The Government Accountability Office recommends that the National Cyber Director take the lead in coordinating the U.S. strategy in quantum computing cybersecurity.
Table of Contents
Lack of Coordinating Federal Agency
The government watchdog made the proposal in a recent report, released Thursday, where it was pointed out that within the next decade or two, a quantum computer may be developed that is capable of overcoming the cryptography being used to secure systems and data. Despite the threat posed by such a computer — known as a cryptographically relevant quantum computer, or CRQC — no single agency is tasked with coordinating the various efforts across the U.S. government that is being undertaken to build up a national strategy.
Strategy Objectives & Characteristics
According to GAO, a national quantum computing cybersecurity strategy would have three objectives, namely: the standardization of post quantum cryptography, or PQC; the migration of federal systems to PQC; and the preparation of all sectors for PQC. Such a strategy should also feature three desirable characteristics, namely: it offers a definition of the problem and a risk assessment; it articulates its purpose, scope and methodology; and it lists objectives, activities, milestones and performance measures.
GAO notes that due to the lack of a singular coordinating federal agency, these characteristics are not fully addressed in the multiple documents that comprise the emerging U.S. national strategy for quantum cybersecurity.
“If the [Office of the National Cyber Director] embraces this role and ensures that the strategy fully addresses the desirable characteristics, the nation will have a better-defined roadmap for allocating resources and holding participants accountable,” GAO said in its report.