iscover
ReporterShare this article on:
Powered by
MOMENTUM
MEDIA
US President Joe Biden has signed into law the Quantum Computing Cybersecurity Preparedness Act, which sets the Office of Budget Management the task of complying with updated security advice from the National Institute of Standards and Technology regarding “post-quantum cryptography standards”.
As a part of the bill, federal agencies will be required to keep an up-to-date inventory of any IT systems that are vulnerable to quantum decryption methods as a part of this guidance. Agencies will then need to report these inventories to the OMB by December 2023.
Armed with this information, the Office of Budget Management (OBM) — working with the National Cyber Director and the Cybersecurity and Infrastructure Security Agency — will provide advice on the migration of government systems to post-quantum cryptography.
Once all of this is in train, in March of 2024, the OMB will be required to report on possible encryption weaknesses within federal agencies, and the funding required to address them. Further reports are expected to be provided to the Senate Committee on Homeland Security and Governmental Affairs every year following, for at least five years.
With their expected computing power, quantum computers are expected to be a severe risk to current encryption standards.
At the same time, the US Department of Defense (DoD) has been given an unusual carte blanche when it comes to its software spending for the next two years.
Under an omnibus spending bill for the financial year 2023, the DoD is taking part in a pilot program that sees it able to make software purchases without going through the usual lengthy procurement process that traditionally controls defence spending. Given the fast-moving nature of security environments, among others, the DoD found business as usual to be far too cumbersome.
The more open program may see expansion beyond the current two-year time period, but only if Congress is pleased with its results.
Be the first to hear the latest developments in the cyber industry.
