US Cybersecurity agreement on how to deal with quantum computer cyber threats

Last month, the Biden administration published a national security memorandum outlining its policies and initiatives relating to quantum computing. The memorandum, entitled Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems, identifies the key steps required to maintain competitive advantage in this rapidly evolving sector of the cybersecurity landscape.

Quantum Computers will change the game forever

The memorandum sets out specific actions for US agencies to take as they enter what the administration recognises will be “a multi-year process of migrating vulnerable computer systems to quantum-resistant cryptography (QRC).

Recognising the potential for good represented by quantum computers, the memorandum concentrates on the corresponding risks associated with cryptanalytically relevant quantum computers (CRQC) – those capable of breaking today’s public-key cryptography.

When it becomes available, a CRQC could jeopardise civilian and military communications, undermine supervisory and control systems for critical infrastructure, and defeat security protocols for most internet-based financial transactions.


Quantum cryptography for a secure future

One of the key policies outlines an approach that would mitigate this threat by moving swiftly to adopt quantum-resistant cryptographic solutions. As part of this initiative, the administration is committed to developing partnerships with stakeholders from academia, industry and government.

Section 3 of the memorandum deals specifically with the mitigation of risks to conventional public key encryption methods.  It goes so far as to set a goal of transitioning from conventional to quantum-resistant cryptography by 2035.

Senetas has been extolling the virtues of crypto agility for years and it was good to see the administration recognise the importance of agility, both in terms of the role it would play in reducing the time to transition to quantum resistance and how it would enable the updating of solutions with future cryptographic standards.

Putting a timeline in place to be quantum ready

The memorandum goes beyond simple policy statements and sets some fairly aggressive timescales for activity. For example, within 90 days of the publication of the memorandum, there is a call for an open working group to be established, plus a “Migration to Post Quantum Cryptography” project. Amongst other deadlines set out, it states that within 1 year of the publication of the NIST standards for QRC, a policy should be in place that requires all agencies have a strategy for upgrading to quantum resistant cryptography.

Interestingly, the memorandum requires that agency heads do not purchase QRC solutions until such time as the NIST standards have been published (expected in 2024). However, it does encourage them to conduct tests with commercial solutions that have implemented pre-standardisation QRC algorithms.

Senetas encryption solutions already provide hybrid protection – leveraging the best of today’s conventional, standards-based algorithms and the NIST shortlisted QRC algorithms.

Useful links:

Why QRE is essential for long term data security

The impact of quantum computing on cryptography

Senetas announces quantum resistant encryption