On May 4, 2022, the White House issued a significant policy directive through the “National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems” or NSM-10. The memorandum highlights the urgency of developing quantum-resistant cryptographic systems to protect against potential threats posed by quantum computers, which could compromise current cryptographic defenses.
This policy initiative sets forth a comprehensive strategy that includes establishing a migration project to post-quantum cryptography at the National Cybersecurity Center of Excellence. This project will collaborate with the private sector to tackle the cybersecurity challenges posed by the transition to quantum-resistant cryptography. Additionally, the memorandum mandates regular engagements and reports concerning the risks quantum computers pose, emphasizing the need for an updated inventory of cryptographic systems across federal agencies.
Furthermore, the memorandum underscores the necessity for Federal agencies to update their cryptographic systems to withstand quantum computing threats, highlighting an integrated approach across governmental and private sectors to accelerate the adoption of secure cryptographic standards.
More specifically, the memorandum sets a target year of 2035 for the transition to quantum-resistant cryptographic systems. To facilitate this transition, the implementation of cryptographic agility frameworks is prioritized. Both the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) are pivotal in this effort, tasked with developing and setting technical standards expected to be ratified by 2024. This section also outlines a comprehensive timeline for agency actions over the next year, with ongoing reporting obligations extending into the future.
Next section of the memorandum highlights the critical need to safeguard relevant quantum Research & Development (R&D) and intellectual property (IP) from potential threats such as cybercrime and theft. The U.S. government is committed to launching educational campaigns targeting various sectors including industry, academia, and state and local entities. These campaigns will focus on the risks associated with IP theft and the importance of adhering to stringent compliance measures, enhancing insider threat detection, and supporting federal law enforcement efforts.
By the end of 2022, agency heads involved with quantum information science (QIS) technologies are mandated to develop detailed technology protection plans. These plans, aimed at securing QIS R&D, technology acquisition, and user access, will be reviewed and updated annually. Reports on these plans will be submitted to high-level officials, including the Assistant to the President for National Security Affairs (APNSA), the Director of the Office of Management and Budget (OMB), and the Co-Chairs of the National Science and Technology Council Subcommittee on Economic and Security Implications of Quantum Science.
These sections of the memorandum highlight a structured and long-term approach by the U.S. government to not only advance in the field of quantum computing but also to ensure that these advancements are secure, sustainable, and protected against any form of exploitation or threat.
This strategic move is part of a broader effort by the Biden administration to maintain technological leadership and secure national and economic interests against emerging cyber threats.
