The White House weighs in on quantum risks Computerworld

The Biden administration issued an executive order to ensure American leadership in quantum computing and a memorandum to mitigate security risks.

Since at least the early 1990s, computer scientists warned that quantum computing, despite its potential to provide exponentially more powerful capabilities, can break traditional encryption methods and expose IT systems to prying eyes, particularly those of cybercriminals. As the era of quantum computing approaches, the Biden administration has announced that it is taking steps to develop this area while mitigating security risks.

Last week, the White House released two papers on quantum information science (QIS). The first is a decree (EO) to “ensure continued American leadership in quantum information science and its technological applications.” The second is a national security memorandum which sets out “the key steps needed to maintain the country’s competitive advantage in the field of quantum information science (QIS) while mitigating the risks of quantum computers to the country’s cybersecurity, economy and national security ,”. The EO and memo represent a “third line” of efforts beyond those already undertaken by the administration to modernize cybersecurity efforts and improve U.S. competitiveness, an administration official said.

Strengthen the Quantum Initiative National Advisory Committee

The first directive, the Executive Order, seeks to advance the QIS by placing the National Quantum Initiative Advisory Committee, the federal government’s primary independent expert advisory body for quantum information science and technology, under the authority of the White House.

The National Quantum Initiative, established by legislation known as the NQI Act, encompasses the activities of departments and executive agencies that are members of the National Science and Technology Council (NSTC) Subcommittee on Quantum Information (SCQIS) or NSTC Subcommittee. on the economic and security implications of quantum science (ESIX). Under the new decree, the INQ Advisory Board, consisting of up to 26 members, will advise the President, SCQIS and ESIX on the INQ program. The committee will have two co-chairs and will meet twice a year. The White House plans to announce the members of the committee in the coming weeks.

Promoting US leadership in quantum computing and mitigating risk

The National Security Memorandum (NSM) plans to address the risks posed to encryption by quantum computing. It establishes a national policy to promote U.S. leadership in this area and initiates collaboration between the federal government, industry, and academia as the country begins to migrate to new quantum-resistant cryptographic standards developed by the National Institute of Standards and Technology (NIST). The NSA is also separately developing technical standards for quantum strong cryptography. The first sets of these standards are expected to be made public by 2024.

The NSM has also provided a detailed roadmap for agencies to inventory their IT systems for quantum-vulnerable cryptography, which sets out requirements to establish and meet specific milestones for crypto migration within the following timelines:

– By August 2, 2022: Agencies that fund research, develop, or acquire quantum computers must coordinate with the Director of the Office of Science and Technology Policy “to ensure a cohesive national strategy for the promotion of QIS and the protection of technology, including for labor issues”;

– By October 31, 2022, and each year thereafter: The Secretary of Homeland Security, through the Director of the Cybersecurity and Infrastructure Security Agency (CISA), and in coordination with industry risk management agencies, must engage with critical infrastructure and state, local, tribal and territorial (SLTT) partners regarding the risks posed by quantum computers. The Head of Homeland Security must also provide an annual report to the Director of OMB, the APNSA Assistant to the President for National Security Affairs (APNSA), and the National Director of Cybersecurity that includes recommendations to expedite the migration from these entities towards quantum resistant cryptography;

– By May 4, 2023, and each year thereafter: Heads of all Federal Civilian Executive Branch (FCEB) agencies must submit to the Director of CISA and the National Director of Cybersecurity an inventory of their remaining computer systems vulnerable to CRQCs, with particular emphasis on high-value assets and high-impact systems; likewise the Director of the NSA, as National Director, in consultation with the Secretary of Defense and the Director of National Intelligence, shall provide advice on the migration, implementation and implementation of resistant cryptography to quanta, and monitoring of the NSS;

– By October 18, 2023 and on an annual basis thereafter: the National Cybersecurity Director, based on vulnerable inventories and in coordination with the Director of CISA and the Director of NIST, must submit a situation report to APNSA and the Director of OMB on the progress made by the FCEB agencies on their migration from non-NSS computer systems to quantum resistant cryptography;

– By October 31, 2023, and each year thereafter: the NSA must publish an official timetable for the deprecation of vulnerable cryptography in the NSS until the migration to quantum-resistant cryptography is complete;

– By December 31, 2023, agencies managing the NSS must implement symmetric key protections (such as High Assurance Internet Protocol Encryptor (HAIPE) exclusion keys or VPN symmetric key solutions) to provide additional protection for quantum-vulnerable key exchange;

– Within 90 days of the publication of the first set of NIST standards for quantum-resistant cryptography, and in subsequent years as necessary, the Secretary of Commerce through the Director of NIST, shall publish a proposed timeline for deprecation of quantum vulnerable cryptography in standards. This timeline aims to move the maximum number of systems out of quantum vulnerable cryptography within a decade of the release of the initial set of standards. Within one year of publication of the NIST standards, the Director of OMB, in coordination with the Director of CISA and the Director of NIST, shall issue a policy memorandum requiring FCEB agencies to develop an implementation plan. upgrade their non-NSS computer systems for quantum strong cryptography;

– Within one year of the NSA’s publication of its quantum-strength cryptography and annually thereafter, heads of agencies operating or maintaining the NSS must submit to the national lead and, as applicable, the CIO Department of Defense or the CIO of the Intelligence Community, depending on their respective jurisdictions, an initial plan to transition to quantum resistant cryptography in all SSNs.

Protecting Quantum Computing Intellectual Property in the United States

The NSM also sets out provisions to secure US intellectual property on quantum computing. He notes that some protection mechanisms may include “counterintelligence measures, well-targeted export controls, and campaigns to educate industry and academia about the threat of cybercrime and intellectual property theft.”

It encourages agencies to “understand the security implications of adversarial use and consider these security implications when implementing new policies, programs, and projects.” Consistent with this goal, the memo states that by December 31, 2022, heads of agencies that fund, develop, or acquire quantum computers or related QIS technologies must develop comprehensive technology protection plans to protect R&D. , QIS user acquisition and access.

We want to thank the author of this article for this awesome web content

The White House weighs in on quantum risks Computerworld

Explore our social media profiles and other related pages