WHY THIS MATTERS IN BRIEF
What if there was a powerful enough computer platform emerging which could crack 70% of global encryption in minutes and reveal your secrets? Worried? Then read on …
Years, perhaps even decades on from the original realisation that one day powerful quantum computers could crack over 70% of all the worlds encryption in minutes, for 256 Bit encryption, or in just 8 hours for 2,048 Bit encryption, the White House’s Office of Management and Budget (OMB) has finally released their first memorandum outlining the need for federal agencies’ “to begin the migration to post-quantum cryptography ahead of the onset of operational quantum computers.”
And, bearing in mind that according to organisations like National Institute of Standards and Technology it takes organisations up to 15 years to change their encryption systems and that quantum computers in 2025 should be able to crack encryption you could say the memorandum, as with most new government technology policies, is very late to the party.
The Future of Cyber Insecurity, by keynote Matthew Griffin
Preparatory measures the OMB recommends federal entities follow the lead of President Joe Biden’s earlier executive order enhancing the US’s cyber defense posture. The new memo establishes requirements for federal agencies to inventory their current cryptographic hardware and software systems, emphasizing high value assets and high impact systems that demand extra cybersecurity protocols.
Agency leadership will then be tasked with compiling this information in a report containing their individual summaries on higher risk information assets and systems for the Office of the National Cyber Director and Cybersecurity and Infrastructure Security Agency to help budget, plan, and execute the transition from standard to effective post-quantum cryptography.
OMB officials specify that the high-risk systems submitted by agencies will primarily handle sensitive data that can be exploited by any quantum hacking attempts.
“The Biden-Harris Administration is working to ensure US leadership in the emerging field of quantum computing,” Chris DeRusha, the federal chief information security officer, told reporters in a statement. “This global technology race holds both great promise and threats. We are prioritizing our efforts to secure the Federal Government’s sensitive data against potential future compromise by quantum computers; this action signifies the start of a major undertaking to prepare our Nation for the risks presented by this new technology.”
Agencies will have until May 4, 2023 to complete OMB’s request. Within 30 days of the memo’s release, agencies will be tasked with designated a lead for collecting cryptographic systems information. OMB will continue releasing instructions for the collection of the systems inventory.
According to a statement from OMB the migration to post-quantum cryptographic standards will be the most significant to date, and take several years to complete. And let’s face it a goal of seven years in the federal sector really means over a decade in the real world.
Within one year of this new memo’s publication, CISA will help release new strategies for migration, in conjunction with the NIST and the National Security Agency (NSA).
OMB recommended that as they inventory their information systems, federal agencies should collaborate with software vendors to identify post quantum cryptography testing opportunities within their networks, speaking to the Biden administration’s push for public-private sector collaboration.
Several federal agencies have been working in tandem to push the post-quantum migration in government digital networks. NIST previously released four quantum-resistant algorithms to facilitate and expedite updating current code, one of which then got cracked with basically a bloke and his laptop … but, despite that, these will be part of NIST’s ongoing Post-Quantum Cryptography initiative, which is expected to be finalized within two years.