John Hewitt Jones
President Biden on Wednesday signed legislation to encourage federal government agencies to adopt technology that is protected from decryption by quantum computing.
The Quantum Computing Cybersecurity Preparedness Act earlier this month progressed through the Senate after companion legislation passed the House in July. It is co-sponsored by Sens. Rob Portman, R-Ohio, and Maggie Hassan, D-N.H.
The newly enacted legislation comes amid fears that significant leaps in quantum technology being made by countries hostile to the United States, including China, could allow existing forms of secure encryption to be cracked much more quickly.
In particular, the law requires the Office of Management and Budget to prioritize federal agencies’ acquisition of and migration to IT systems with post-quantum cryptography. It mandates also that the White House create guidance for federal agencies to assess critical systems one year after the National Institute of Standards and Technology issues planned post-quantum cryptography standards.
It stipulates that OMB should send an annual report to Congress that includes a strategy for how to address post-quantum cryptography risks from across the government.
In a Nov. 18 memo, the White House gave federal agencies until May 4 next year to provide an inventory of assets containing cryptographic systems that could be cracked by quantum computers.
Meanwhile, in September the National Security Agency issued guidance in which it set out requirements for owners and operators of national security systems to start using post-quantum algorithms by 2035.
In an advisory note at the time, the intelligence agency recommended that vendors start preparing for the new technology requirements but acknowledged that some quantum-resistant algorithms have yet to be approved for use.
President Biden on Wednesday also signed into law the SBA Cyber Awareness Act, which requires the Small Business Administration to submit an annual report regarding the cybersecurity of the agency.