On 4 May 2022, the White House published two presidential directives related to quantum computing, signed by the US President Joe Biden.
What Are the Presidential Directives About?
The first directive is an executive order outlining the administration’s policies and initiatives to foster US leadership in Quantum Information Sciences (QIS) and quantum computing.
According to the White House Fact Sheet, quantum computing is evolving at great velocity, and the recent breakthroughs in QIS demonstrate significant potential to drive innovations and create rich opportunities in the fields of science, finance, pharmaceuticals, and energy. To make the most of this transformative technology and establish US as the global leader in QIS, the executive order defines policies for investments in core QIS research programs, an expansion of education and workforce programs, and establishing partnerships with industry and academic institutions.
The executive order also calls for collaboration between the government and the private sector to promote research and development in QIS and drive widespread adoption of quantum-resilient cryptographic standards and technologies.
The second presidential directive is a National Security Memorandum (NSM) that sets specific goals to effectively address the potential risks quantum computers will pose to the Nation’s security.
Despite the many promising opportunities and benefits, quantum computing poses significant security risks. As highlighted in the memo, a cryptanalytically relevant quantum computer (CRQC), one with sufficient size and sophistication, will be capable of breaking much of today’s public-key cryptography. It could “jeopardize civilian and military communications, undermine supervisory and control systems for critical infrastructure, and defeat security protocols for most Internet-based financial transactions.”
To mitigate the risks of CRQCs, the NSM lays out a roadmap for “a timely and equitable transition” of today’s cryptographic systems to quantum‑resistant cryptographic standards.
What Does It Mean to Organizations?
It is no news that quantum computers can easily break today’s public key cryptography. But it was assumed that this eventuality was several years away. However, the NSM makes it clear that quantum computing is no longer a pie in the sky but a fast-approaching reality and something that requires careful risk assessment and planning.
Large-scale supercomputers that can perform complex calculations at unprecedented speed are expected to be available as early as 2030 and can fuel the ability to break today’s widely used RSA and ECC asymmetric encryption algorithms in minutes, rendering digital communications completely exposed. It is believed that threat actors are stealing and hoarding encrypted data today for future decryption when quantum computers become operational.
As quantum computing matures, new threats will emerge. So, it’s vital that we start preparing now. The Presidential directive is a great beginning to that journey. As part of the preparation for a post-quantum future, the memorandum recommends transitioning to quantum-resistant cryptographic standards when they become available. It directs the National Institute of Standards and Technology (NIST) and National Security Agency (NSA) to develop technical standards for quantum‑resistant cryptography and expects the first set of standards to be publicly released by 2024.
To put all of this in a nutshell, when the quantum-resistant encryption standards arrive, today’s cryptographic standards will soon be deprecated and replaced with newer standards. Protecting digital assets and preventing cyberattacks will then come down to how quickly organizations can migrate their cryptographic systems to quantum-resistant standards. The longer it takes to transition, the more the risk of exposure.
Given the complexity, costs, and time involved in upgrading cryptographic systems, now is the time to scale up efforts in making the public key infrastructure (PKI) more flexible and adaptable for quantum-resistant standards.
“Implementing approved quantum-resistant cryptographic solutions across all of our systems will not happen overnight, but it’s critical that we chart a path to get there considering the potential threat of quantum computing.”
– Rob Joyce, NSA Cybersecurity Director and Deputy National Manager for National Security Systems. (As quoted in the National Security Agency (NSA) Press Release)