WASHINGTON, DC – U.S. Senators Rob Portman (R-OH), Ranking Member of the Senate Homeland Security and Governmental Affairs Committee, and Maggie Hassan (D-NH) announced today that their bipartisan Quantum Computing Cybersecurity Preparedness Act has been signed into law. The law will strengthen national security by preparing the federal government’s defenses against quantum-computing-enabled data breaches. As quantum computers, including those being developed by our adversaries, continue to get more powerful and more widely available, federal agencies must proactively work to ensure that federal cybersecurity protections remain up to date.
“Quantum computing will provide for huge advances in computing power, but it will also create new cybersecurity challenges,” said Ranking Member Portman. “I’m proud our bipartisan legislation to require the government to inventory its cryptographic systems, determine which are most at risk from quantum computing, and upgrade those systems accordingly is now law of the land.”
“To strengthen our national security, it is essential that we address potential vulnerabilities in our cybersecurity systems, including new threats presented by quantum computing,” said Senator Hassan. “This law will help ensure that our federal government is ready to defend our country against data breaches that could be exploited by quantum computing. I was glad to work with members of both parties to get this law across the finish line, and I will continue working to strengthen our county’s cyber defenses.”
The Quantum Computing Cybersecurity Preparedness Act will:
- Require the Office of Management and Budget (OMB) to prioritize the acquisition and migration of federal agencies’ information technology to post-quantum cryptography;
- Instruct OMB to create guidance for federal agencies to assess critical systems one year after the National Institute of Standards and Technology (NIST) issues planned post-quantum cryptography standards;
- Direct OMB to send an annual report to Congress that includes a strategy on how to address post-quantum cryptography risks, the funding that might be necessary, and an analysis on whole-of-government coordination and migration to post-quantum cryptography standards and information technology.