Biden Signs Bill Requiring Agencies to Adopt Post-Quantum Cryptography
President Joe Biden has signed the Quantum Computing Cybersecurity Preparedness Act into law.
The newly enacted legislation is designed to encourage federal government agencies to adopt technologies that could withstand quantum computing-enabled decryption. Particularly, it would require the Office of Management and Budget to prioritize agencies’ acquisition of and migration to IT systems that use post-quantum cryptography.
The law also requires the White House to create guidance for critical systems assessments one year after the National Institute of Standards and Technology publishes its post-quantum cryptography standards. OMB must also send an annual report to Congress about ways to address post-quantum cryptography risks.
In a memorandum issued on Nov. 18, the White House gave federal agencies until May 4, 2023, to provide an inventory of assets that contain cryptographic systems that may be vulnerable to quantum computer decryption. The National Security Agency also issued guidance in September about owners and operators of national security systems being required to start using post-quantum algorithms by 2025.
The legislation’s passing comes amid concerns that state adversaries like China could use quantum computers to crack existing forms of encryption. According to NIST, large-scale quantum computers will be able to break many of the public-key cryptosystems that are currently in use, posing serious risks to data security and communications.
NIST said post-quantum cryptography can ideally protect against both quantum and classical computer-enabled decryption and can interoperate with existing communications protocols and networks.
Tags: cyber cybersecurity FedScoop Joe Biden National Institute of Standards and Technology Office of Management and Budget post-quantum cryptography quantum computing Quantum Computing Cybersecurity Preparedness Act