President Joe Biden signed a national security memorandum (NSM) on Thursday asking government agencies to implement measures that would mitigate risks posed by quantum computers to US national cyber security.
The NSM outlines the risks of cryptanalytically relevant quantum computers (CRQC), such as their likely ability to brake current public-key cryptography.
Immediate risks would include:
- Jeopardizing civilian and military communications.
- Undermining supervisory and control systems for critical infrastructure.
- Defeating security protocols for the vast majority of Internet-based financial transactions.
Migration to quantum-resistant cryptography
The multi-year effort to migrate all vulnerable cryptographic systems to quantum-resistant cryptography will span over 50 government departments and agencies that use National Security Systems (NSS) (critical to military or intelligence operations or store classified info).
As the National Manager for NSS, the Director of NSA General Paul M. Nakasone will oversee this entire process to ensure that all NSS systems are resistant to CRQC-based attacks.
“A cryptanalytically relevant quantum computer could jeopardize civilian and military communications as well as undermine supervisory and control systems for critical infrastructure,” said Nakasone.
“The No. 1 defense against this quantum computing threat is to implement quantum-resistant cryptography on our most important systems.”
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) will spearhead the quantum-resistant cryptography switch effort across US government systems and critical infrastructure.
US government agencies are ordered to prioritize the entire process of transitioning to quantum-resistant cryptography and mitigating as much of the quantum risk as possible by 2035.
The CISA and NIST Directors are working on developing technical standards for quantum-resistant cryptography for each of their respective jurisdictions, with the first set to be made publicly available by 2024.
An ongoing effort to defend national cyber security
In January, President Biden signed another security memo to increase NSS security and require federal agencies to report breaches on national security systems to the NSA.
These two memos build on Biden Admin’s work to defend the US against malicious cyber activity linked to nation-backed hackers and cybercriminals, including a national security memorandum designed to help strengthen the security of the critical infrastructure.
That memo was issued July 2020 in response to ransomware attacks that hit Colonial Pipeline and JBS Foods, exposing significant vulnerabilities across US infrastructure.
“Implementing approved quantum-resistant cryptographic solutions across all of our systems will not happen overnight, but it’s critical that we chart a path to get there considering the potential threat of quantum computing,” added NSA Cybersecurity Director Rob Joyce on Thursday.