# Biden Signs Post-Quantum Cybersecurity Guidelines Into Law

# Biden Signs Post-Quantum Cybersecurity Guidelines Into Law
Source URL: https://www.darkreading.com/risk/biden-signs-post-quantum-cybersecurity-guidelines-into-law
Date: 20221222T2100

On Dec. 21, the US government's plan for transitioning to post-quantum
cryptography became law, committing the Office of Management and Budget
(OMB) to scope out compliance with the recent NIST guidelines.

US President Joe Biden [signed into law][1] HR 7535, the [Quantum
Computing Cybersecurity Preparedness Act][2], which has two main
components. First, the OMB is required to "prioritize" the switchover to
PQC within a year of NIST issuing its new guidelines. That means that by
[July 5][3], 2023, OMB should begin moving toward implementing the
[NIST-approved cryptographic algorithms][4] to protect systems in the
executive branch.

The second component of the new law gives the OMB one year from the
signing of the bill â€” so, by Dec. 21, 2023 â€” to send Congress a
report outlining its strategy, asking for funds for the transition to
quantum-safe systems, and detailing its efforts to coordinate with
international standards organizations and other consortia.

The OMB issued a [memorandum on Nov. 18][5] for agencies to run an audit
of systems vulnerable to cryptanalytically relevant quantum computers
(CRQCs) by May 4, 2023, which should help the agency reach its
deadlines. That memo [comports with][6] Biden's [national security
memorandum][7] from the year before that "directs specific actions for
agencies to take as the United States begins the multi-year process of
migrating vulnerable computer systems to quantum-resistant
cryptography."

Quantum computers will need to become more powerful in order to break
current cryptography, but it's not just power that makes CRQCs a threat.
[Shor's algorithm][8], which is specific to quantum computing, creates a
shortcut that makes decrypting most existing encryption much easier.

The new law also gives the OMB six months from its signing to work with
the National Cyber Director and the director of the Cybersecurity and
Infrastructure Security Agency (CISA) to "issue guidance on the
migration of information technology to post-quantum cryptography."

The OMB may be working on that with acting cyber director Kemba Eneas
Walden, however, since the current director, Chris Inglis, announced on
Wednesday that he will be [stepping down][9] within the next two months.

Keep up with the latest cybersecurity threats, newly-discovered
vulnerabilities, data breach information, and emerging trends. Delivered
daily or weekly right to your email inbox.

[Subscribe][10]

[1]: https://www.fedscoop.com/biden-signs-quantum-computing-cybersecurity-act-into-law/
[2]: https://www.congress.gov/bill/117th-congress/house-bill/7535
[3]: https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms
[4]: https://www.darkreading.com/emerging-tech/nist-picks-four-quantum-resistant-cryptographic-algorithms
[5]: https://www.whitehouse.gov/wp-content/uploads/2022/11/M-23-02-M-Memo-on-Migrating-to-Post-Quantum-Cryptography.pdf
[6]: https://www.darkreading.com/vulnerabilities-threats/white-house-moves-to-shore-up-cybersecurity-ahead-of-quantum-breakthroughs
[7]: https://www.whitehouse.gov/briefing-room/statements-releases/2022/05/04/national-security-memorandum-on-promoting-united-states-leadership-in-quantum-computing-while-mitigating-risks-to-vulnerable-cryptographic-systems/
[8]: https://www.darkreading.com/dr-tech/how-quantum-physics-leads-to-decrypting-common-algorithms
[9]: https://edition.cnn.com/2022/12/21/politics/white-house-cyber-official-chris-inglis-to-step-down/index.html
[10]: https://darkreading.tradepub.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa3135&ch=dr_eoa (Subscribe)