The Senate on Dec. 9 unanimously approved legislation passed earlier this year by the House that helps to set the Federal government on the path to defend against quantum computing-enabled data breaches that will become more of a threat as quantum tech advances in the coming years.
The bill now heads to President Biden’s desk for his signature.
The Quantum Computing Cybersecurity Preparedness Act was introduced by Sens. Maggie Hassan, D-N.H., and Rob Portman, R-Ohio. A companion bill was introduced in the House by Reps. Ro Khanna, D-Calif., and Nancy Mace, R-S.C.
“Data breaches exploited by quantum computing are a serious national security concern. America’s adversaries look for any vulnerabilities in our cybersecurity systems to threaten our infrastructure, data, and security,” Sen. Hassan said in a statement. “It is crucial that we are ready to defend against any adversaries using this incredibly sophisticated and emerging technology against our country.”
The bill would require the Office of Management and Budget (OMB) to begin moving forward with migrating IT systems to post-quantum cryptography for many Federal agencies. It also would require the White House to help with creating guidance for agencies to assess critical systems, and relay that to Congress for funding that may be necessary to protect systems against quantum tech threats.
In addition, the bill would require OMB to send an annual report to Congress that includes a strategy for how to address post-quantum cryptography risks from across the government.
The White House has also set deadlines for Federal agencies to provide annual quantum-related vulnerability reports until 2035, according to a Nov. 18 memo. The executive branch also laid out post-quantum plans in a national security memorandum on “Promoting United States Leadership In Quantum Computing While Mitigating Risks To Vulnerable Cryptographic Systems.”
The memo directs Federal agencies to take specific actions in preparation for a “multi-year process of migrating vulnerable computer systems to quantum-resistant cryptography.” For example, by next year Federal agencies will need to develop a plan to upgrade their IT systems – excluding National Security Systems – to quantum-resistant cryptography.
“As quantum computing advances, we need to take steps to protect the personal data of Americans as well as U.S. national security and government agencies’ data,” said Rep. Khanna. “I’m thrilled that the Senate has passed this bill to proactively keep our systems and valuable data safe and establish Congress’ oversight role in the process.”