Quantum risks are being considered in the White House

The Biden administration has issued instructions to ensure US leadership in quantum computing and a memorandum on reducing security risks.

At least since the early 1990s, computer scientists have warned that quantum computing, despite its potential to provide exponentially more powerful capabilities, can break traditional encryption techniques and expose IT systems to the naked eye, especially cybercriminals. As the era of quantum computing approaches, the Biden administration has announced that it is taking steps to develop this area while reducing security risks.

Last week, the White House published two papers on quantum information science (QIS). The first is the Order (EO) on “Ensuring America’s Continuing Leadership in Quantum Informatics and its Technological Applications”. The second is a memorandum on national security, which sets out “key steps needed to maintain the country’s competitiveness in quantum information science (QIS) while reducing cybersecurity risks from quantum computers, the economy and national security.” According to a spokesman for the administration, the EO and the note represent a “third line” of efforts, in addition to those already made by the administration to modernize cybersecurity efforts and increase US competitiveness.

Strengthening the National Quantum Initiative Advisory Committee

The first directive, an executive order, aims to develop QIS, transferring the National Advisory Committee on Quantum Initiative, the federal government’s main independent expert advisory body on quantum information science and technology, to the White House.

The National Quantum Initiative, established by legislation known as the NQI Act, covers the activities of departments and executive agencies that are members of the National Science and Technology Council (NSTC) Subcommittee on Quantum Information (SCQIS) or the NSTC Subcommittee. on the Economic Implications of Quantum Science and Security (ESIX). Under the new decree, the 26-member INQ Advisory Board will advise the President, SCQIS and ESIX on the INQ program. The committee will have two co-chairs and will meet twice a year. The White House plans to announce committee members in the coming weeks.

Promote US leadership in quantum computing and reduce risk

The National Security Memorandum (NSM) plans to address the risks associated with quantum encryption. It sets national policies to promote US leadership in this area and initiates collaboration between the federal government, industry and academia as the country begins to move to new quantum-stable cryptographic standards developed by the National Institute of Standards and Technology (NIST). The NSA is also separately developing technical standards for quantum-strong cryptography. The first sets of these standards are expected to be released by 2024.

NSM also provided agencies with a detailed roadmap for inventorying their IT systems for quantum-vulnerable cryptography, which sets out requirements for establishing and performing specific stages of cryptocurrency migration in the following timeframes:

– By August 2, 2022: agencies that fund research, development or acquisition of quantum computers must agree with the director of the Office of Science and Technology Policy “to ensure a holistic national strategy to promote QIS and technology protection, including on labor issues “;

– By 31 October 2022 and each year thereafter: the Minister of the Interior, through the Director of the Cybersecurity and Infrastructure Security Agency (CISA) and in coordination with industry risk management agencies, should interact with critical infrastructure and state and local, tribal and territorial partners (SLTT) on the risks posed by quantum computers. The Chief Security Officer should also report annually to the OMB Director, the APNSA National Security Assistant to the President (APNSA) and the National Cyber ​​Security Director, who will provide recommendations for accelerating the migration of these structures to quantum resilience. cryptography;

– By 4 May 2023 and every year thereafter: the heads of all Federal Civil Enforcement Agencies (FCEBs) must submit to the Director of CISA and the National Director of Cyber ​​Security a list of their remaining CRQC-vulnerable computer systems, with a particular focus on assets high cost and high impact systems; the Director of the NSA, as well as the National Director, in consultation with the Minister of Defense and the Director of National Intelligence, provides advice on migration, implementation and implementation of robust quantum cryptography and NSS monitoring;

– By October 18, 2023, and then on an annual basis: The National Director of Cybersecurity, based on vulnerable inventories and in agreement with the Director of CISA and the Director of NIST, must report to APNSA and the Director of OMB on the progress made by FCEB in their transition from computer systems that do not belong to the NSS, to quantum-stable cryptography;

– By October 31, 2023 and every year thereafter: the NSA should publish an official schedule for ending support for vulnerable cryptography in the NSS until the transition to quantum-stable cryptography is completed;

– By December 31, 2023, agencies that manage NSS must implement symmetric key protection (for example, High Assurance Internet Protocol Encryptor (HAIPE) or symmetric VPN solutions) to provide additional protection for the exchange of keys with quantum vulnerabilities;

– Within 90 days of the publication of the first set of NIST standards for quantum-robust cryptography and in subsequent years, if necessary, the Minister of Trade, through the NIST Director, publishes a proposed timetable for ending the use of quantum vulnerable cryptography in standards. . This chart aims to bring the maximum number of systems out of quantum vulnerable cryptography within ten years after the release of the initial set of standards. Within one year of the publication of the NIST standards, the OMB Director, in coordination with the CISA Director and the NIST Director, issues a memorandum requiring FCEBs to develop an implementation plan. strong quantum cryptography;

– Within one year of the NSA’s publication of its quantum cryptography and annually thereafter, the heads of agencies operating or servicing the NSS shall report to the national leadership and, as appropriate, the CIO or the Community Intelligence CIO, as appropriate, the initial transition plan. quantum-stable cryptography in all SSNs.

Protecting the Intellectual Property of Quantum Computing in the United States

The NSM also establishes provisions for the protection of US intellectual property in quantum computing. He notes that some safeguards may include “counterintelligence measures, targeted export controls and campaigns to educate industry and academia on the threat of cybercrime and theft of intellectual property.”

It encourages agencies to “understand the security implications of competitive use and take these security implications into account when implementing new policies, programs and projects.” According to this goal, the note states that by December 31, 2022, the heads of agencies that finance, develop or purchase quantum computers or related QIS technologies should develop comprehensive technology protection plans to protect research and development, acquisition and QIS user access.