The Biden administration issued an executive order to secure US leadership in quantum computers and a memorandum to reduce security risks.
At least since the early 1990s, computer scientists have warned that quantum computers, despite their potential to provide exponentially more powerful capabilities, could break with traditional encryption methods and expose IT systems to prying eyes, especially cybercriminals. As the era of quantum computing approaches, the Biden administration has announced that it is taking steps to develop this area while reducing security risks.
Last week, the White House published two articles on quantum information science (QIS). The first is a proclamation (EO) to “ensure continued American leadership in quantum information science and its technological applications.” The second is a national security memorandum outlining “key steps needed to maintain the country’s competitive advantage in quantum information science (QIS), while mitigating cybersecurity risks from quantum computers, the country’s economy and national security”. The EO and the memo represent a “third line” of action in addition to those already launched by the administration to modernize cyber security efforts and improve U.S. competitiveness, an administration official said.
Strengthen the Quantum Initiative National Advisory Committee
The first directive, the Executive Order, seeks to advance QIS by placing the National Quantum Initiative Advisory Committee, the federal government’s primary independent expert advisory body on quantum information science and technology, under the authority of the White House.
The National Quantum Initiative, established by legislation known as the NQI Act, covers the activities of departments and executive agencies that are members of the National Science and Technology Council (NSTC) Subcommittee on Quantum Information (SCQIS) or the NSTC Subcommittee. on the economic and safety implications of quantum science (ESIX). Under the new decree, the INQ Advisory Board, consisting of up to 26 members, will advise the President, SCQIS and ESIX on the INQ program. The committee will have two chairmen and meet twice a year. The White House plans to announce the members of the committee in the coming weeks.
Promote US leadership in quantum computers and reduce risk
The National Security Memorandum (NSM) plans to address the risks associated with the encryption of quantum computers. It establishes a national policy to advance U.S. leadership in this area and initiates cooperation between the federal government, industry, and academia as the country begins to migrate to new quantum-resistant cryptographic standards developed by the National Institute of Standards and Technology (NIST). The NSA is also developing separate technical standards for quantum strong cryptography. The first sets of these standards are expected to be published in 2024.
NSM has also provided a detailed roadmap for agencies to inventory their IT systems for quantum vulnerable cryptography, which sets out requirements to establish and meet specific crypto-migration milestones within the following timelines:
– By 2 August 2022: Agencies that fund research, develop or procure quantum computers must coordinate with the Director of the Office of Science and Technology Policy “to ensure a coherent national strategy to promote QIS and technology protection, including for work issues ”;
– By 31 October 2022 and every year thereafter: The Secretary of Homeland Security must, through the Director of the Cybersecurity and Infrastructure Security Agency (CISA) and in coordination with industry risk management agencies, engage in critical infrastructure and state, local, tribal and territorial (SLTT) ) partners regarding the risks of quantum computers. The Head of Homeland Security will also provide an annual report to the Director of OMB, the APNSA Assistant to the President of National Security Affairs (APNSA) and the National Director of Cyber Security, which include recommendations to accelerate the migration of these devices towards quantum-resistant cryptography;
– By May 4, 2023 and every year thereafter: Heads of all Federal Civilian Executive Branch (FCEB) agencies must submit a statement of their remaining computer systems vulnerable to CRQCs to the Director of CISA and the National Director of cyber security. on high value assets and high power systems; likewise, the Director of the NSA, as the National Director, in consultation with the Secretary of Defense and the Director of the National Intelligence Service, shall advise on the migration, implementation and implementation of resistant cryptography for quantum and surveillance of the NSS;
– By 18 October 2023 and on an annual basis thereafter: the National Cyber Security Director, based on vulnerable statements and in coordination with the Director of CISA and the Director of NIST, shall submit a progress report to APNSA and the Director of OMB regarding. advances made by FCEB agencies with their migration from non-NSS computer systems to quantum resistant cryptography;
– By 31 October 2023 and every year thereafter: the NSA must publish an official timetable for the depreciation of vulnerable cryptography in the NSS, until the migration to quantum-resistant cryptography is completed;
– By 31 December 2023, agencies managing the NSS must implement symmetric key protections (such as High Assurance Internet Protocol Encryptor (HAIPE) exclusion keys or VPN symmetric key solutions) to provide additional protection for quantum vulnerable key exchanges;
– Within 90 days of the publication of the first set of NIST standards for quantum resistant cryptography, and in subsequent years as required, the Minister of Commerce, through the Director of NIST, will publish a proposed timeline for the depreciation of quantum vulnerable cryptography in standards. This timeline aims to move the maximum number of systems out of quantum vulnerable cryptography within a decade of the release of the initial set of standards. Within one year of the publication of the NIST standards, the Director of OMB, in coordination with the Director of CISA and the Director of NIST, shall issue a policy memorandum requiring FCEB agencies to develop an implementation plan. upgrade their non-NSS computer systems to quantum strong cryptography;
– Within one year of the publication by the NSA of its quantum power cryptography and annually thereafter, the heads of agencies operating or maintaining the NSS must submit to the National Leader and, where applicable, the CIO Department of Defense or the CIO for the Intelligence Community, as the case may be. their respective jurisdictions, an initial plan for transition to quantum-resistant cryptography in all SSNs.
Protection of Quantum Computing Intellectual Property in the United States
NSM also sets forth provisions to secure U.S. intellectual property rights on quantum computers. He notes that some safeguards may include “counter-intelligence measures, well-targeted export controls and campaigns to educate industry and academia about the threat of cybercrime and intellectual property theft.”
It encourages agencies to “understand the security implications of conflicting uses and consider these security implications when implementing new policies, programs and projects.” In line with this goal, the memorandum states that by 31 December 2022, managers of agencies that finance, develop or acquire quantum computers or related QIS technologies must develop comprehensive technology protection plans to protect R&D. , QIS user acquisition and access.