Biden's cybersecurity plan leaves quantum sector wanting more

The new National Cybersecurity Strategy for the U.S., unveiled last week by the Biden Administration, highlighted the importance for federal government agencies and the private sector to upgrade current encryption to provide better protection against the future security threats posed by quantum computers. However, anyone hoping for new or more specific statements about the role quantum-safe measures will play in the future was left wanting.

In recent weeks, expectations had begun to build that the strategy might feature new language and details about the U.S. government’s plans to take a leadership role in the migration to quantum-safe security. Dylan Presman, director of budgets and assessments for the Office of the National Cyber Director, said during a presentation hosted last month by the Advanced Technology Academic Research Center that the new strategy likely would feature “a strong stand on quantum especially on the transition [to quantum-safe cryptography].”

Meanwhile, news that Chinese researchers had made progress on methods to break current RSA encryption using quantum computing resources that could be available in the near future led some to believe that the new strategy would specifically call out the quantum threat posed by China. (The research claim has since been widely disputed and discredited.)

“I want a little vehemence [in statements from the federal government] to show why this is so important,” one source from a quantum technology firm told Fierce Electronics back in January. “The claim is being downplayed, but the quantum race with China is real.”

As it turned out, there was a brief quantum-specific section included in the 39-page document that, in the span of two paragraphs, described quantum-safe encryption (sometimes called post-quantum cryptography, or PQC) as a “priority” for the federal government. The strategy document, which carried the signature of President Joe Biden, stated, “We must prioritize and accelerate investments in widespread replacement of hardware, software, and services that can be easily compromised by quantum computers so that information is protected against future attacks.”

Beyond that, the strategy offered nothing new on the quantum front, instead referring to how earlier national security memos from the Biden Administration such as NSM 10, issued in May 2022, outline “a process for the timely transition of the country’s cryptographic systems to interoperable quantum-resistant cryptography.”

While the new strategy mainly reiterated previous statements, should be noted that the federal government has been far from silent over the last year regarding quantum computing and the security threat posed by it. In addition to several statements from the White House during 2022, Congress also last year approved the Quantum Computing Cybersecurity Preparedness Act.

In addition, Presman’s February presentation was timed with a release from his office of “guidance and templates to federal departments and agencies for the inventory of cryptographic systems,” he said, an important step in preparing for the migration to quantum-safe cryptography. Those agencies now face a May 4 deadline to submit these inventories and then a June 3 deadline “for submitting cost estimates for the transition to post-quantum cryptography to the administration.” After that, Presman said that by Oct. 18, his office “will issue a report.. on the migration plans for the entire federal federal government, including cost estimates…”