White House gives federal agencies May 2023 deadline to provide list of quantum-vulnerable cryptographic systems
The Office of Management and Budget has given federal agencies until May 4 next year to provide an inventory of assets containing cryptographic systems that could be cracked by quantum computers.
In a Nov. 18 memo, the White House set out the deadline and said government departments would be expected to subsequently provide an annual vulnerability report until 2035.
The fresh guidance comes amid fears that significant leaps in quantum technology being made by countries hostile to the United States, including China, could allow existing forms of secure encryption to be cracked much more quickly.
In September, the National Security Agency issued guidance in which it set out requirements for owners and operators of national security systems to start using post-quantum algorithms by 2035.
In the Nov. 18 memo, OMB said agencies should focus their efforts first on producing an inventory for their most sensitive systems.
The White House said also that within 30 days, federal agencies should designate a cryptographic inventory and migration lead for their organization, and within 90 days of the memo publication, the Office of the National Cyber Director in coordination with OMB, CISA and the FedRAMP Program Management Office would produce instructions for the collection and transmission of inventory of crypto-vulnerable systems.
OMB said also in its memo that agencies would be required to submit to both the ONCD and the White House an assessment of extra funding needed for the adoption of post-quantum cryptography within 30 days.
It added that a working group for post-quantum cryptographic systems will be established, which will be chaired by the federal chief information security officer.
In a statement, Federal CISO Chris DeRusha said: “The Biden-Harris Administration is working to ensure U.S. leadership in the emerging field of quantum computing.”
“This global technology race holds both great promise and threats,” he added. “We are prioritizing our efforts to secure the Federal Government’s sensitive data against potential future compromise by quantum computers; this action signifies the start of a major undertaking to prepare our Nation for the risks presented by this new technology.”