The new law holds the US Office of Budget and Management to a road map for transitioning federal systems to NIST-approved PQC.
December 22, 2022
On Dec. 21, the US government's plan for transitioning to post-quantum cryptography became law, committing the Office of Management and Budget (OMB) to scope out compliance with the recent NIST guidelines.
US President Joe Biden signed into law HR 7535, the Quantum Computing Cybersecurity Preparedness Act, which has two main components. First, the OMB is required to "prioritize" the switchover to PQC within a year of NIST issuing its new guidelines. That means that by July 5, 2023, OMB should begin moving toward implementing the NIST-approved cryptographic algorithms to protect systems in the executive branch.
The second component of the new law gives the OMB one year from the signing of the bill — so, by Dec. 21, 2023 — to send Congress a report outlining its strategy, asking for funds for the transition to quantum-safe systems, and detailing its efforts to coordinate with international standards organizations and other consortia.
The OMB issued a memorandum on Nov. 18 for agencies to run an audit of systems vulnerable to cryptanalytically relevant quantum computers (CRQCs) by May 4, 2023, which should help the agency reach its deadlines. That memo comports with Biden's national security memorandum from the year before that "directs specific actions for agencies to take as the United States begins the multi-year process of migrating vulnerable computer systems to quantum-resistant cryptography."
Quantum computers will need to become more powerful in order to break current cryptography, but it's not just power that makes CRQCs a threat. Shor's algorithm, which is specific to quantum computing, creates a shortcut that makes decrypting most existing encryption much easier.
The new law also gives the OMB six months from its signing to work with the National Cyber Director and the director of the Cybersecurity and Infrastructure Security Agency (CISA) to "issue guidance on the migration of information technology to post-quantum cryptography."
The OMB may be working on that with acting cyber director Kemba Eneas Walden, however, since the current director, Chris Inglis, announced on Wednesday that he will be stepping down within the next two months.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024