In late December, 2022, President Biden signed into law the “Quantum Computing Cybersecurity Preparedness Act”. The Act, which interestingly did not receive much media attention, recognizes that current encryption protocols used by the United States government might one day be vulnerable to compromise as a result of quantum computing, which could allow our enemies to steal sensitive encrypted data.
To address these concerns, the Act will require an inventory and prioritization of vulnerable information technology in use by federal agencies; a plan to migrate existing information technology systems; and reports to Congress on the progress of the migration and funding required.
More specifically, the Act requires the following:
- Inventory and Prioritization: Within six months, the Act requires the Director of the Office of Management and Budget (“OMB”), together with the National Cyber Director and Director of the Cybersecurity and Infrastructure Security Agency (“CISA”), to issue guidance for agencies to inventory and develop a plan to prioritize information systems for migration to post-quantum cryptography.
- Migration of Agency Information: Not later than one year after the Director of the National Institute of Standards and Technology (“NIST”) has issued guidance on post-quantum cryptography standards, the Director of the OMB must issue additional guidance requiring each agency to (1) prioritize information technology systems for migration and (2) develop a plan for migration. The Director of OMB is required by the Act to ensure that prioritization is assessed and coordinated for interoperability.
- Reporting to Congress: No later than 15 months after enactment of this Act, the Director of OMB must submit a report to Congress on a strategy to address risk posed by vulnerabilities of information technology systems; an estimate of the amount of funding needed by agencies to secure vulnerable information technology; and a description of efforts to develop standards for post-quantum cryptography by NIST.
The legislation that Biden inked was co-sponsored by Senator Rob Portman, R-Ohio, and Senator Maggie Hassan, D-N.H.
We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®. Learn more at arlingtonintel.com.