New guidance from the Office of Management and Budget outlined the initial steps for migrating high-risk systems to quantum-resistant algorithms.
The White House’s Office of Management and Budget released a new memorandum outlining the need for federal agencies’ to begin the migration to post-quantum cryptography ahead of the onset of operational quantum computers.
Preparatory measures the OMB recommends federal entities follow the lead of President Joe Biden’s earlier executive order enhancing the U.S.'s cyber defense posture. The new memo establishes requirements for federal agencies to inventory their current cryptographic hardware and software systems, emphasizing high value assets and high impact systems that demand extra cybersecurity protocols.
Agency leadership will then be tasked with compiling this information in a report containing their individual summaries on higher risk information assets and systems for the Office of the National Cyber Director and Cybersecurity and Infrastructure Security Agency to help budget, plan, and execute the transition from standard to effective post-quantum cryptography.
OMB officials specify that the high-risk systems submitted by agencies will primarily handle sensitive data that can be exploited by any quantum hacking attempts.
“The Biden-Harris Administration is working to ensure U.S. leadership in the emerging field of quantum computing,” Chris DeRusha, the federal chief information security officer, told Nextgov in a statement. “This global technology race holds both great promise and threats. We are prioritizing our efforts to secure the Federal Government’s sensitive data against potential future compromise by quantum computers; this action signifies the start of a major undertaking to prepare our Nation for the risks presented by this new technology.”
Agencies will have until May 4, 2023 to complete OMB’s request. Within 30 days of the memo’s release, agencies will be tasked with designated a lead for collecting cryptographic systems information. OMB will continue releasing instructions for the collection of the systems inventory.
According to a statement OMB sent to Nextgov, the migration to post-quantum cryptographic standards will be the most significant to date, and take several years to complete. Within one year of this new memo’s publication, CISA will help release new strategies for migration, in conjunction with the National Institute of Standards and Technology and the National Security Agency.
OMB recommended that as they inventory their information systems, federal agencies should collaborate with software vendors to identify post quantum cryptography testing opportunities within their networks, speaking to the Biden administration’s push for public-private sector collaboration.
Several federal agencies have been working in tandem to push the post-quantum migration in government digital networks. NIST previously released four quantum-resistant algorithms to facilitate and expedite updating current code. These will be part of NIST’s ongoing Post-Quantum Cryptography initiative, expected to be finalized within two years.