The U.S. Government Accountability Office says leadership is needed to fully define quantum threat mitigation strategy.
A new report released by the agency emphasizes the urgent need for comprehensive federal leadership to address the emerging cybersecurity risks posed by quantum computing, warning that without prompt and coordinated action, adversarial nations might exploit quantum technology to undermine national security.
“It is important for the Office of the National Cyber Director to act on our recommendation now for several reasons,” Marisol Cruz Cain, director with GAO’s Information Technology and Cybersecurity team, wrote in an email to The Center Square. “Adversaries could copy data protected by cryptography today and store it with the intention of accessing it later once a cryptographically relevant quantum computer is developed.”
The director is also the lead author of The Future of Cybersecurity.
“The key to successful migrations is to start planning now and not wait until a CRQC is on the horizon,” Cain wrote. “A fully comprehensive strategy will provide agencies with more clarity on their responsibilities and the common outcomes they are aiming to achieve. It will also provide the nation a better-defined roadmap for allocating and managing resources and holding participants accountable for achieving results.”
A cryptographically relevant quantum computer is a quantum computer that can run algorithms to crack or weaken existing cryptography.
Quantum computing is a rapidly advancing technology that has the potential to solve complex problems at an unprecedented speed, which also poses significant risks in today’s cybersecurity.
The report says various documents have been developed over the past eight years that have contributed to an emerging U.S. national quantum computing cybersecurity strategy. The Government Accountability Office has identified three goals moving forward.
The first goal is to standardize post-quantum cryptography, the second would be to migrate federal systems to that cryptography, and the third would encourage all sectors of the economy to prepare for the threat.
The report identifies gaps in federal agency preparedness and a lack of clear leadership to oversee the transition to quantum-safe systems, as “No single federal organization is responsible for the U.S. strategy’s coordination.”
While agencies like the National Institute of Standards and Technology have taken necessary steps to develop quantum-resistant cryptographic standards, the report found inconsistencies in how federal agencies implement recommendations.
The Government Accountability Office says national strategies should ideally contain six characteristics:
• Purpose, scope, and methodology.
• Problem definition and risk assessment.
• Objectives, activities, milestones, and performance measures.
• Resources, investments, and risk management.
• Organizational roles, responsibilities, and coordination.
• Implementation and integration.
According to the report, the accountability office was asked to investigate the federal government’s strategy for addressing threats posed by quantum computers to the nation’s cryptography.
The current encryption methods are designed to secure sensitive data, but unfortunately, could potentially become vulnerable to future efforts of quantum-enabled decryption in the future.
The report also stresses that the federal government will need to act swiftly to implement quantum-resistant cryptography in order to ensure that those critical systems would remain secure.
According to the report, “some experts predict that a quantum computer capable of breaking certain cryptography – referred to as a cryptographically relevant quantum computer – may be developed in the next 10 to 20 years.”
The agency also identified challenges in workforce development and noted a shortage of professionals with expertise in quantum computing and cybersecurity, suggesting federal agencies invest in training programs and collaborate with private sector leaders to ensure a skilled future workforce that is ready to tackle any quantum-related threats.
The report serves as a roadmap for quantum threat mitigation and outlines ways the federal government could appoint a centralized leadership body to oversee the implementation of quantum-safe measures.
The report also calls for increased funding for quantum research and development and stronger public-private partnerships to address other vulnerabilities while also emphasizing that proactive leadership is critical to ensuring the United States remains at the forefront of cybersecurity in the quantum era.
