Biden’s cybersecurity order opens our post-quantum era
(TheHill) Arthur Herman, senior fellow at the Hudson Institute and director of the Quantum Alliance Initiative. discusses the recent White House National Security Memorandum that was issued last month. Inside Quantum Technology summarizes here.
For the first time, this National Security Memorandum focuses our national security concerns on the future threat of large-scale quantum computers to encrypted data, which means everything from government records and classified data to credit cards and banking transactions.
Experts disagree on how soon we will see quantum computers of that size and capability. A recent RAND report says it might take 15 years; the CEO of Google, however, has stated publicly he thinks it could happen as soon as five or 10 years from now. One thing is clear: the one country that has the resources to do this besides the United States is China, the same regime that has waged cyber war on America and democratic states for two decades.
With this threat in mind, the White House has issued a landmark document, National Security Memorandum 8 (NSM-8), that pushes the government’s cybersecurity into the post-quantum era: the first official step to making America’s national security apparatus quantum ready and quantum safe.
The memorandum gave the National Security Agency 30 days to begin updating the Commercial National Security Algorithm Suite (CNSA), a process that will include adding quantum-resistant cryptography, CNSA being the collection of secure algorithms approved for use by all encrypted data users, including the private sector.
Within 180 days, agencies that handle national security systems are supposed to identify any and all “instances of encryption not in compliance with NSA-approved Quantum Resistant Algorithms,” or the updated CNSA, and to draw up “a timeline to transition these systems to use compliant encryption, to include quantum resistant encryption.”
The next and most vital step is execution. Here’s where Congress has to step up, with oversight, funding and making sure that what needs to be done to confront a future quantum security threat gets done. That includes demanding a full briefing from the White House for key congressional committees, along with other federal agencies, on what the implications of NSM-8 are for our nation’s cyber future. This is particularly true for alerting the private sector, including our financial services sector and corporate sector where replacing the RSA-based systems will require years of work and continual updating.
In the final analysis, we are going to need an all-of-government approach to dealing with the gravest cybersecurity threat of this generation — indeed, the greatest threat of this century.