Although encryption technologies currently work to prevent malicious adversaries from accessing Federal data, Rep. Ro Khanna, D-Calif., is working on legislation that would tackle future quantum computing challenges through the use of algorithms that employ post-quantum cryptography.
During a hearing of the House Government Operations Subcommittee on Jan. 20 to discuss the 13th edition of the FITARA Scorecard, Rep. Khanna said he is working on legislation with Rep. Nancy Mace, R-S.C., to ensure the Federal government can “tackle the powerful quantum computing challenges in the future.”
“The challenge is what if people are able to break encryption,” Rep. Khanna said during the hearing. “And even though classical computers can’t break encryption now, our adversaries can steal our data in the hopes of decrypting it later. It’s my belief that the Federal government needs to think about how to move our encrypted data to algorithms that use post-quantum cryptography.”
Rep. Khanna noted that both the majority and minority staff of the House Oversight and Reform Committee have offered “excellent input” for the legislation.
At the hearing, he asked Ann Dunkin, CIO at the Department of Energy (DoE), about any steps the government is taking to address this threat.
“Quantum encryption is an area of great concern to us in the Federal government,” Dunkin said.
As chair of the CIO Council’s Innovation Committee, Dunkin said the committee is “addressing quantum computing and quantum encryption, and raising visibility within the community across the government,” as well as among agency CIOs.
“We have a two-pronged approach to this issue,” Dunkin explained. “One is that, as you know, there’s a risk that data can be exfiltrated now and then decrypted later, and so we are emphasizing securing data and trying to ensure that we do not lose data now that can be decrypted later.
“In addition, we’re working with NIST [National Institute of Standards and Technology] and across the DoE enterprise to understand and develop quantum-resistant encryption so that going forward we will be able to protect Federal data from quantum computers when they are eventually in the mainstream.”
Carol Harris, director of IT and cybersecurity at the Government Accountability Office, also agreed that “we do need to do more work” in quantum technologies as a Federal government.
Harris also nodded to a GAO report published last October that presents four major policy recommendations to “address the collaboration across industries and disciplines, as well as countries, in developing quantum technologies.”
As for when the Federal government should begin to migrate its data over to post-quantum cryptography, Dunkin recommended it do so as soon as possible.
“I think as soon as we are able to identify algorithms that will allow us to have quantum-resistant encryption, then we can and should begin to move to those solutions,” Dunkin said.