White House gives federal agencies May 2023 deadline to provide list of quantum vulnerable cryptosystems


Written by John Hewitt Jones and Nihal Krishan

The Office of Management and Budget has given federal agencies until May 4 next year to provide an inventory of assets containing cryptosystems that could be hacked by quantum computers.

In a Nov. 18 memo, the White House set the deadline and said departments should then provide an annual vulnerability report through 2035.

The new guidance comes amid fears that significant advances in quantum technology by countries hostile to the United States, including China, will allow existing forms of secure encryption to be cracked much faster.

In September, the National Security Agency released guidance setting out requirements for owners and operators of national security systems to begin using post-quantum algorithms by 2035.

In the Nov. 18 memo, the OMB said agencies should first focus their efforts on producing an inventory of their most sensitive systems.

The White House also said that within 30 days, federal agencies should designate a crypto inventory and migration lead for their organization, and within 90 days of the memo’s release, the Office of the National Director of cybersecurity in coordination with OMB, CISA and the FedRAMP program. The management office would produce instructions for collecting and transmitting inventory of crypto-vulnerable systems.

The OMB also said in its memo that agencies would be required to submit to both the ONCD and the White House an assessment of the additional funding needed for post-quantum crypto adoption within 30 days.

He added that a working group on post-quantum cryptographic systems will be created, which will be chaired by the federal head of information security.

In a statement, Federal CISO Chris DeRusha said, “The Biden-Harris administration is working to secure American leadership in the emerging field of quantum computing.”

“This global technology race is both promising and threatening,” he added. “We are prioritizing our efforts to secure sensitive federal government data from possible future compromise by quantum computers; this action marks the beginning of a major undertaking to prepare our Nation for the risks presented by this new technology.


Comments are closed.