Tech

White House gives federal agencies May 2023 deadline to provide list of quantum-vulnerable cryptographic systems

Under new guidance, government departments will have to provide an annual inventory of algorithms that could be cracked by quantum computers.

By John Hewitt Jones and Nihal Krishan

November 18, 2022

WASHINGTON, DC - SEPTEMBER 30: U.S. President Joe Biden delivers remarks on the federal government's response to Hurricane Ian in the Roosevelt Room at the White House on September 30, 2022 in Washington, DC. (Photo by Chip Somodevilla/Getty Images)

The Office of Management and Budget has given federal agencies until May 4 next year to provide an inventory of assets containing cryptographic systems that could be cracked by quantum computers.

In a Nov. 18 memo, the White House set out the deadline and said government departments would be expected to subsequently provide an annual vulnerability report until 2035.

The fresh guidance comes amid fears that significant leaps in quantum technology being made by countries hostile to the United States, including China, could allow existing forms of secure encryption to be cracked much more quickly.

In September, the National Security Agency issued guidance in which it set out requirements for owners and operators of national security systems to start using post-quantum algorithms by 2035.

In the Nov. 18 memo, OMB said agencies should focus their efforts first on producing an inventory for their most sensitive systems.

The White House said also that within 30 days, federal agencies should designate a cryptographic inventory and migration lead for their organization, and within 90 days of the memo publication, the Office of the National Cyber Director in coordination with OMB, CISA and the FedRAMP Program Management Office would produce instructions for the collection and transmission of inventory of crypto-vulnerable systems.

OMB said also in its memo that agencies would be required to submit to both the ONCD and the White House an assessment of extra funding needed for the adoption of post-quantum cryptography within 30 days.

It added that a working group for post-quantum cryptographic systems will be established, which will be chaired by the federal chief information security officer.

In a statement, Federal CISO Chris DeRusha said: “The Biden-Harris Administration is working to ensure U.S. leadership in the emerging field of quantum computing.”

“This global technology race holds both great promise and threats,” he added. “We are prioritizing our efforts to secure the Federal Government’s sensitive data against potential future compromise by quantum computers; this action signifies the start of a major undertaking to prepare our Nation for the risks presented by this new technology.”

White House gives federal agencies May 2023 deadline to provide list of quantum-vulnerable cryptographic systems

More Like This

ICE pursuing privacy approvals related to controversial phone location data

House Modernization panel advances bill to improve CRS’s data access in first-ever markup

White House hopeful ‘more maturity’ of data collection will improve AI inventories

Top Stories

GSA welcomes nominations for advisory committee focused on federal transparency efforts

Security flaws in IRS systems pose risk to financial statements, GAO says

DHS launches safety and security board focused on AI and critical infrastructure

DOJ seeks public input on AI use in criminal justice system

DHS picks OMB official to lead its new AI Corps

CISA’s chief data officer: Bias in AI models won’t be the same for every agency

Scientists must be empowered — not replaced — by AI, report to White House argues

GSA taps Login.gov deputy director to take top role next month

More Scoops

Cybersecurity executive order requirements are nearly complete, GAO says

AI talent role, releasing code, deadline extension among additions in OMB memo

White House unveils AI governance policy focused on risks, transparency

Federal agencies take ‘most important’ first step with inventorying cryptography ahead of quantum migration, OMB official says

Inventories to be ‘more central part’ of understanding how agencies use AI under White House guidance

Are federal agencies’ post-quantum cryptography preparations on track?

White House federal agency AI guidelines may focus on pilots and info sharing

Latest Podcasts

White House gives federal agencies May 2023 deadline to provide list of quantum-vulnerable cryptographic systems

CISA is building an automated ransomware warning program

GSA’s Login.gov platform gets a new director

DOD’s Ashley Elizabeth Evans on effectively implementing AI

Tech

Defense

Cyber

Acquisition