Quantum Computing Cybersecurity Preparedness Act heads to President Biden to become law

The Quantum Computing Cybersecurity Preparedness Act (H.R.7535) crossed its final legislative hurdle this week after a positive vote in the United States House, setting up its provisions for enhancing national cybersecurity to be signed into law by President Joe Biden.

The bill was introduced in the House by U.S. Reps. Nancy Mace (R-SC) and Ro Khanna (D-CA). Companion legislation was introduced in the Senate by U.S. Sens. Maggie Hassan (D-NH) and Rob Portman (R-OH). It passed the Senate last week with unanimous consent.

“Cybersecurity is national security,” Mace said. “After 11 federal agencies were hacked by agents of Russia and China in 2020, we must do all we can to strengthen and protect our nation’s systems and keep our data secure. Congress will now receive an annual report on the federal government’s strategy for facing post-quantum cybersecurity threats.”

Primarily, the legislation will prompt the Office of Management and Budget (OMB) to prioritize the acquisition and migration of federal agencies’ information technology to post-quantum cryptography. This means the agencies would move to secure systems through new cryptographic encryptions more secure against cryptanalytic attacks by future quantum computers in efforts to shore up against advances in processing power and other algorithms. No more than one year after the National Institutes of Standards and Technology (NIST) created new post-quantum cryptography standards, OMB will have to begin prioritizing the migration of those systems.

“Quantum computing will provide for huge advances in computing power, but it will also create new cybersecurity challenges,” Portman said.“I’m pleased the House passed our bipartisan legislation to require the government to inventory its cryptographic systems, determine which are most at risk from quantum computing, and upgrade those systems accordingly and urge the president to sign it into law soon.”

In addition to the implementation requirements, assessment and reporting would also play key roles under new mandates. The legislation would require OMB to create guidance for federal agencies to assess critical systems one year after NIST standards are revealed and to report annually to Congress with a strategy for how to address post-quantum cryptography risks, any necessary funding, and an analysis of the government’s coordination and migration efforts.

Computing continues to advance. This bill represented lawmakers’ attempts to keep the federal government from being left behind and made vulnerable in the process.