House Quantum Cybersecurity Preparedness Act proposes federal system migration to quantum-resistant cryptography

In an effort to safeguard information on federal systems, U.S. Reps. Nancy Mace (R-SC), Ro Khanna (D-CA), and Gerry Connolly (D-VA) introduced legislation this week promoting a transition of governmental IT systems to quantum-resistant cryptography.

The Quantum Cybersecurity Preparedness Act would require concrete steps moving in that direction, ideally to get ahead of others’ advances. While existing systems cannot break encryption protocols, the data itself is still vulnerable, Khanna said. That means ambitious thieves could steal it and hold onto it until they developed the means to crack it.

“That’s why I believe that the federal government must begin strategizing immediately about the best ways to move our encrypted data to algorithms that use post-quantum cryptography,” Khanna said. “I’m a strong supporter of federal funding for quantum computing and believe the technology can one day help us solve many of the world’s problems. Like with any new technology, however, we have to plan ahead for potential nefarious uses. A world where all of our encrypted data is exposed would have catastrophic implications for national security and the economy.”

To this end, the proposed bill would require the development and issuing of post-quantum cryptography standards and for the director of the Office of Management and Budget to designate systems for migration and begin prioritizing migration at executive agencies not currently using it within a year of those standards’ issuance. The director would then need to report to Congress a year later on any necessary funding, a strategy to address risks, etc.

“The future of quantum computing brings with it both significant opportunities and risks,” Mace said. “I’m optimistic about the power of quantum computing as part of the new technological frontier, but we must take preemptive steps to ensure bad actors aren’t able to use this technology in more sinister ways. Our government must learn from past mistakes and take action now to protect its citizens from future cyber security threats.”

The bill has also garnered support from corners of the private tech industry, including Google, IBM, PQSecure Technologies, QuSecure, Maybell Quantum, and Quantinuum.