In December, we covered preparations for signing the Quantum Cybersecurity Preparedness Act. The actual signing he did in late December was published in his OODA loop news brief on December 28th. Below are the details of the news item that reported the signing of a significant piece of legislation that has been characterized as “the biggest crypto migration in history”.
President Biden Signs Quantum Cybersecurity Readiness Act into Law
“U.S. President Joe Biden signed into law the Quantum Computing Cybersecurity Readiness Act. [on December 21, 2022].
The legislation is designed to protect federal systems and data from the threat of quantum-enabled data breaches ahead of “Q Day,” the point at which quantum computers can break existing cryptographic algorithms. . Experts believe quantum computing will reach this stage in the next five to ten years, and under current cryptographic protocols, all digital information could become vulnerable to cyber threat actors. increase. Co-sponsored by Senators Rob Portman (Republican-Ohio) and Maggie Hassan (Democrat-New Hampshire), the bipartisan legislation establishes a number of mandates for federal agencies to prepare for the transition to quantum-secure cryptography. I’m here.
This includes requirements for each agency to establish and maintain a current inventory of information technologies in use that are vulnerable to quantum computer decipherment. A process should also be created to assess progress in transitioning IT systems to post-quantum cryptography. These requirements must be completed within six months of enactment of the law.
Additionally, within a year after the National Institute of Standards and Technology (NIST) published its post-quantum cryptography standards, the Office of Management and Budget (OMB) announced that federal agencies would prioritize IT systems for the transition to post-quantum cryptography. Issue guidance requiring that Each institution should then develop a plan for the transition. In July 2022, NIST selected four of his cryptographic algorithms to be part of the post-quantum cryptography standard. It will be completed in about 18 months.
The provision applies to all federal agencies except national security systems, which are exempt.
OMB has another important role under the Act. Within 15 months of the law coming into force, a strategy should be developed to manage the risks posed by quantum cryptography. We also need to produce a report on the funds the government agency needs to protect itself.
The institution is also obligated to send an annual report to Congress containing strategies on how to address post-quantum risks, funding that may be needed, and an analysis of government-wide coordination and transition to post-quantum cryptography. there is. standards and information technology.
Law co-sponsor Senator Hassan said:
“This law will help ensure the federal government is prepared to protect the nation from data breaches that could be exploited by quantum computing. We are pleased to have completed this and look forward to continuing to strengthen the county’s cyber defenses.”
In August 2022, the Cybersecurity and Infrastructure Security Agency (CISA) released guidelines to help organizations transition to post-quantum cryptography. ” (1)
what next?
A reminder about upcoming events for OODA network members:
OODA Network Members Invited to Quantum Security Bash in Reston, Virginia on January 26, 2023
2022 Emerges Federal Ecosystem to Accelerate (Massively) Quantum Computing Power and Quantum Networks
‘Biggest Crypto Migration Ever’: Quantum Cybersecurity Readiness Act Signed into Law
