New legislation advocates safeguarding U.S. online networks with quantum-resistant encryption as a preemptive cybersecurity measure.
Even the top countries pursuing quantum technology are several years out from a viable quantum computer, but Rep. Nancy Mace, R-S.C., has called on Congress to set standards today that will protect data against such technology in the future.
Set against the backdrop of large-scale hacks on critical U.S. infrastructure, such as the SolarWinds and the Colonial Oil Pipeline, leaders in the public and private industries are taking preemptive steps to protect networks from hackers using powerful quantum algorithms to access data stored on conventional computers systems.
The hackers too, are looking to the future, capturing data that they can’t decrypt now, so they can put it to quantum-enabled encryption breaking software once it becomes available.
Mace and two other House lawmakers introduced bipartisan legislation Monday, called the Quantum Computing Cybersecurity Preparedness Act, aimed at preparing the federal government’s networks for a large scale shift into post-quantum cryptography standards.
“When it comes to cyber [security], when it comes to quantum computing…we need to make sure that we have a governmentwide strategy with regards to…quantum technology, quantum cryptography, you know, to secure our data and the data of people in our country,” Mace told Nextgov.
She is one of the bill’s primary sponsors, along with Reps. Ro Khanna, D-Calif., and Gerry Connolly, D-Va. Seeing cybersecurity as the new defense frontier, Mace regards her bill as vital preparation to help usher in the software upgrades needed to protect critical data infrastructure from being subject to quantum hacking.
The bill would mandate regulatory agencies to craft a new federal approach to modernization and stay ahead of developing quantum technology. Part of this is setting new device standards through the National Institutes of Standards and Technology for both public and private entities to avoid falling victim to quantum decryption of sensitive digital information.
“It's really…understanding what the private sector challenges are, and where the government can be most helpful…in protecting that data and giving companies the resources that they need to combat what is happening by actors who want to do us harm,” she said.
The adversaries Mace mentioned primarily include China and Russia, with both nations being listed as a main rival in the U.S.’s quantum research and development race. Russia’s continued attack on Ukraine—both physically and in cyberspace—also heightens sentiment on the Hill to take early steps in preventing advanced cyberattacks on U.S. systems.
Crucial to this effort is ensuring government and private offices are capable of making the migration to post-quantum cryptography to withstand any preemptive quantum hacks.
While some experts estimate that the world is roughly seven to 10 years away from a functional quantum computer, Mace notes that enabling a nationwide digital overhaul to quantum algorithmic encryption will be “a challenge,” which warrants preemptive encryption updates amid the sharp uptick in hacking and ransomware assaults.
“Sometimes our government––the way that our…regulations are, the way that our policies are––we don't give businesses a leg up and give them the room to build out the assets and technology that they need to continue to protect consumer data going forward,” she said.
While NIST and the Office of Management and Budget are the two agencies that would be tasked with helming the post-quantum guidance for all digital networks within federal agencies, Mace believes that fundamentally all agencies will have to develop some expertise in quantum cybersecurity.
Some agencies, namely the Department of Homeland Security, have already taken steps parallel to the bill by issuing roadmaps to fortify computer networks against quantum algorithmic hacking.
“This is going to be an issue that all of our cyber professionals need to be well versed in,” she said, noting that private sector firms employ the strategy of rotating experts between companies to learn from each other, something lawmakers want to see in the government.
The bill has garnered support from major private companies with a hand in developing quantum technologies, including IBM, Google, QuSecure, Maybell Quantum and Quantinuum.
“We've got to be ready for the future,” she said. “We've got to be prepared.”