President Joe Biden signed into law the Quantum Computing Cybersecurity Readiness Act, a law requiring the federal government to adopt technology designed to protect against potential data breach attempts by future quantum computers. .
The December 21 signing of the bipartisan bill, also known as HR 7535, comes amid a race with China to advance quantum computing technology, and to ensure that China and other U.S. adversaries will eventually use existing forms of secure cryptography. It was done in the midst of concerns that it would be possible to decipher the , which relies on classical computers and thus has limited computational power compared to quantum computers.
A newly signed law requires the Office of Management and Budget (OMB), the largest office in the White House, to prioritize the transition of federal agency information technology systems to post-quantum cryptography.
According to the legal summary, “post-quantum cryptography is cryptography strong enough to resist attacks from quantum computers developed in the future.” The text of the law defines post-quantum cryptography as “a cryptographic algorithm or method that has been assessed as not particularly vulnerable to attacks by quantum or classical computers”.
The office of Rep. Lo Khanna (D-Calif.) said: We submitted the bill mentioned in the April release.
“Adversaries are believed to be practicing a practice called ‘steal now, crack later,’ which takes years to collect data until they have a quantum computer powerful enough to decipher it.” you save. To protect our country’s data, critical government systems must be protected by algorithms and cryptography so hard to crack that even future quantum computers cannot crack the code. This can be achieved with post-quantum cryptography. …to steal now and decrypt later, the federal government needs to start planning for this transition now, and Congress needs to play an oversight role in this process. ”
The US Department of Commerce’s National Institute of Standards and Technology (NIST) is working to set standards for post-quantum cryptography. July saw the introduction of the first of his four “quantum-safe cryptographic algorithms” that he chose to be part of the standard. The standard is expected to be finalized in approximately two years by 2024.
The bipartisan bill was first introduced in the House in April by Rep. Khanna and Nancy Mace (RS.C.) and passed the House in July. It then passed the Senate in early December and passed the House one last time before heading to the president’s desk. The bill is co-sponsored by Senator Rob Portman (Ohio Republican) and Senator Maggie Hassan (DN.H.).
“Cybersecurity is national security,” Mace said in a Dec. 14 statement. safety. Congress will receive an annual report on the federal government’s strategy to combat post-quantum cybersecurity threats. ”
“As state-of-the-art quantum computing continues to develop, there is a growing risk that adversaries will use this technology to compromise US data systems,” Hassan said in a statement. “We need to proactively address the cybersecurity challenges posed by breaches powered by quantum computing.”
Other provisions
The law directs OMB to submit a report to Congress within 15 months, reporting on: An estimate of the funding needed for the initiative. Also, a description of efforts by government agencies to develop standards for post-quantum cryptography.
Additionally, newly enacted legislation gives OMB 180 days to “issue guidance on the transition of information technology to post-quantum cryptography.” Guidance is developed in coordination with the National Cyber Director and in consultation with the Director of Cybersecurity and Infrastructure Security Agency (CISA).
The law requires that each federal agency maintain an up-to-date inventory of information technologies currently in use that are vulnerable to cracking by quantum computers. The guidance also includes criteria to help institutions prioritize information technology for the transition to post-quantum cryptography.
Biden signed the bill after the White House issued a memorandum of understanding (pdf) on Nov. 18 pushing the transition to post-quantum cryptography. This memo calls on executive departments and agencies to provide, by May 4, 2023, a “prioritized inventory of information systems and assets,” including cryptosystems vulnerable to quantum computer cracking. instructing.
“There are both great promises and threats in this global technology race,” Federal Chief Information Security Officer Chris DeRusha told Nextgov in November. “We are prioritizing our efforts to protect classified federal data from potential future breaches by quantum computers. This action prepares our nation for the risks posed by this new technology. It marks the start of a major initiative to
Yet another agency is working to facilitate the transition to post-quantum cryptography. In September, the National Security Agency (NSA) issued a cybersecurity advisory outlining future requirements for owners, operators, and vendors of National Security Systems (NSS). Quantum-safe algorithms for the system. An NSS is a network that contains classified information or is critical to military and intelligence operations.
“The NSA [quantum-resistant] Algorithms for NSS must be completed by 2035,” the NSA said in a recommendation (pdf), adding that vendors and NSS owners and operators should prepare for the requirements.
Mimi Nguyen Ly is a senior reporter for the Epoch Times. She covers US news and world news. Please contact her at [email protected]
