is the primary way we protect out data online. But quantum computing has the potential to break some of the most ubiquitous encryption standards deployed today. We must prioritize and accelerate investments in widespread replacement of hardware, software and services that can be easily compromised by quantum computers so that information is protected against future attacks.”

Quantinuum’s Chief Legal Officer Kaniah Konkoly-Thege commented on the strategy.

Konkoly-Thege, who also services as SVP government relations and chief compliance officer, writes: “The 2023 Cybersecurity Strategy makes clear that the Biden Administration will work with Congress and the private sector to create liability for software vendors, sketching out in broad terms what such legislation should entail, stating ‘we must begin to shift liability onto those entities that fail to take reasonable precautions to secure their software while recognizing that even the most advanced software security programs cannot prevent all vulnerabilities. The new landscape of quantum-related announcements and requirements from the federal government also creates urgency for many vendors and government contractors because those who are non-compliant will be named in reports and likely suffer reputational and economic consequences.’

Organizations should be preparing now, Konkoly-Thege added: “While the guidance does not go in-depth regarding steps to prepare for a post-quantum future, it is best practice to assess current cryptographic systems, inventory data, experiment with NIST’s post-quantum algorithms and develop plans to protect data, especially sensitive data (i.e., medical, financial, or personal data), by transitioning to these post-quantum (PQC) algorithms. NIST is currently in the process of standardizing these algorithms with final standards due to be released in 2024.”

Konkoly-Thege recommended the following initial steps to help organizations prepare for the post-quantum cybersecurity era:

  • Begin inventorying cryptography systems that will be vulnerable to future quantum attacks
  • Develop “Quantum IQ” across your organization by exploring the benefits and risks that quantum technologies will pose for your business
  • Review the NIST post-quantum algorithms (four finalists were announced in July 2022) and create a strategy for cryptographic agility that will allow you to shift your systems to the final standards and protect your data with minimal disruption
  • Identify partners established in the quantum ecosystem who can guide you through the transition to quantum-safe cybersecurity while protecting data from both classical and quantum cyberattack

The Administration has already taken steps to secure cyberspace and our digital ecosystem, including various executive orders and memoranda, such as the National Security Strategy, Executive Order 14028 (Improving the Nation’s Cybersecurity), National Security Memorandum 5 (Improving Cybersecurity for Critical Infrastructure Control Systems), M-22-09 (Moving the U.S. Government Toward Zero-Trust Cybersecurity Principles), and National Security Memorandum 10 (Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems).

You can find the full report here.

If you found this article to be informative, you can explore more current quantum news here, exclusives, interviews, and podcasts.

Matt Swayne

With a several-decades long background in journalism and communications, Matt Swayne has worked as a science communicator for an R1 university for more than 12 years, specializing in translating high tech and deep tech for the general audience. He has served as a writer, editor and analyst at The Quantum Insider since its inception. In addition to his service as a science communicator, Matt also develops courses to improve the media and communications skills of scientists and has taught courses. [email protected]

Share this article:

Keep track of everything going on in the Quantum Technology Market.

In one place.

Related Articles

Join Our Newsletter