Quick review of the Office of Management and Budget Post-Quantum Cryptography Report
The Office of Management and Budget (OMB) just dropped this report because:
- Quantum computers might soon crack today’s cryptography like a walnut.
- The Quantum Computing Cybersecurity Preparedness Act (Jan 2023) required them do it.
The report lays out some truths that should be self-evident:
- A comprehensive and ongoing cryptographic inventory is essential for a successful migration to post-quantum cryptography (PQC).
- The threat of “record-now-decrypt-later” attacks means we need to start PQC migration well before a quantum computer capable of breaking current encryption is operational.
- Agencies must prioritize which systems and data need PQC migration first.
- Systems that can’t support PQC algorithms need to be identified as early as possible.
The "strategy", for UA government agencies feels more like guidance - here are the highlights:
- Keep a thorough, ongoing cryptographic inventory—it’s the foundation for successful PQC migration.
- Start migrating to PQC before a quantum computer (CRQC) breaks current encryption (because "record-now-decrypt-later" is a real threat).
- Prioritize which systems and data need PQC first.
- Identify systems that won’t support PQC algorithms early on.
Goal: Migrate prioritized information systems to PQC between 2025 and 2035.
Estimated Cost: $7.1 billion
NIST to the Rescue: They’re already crafting the next-gen algorithms to keep us secure.
Questions:
- When, if ever, will cryptanalytically relevant quantum computer (CRQC) become reality?
- When does the private sector need to start mitigating PQC risk?"
- Which industries are the most at risk (seems like Critical Infrastructure Sectors)?
- Prioritize which systems and data need PQC first.
- Identify systems that won’t support PQC algorithms early on.
#PostQuantum #Cybersecurity #QuantumComputing #FederalGovernment #TechInnovation