Biden Signs Post-Quantum Cybersecurity Guidelines Into Law

The new law holds the US Office of Budget and Management to a road map for transitioning federal systems to NIST-approved PQC.

2 Min Read
US President Joe Biden at his desk in the White House reads his script ahead of a speech
Source: White House via Flickr

On Dec. 21, the US government's plan for transitioning to post-quantum cryptography became law, committing the Office of Management and Budget (OMB) to scope out compliance with the recent NIST guidelines.

US President Joe Biden signed into law HR 7535, the Quantum Computing Cybersecurity Preparedness Act, which has two main components. First, the OMB is required to "prioritize" the switchover to PQC within a year of NIST issuing its new guidelines. That means that by July 5, 2023, OMB should begin moving toward implementing the NIST-approved cryptographic algorithms to protect systems in the executive branch.

The second component of the new law gives the OMB one year from the signing of the bill — so, by Dec. 21, 2023 — to send Congress a report outlining its strategy, asking for funds for the transition to quantum-safe systems, and detailing its efforts to coordinate with international standards organizations and other consortia.

The OMB issued a memorandum on Nov. 18 for agencies to run an audit of systems vulnerable to cryptanalytically relevant quantum computers (CRQCs) by May 4, 2023, which should help the agency reach its deadlines. That memo comports with Biden's national security memorandum from the year before that "directs specific actions for agencies to take as the United States begins the multi-year process of migrating vulnerable computer systems to quantum-resistant cryptography."

Quantum computers will need to become more powerful in order to break current cryptography, but it's not just power that makes CRQCs a threat. Shor's algorithm, which is specific to quantum computing, creates a shortcut that makes decrypting most existing encryption much easier.

The new law also gives the OMB six months from its signing to work with the National Cyber Director and the director of the Cybersecurity and Infrastructure Security Agency (CISA) to "issue guidance on the migration of information technology to post-quantum cryptography." 

The OMB may be working on that with acting cyber director Kemba Eneas Walden, however, since the current director, Chris Inglis, announced on Wednesday that he will be stepping down within the next two months.

About the Author(s)

Karen Spiegelman, Features Editor

Karen joined Dark Reading in January 2022 as features editor. She's been in tech editing since before the img tag was introduced, working for outlets such as the IEEE Computer Society, CNET, and TechTV. She lives in Los Angeles with her husband, son, and two cats. Find her on Mastodon.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights