Quantum Computing Cybersecurity Preparedness Act
By Jonathan Sanders, Director, Research, GovExec
In response to the growing concern about the threat quantum computing poses to cybersecurity, President Biden signed the Quantum Computing Cybersecurity Preparedness Act in December 2022. The act encourages “federal government agencies to adopt technology that will protect against quantum computing attacks,” an emerging technology rapidly gaining steam in the computing domain.
Encryption has played the lead role in securing enterprise data for years, and with recent advancements in Quantum computing, these traditional encryption methods, standards, and solutions are at a serious risk of decryption. Traditional enterprise and customer vendors rely on advanced encryption methods to secure their products and offerings, and the leaps and bounds that quantum represents could massively upend them in a matter of years.
The Act recognizes the urgent need for the development of quantum-safe protocols due to the rapidly advancing state of quantum computing technology. The threat posed by quantum computing to traditional encryption methods is real and has been identified as a national security concern.
It also calls for program development with National Institute of Standards and Technology (NIST) that will address the cybersecurity risks posed by quantum computing. It provides for the creation of a public-private partnership to develop a plan to address these risks, tasked with developing a framework for identifying and addressing the risks posed by quantum computing to critical infrastructure and other sensitive systems.
The Act provides funding to NIST to establish the program and to engage with industry experts, government agencies, and other stakeholders to develop and implement the framework. It also establishes a National Quantum Initiative Advisory Committee to provide guidance and support for the program.
Within six months of the Act’s signing, it requires the Director of the Office of Management and Budget (“OMB”), together with the National Cyber Director and Director of the Cybersecurity and Infrastructure Security Agency (“CISA”), to issue guidance for agencies to inventory and develop plans to prioritize information systems for migration to post-quantum cryptography to include:
- Inventory of Vulnerable Systems Guidance: The Act will require guidance from agencies to establish and maintain an inventory of IT in use by the agency that is vulnerable to decryption by quantum computers.
- Priority Systems for Migration Guidance: This guidance must also include a description of IT that should be prioritized for migration to post-quantum cryptography and a process for evaluating progress on the migration of those systems.
Within 15 months of signing the Act, the Director of OMB must submit a report to Congress on a strategy to address risk posed by vulnerabilities of information technology systems, to include an estimate of the amount of funding needed by agencies to secure vulnerable information technology, and a description of efforts to develop standards for post-quantum cryptography by NIST.
One of the major criticisms of the Act is its lack of funding. While the Act authorizes the allocation of funds towards quantum computing research, it does not specify any amount, leaving it open to interpretation and potential underfunding.
What does this mean for you?
Quantum computing represents a major threat across all markets, whether DoD, Federal, or SLG, the advent of quantum technology represents a monumental shift to Government and industry alike. As the Government and DoD begin to prime their cybersecurity infrastructure updates to be ready for quantum computing capabilities, industry must be primed to lead that discussion.
Insights, Research, and YOUR Path to More Awards
GovExec’s Insights & Research Group (comprising Market Connections, Government Business Council, and Leading Brands) and GovTribe can keep you up to date on what is happening in this rapidly changing contract environment.
GovTribe is a collaborative platform that lends business development teams a hand through research and tracking of contracting vehicles as well as targeted intelligence on GSA Federal Supply Schedules, GWACS, IDIQs, and other multiple award vehicles.
Combining the data, insights, and expert analysis you get at Market Connections with the ease, agility, and usability of GovTribe can help you strategically position yourself right where you want to be for future opportunities.
Questions? Please reach out to Jonathan Sanders at jsanders@govexec.com.