President Donald Trump on Monday signed an executive order to strengthen data protection in preparation for the arrival of practical quantum computing.
Executive Order 14409 highlights the threat posed by ‘harvest now, decrypt later’, in which threat actors exfiltrate encrypted data now, intending to crack the encryption later using quantum computers.
The private sector has been taking major steps toward post-quantum cryptography (PQC), including companies such as Google, Dell, and HP. And now the US government is also attempting to establish a clear roadmap and accelerate PQC migration.
The new EO tasks OMB, NIST, NSA, DHS, and CISA with working together to develop and oversee the implementation of comprehensive technical guidance to help federal agencies adopt PQC.
Agencies will have to inventory their high-value assets and high-impact systems and transition them to PQC for key establishment by December 31, 2030, and for digital signatures by December 31, 2031.
The order instructs agencies to designate a PQC migration lead, and the Department of Commerce will run a pilot project until the end of 2027.
“The pilot program will showcase a successful migration by 2027, setting a clear example for agencies to fortify their cyber defenses as quantum technology advances,” the White House said in a fact sheet accompanying Executive Order 14409.
The State Department has been tasked with encouraging and assisting critical infrastructure operators and foreign governments in their PQC transition, while the Pentagon, NASA, and the General Services Administration have been directed to find cost-saving opportunities.
Federal contractors will also be required to comply with NIST standards regarding the use of PQC-compliant algorithms by the end of 2030.
“This executive order sends an unambiguous signal to every organization doing business with the federal government: the clock is ticking and maybe running out for some,” commented Garfield Jones, EVP Strategy and Research at QuSecure.
“The 2030 deadline for key establishment is a tangible compliance deadline, and the gap between where most organizations are today and where they need to be is significant,” Jones added. “Agencies and contractors that haven’t started a cryptographic inventory are already behind. The organizations that move now will have options. The ones that wait will find themselves managing a crisis.”
This comes shortly after President Trump signed an executive order establishing a voluntary framework for federal vetting of frontier AI models before their public release.
Related: Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption
Related: Quantum Bridge Raises $8 Million for Quantum-Safe Key Distribution Solution
Related: Quantum Decryption of RSA Is Much Closer Than Expected
