The US government is pushing federal contractors to bolster their encryption protocols in response to the impending threat posed by quantum computing. Starting in July 2024, the National Institute for Standards and Technology (NIST), part of the Department of Commerce, will specify three encryption algorithms that are deemed robust enough to protect data from quantum computer attacks. These new standards are set to establish an internationally recognized benchmark aimed at helping organizations manage evolving cybersecurity threats. This move marks the beginning of a transition to next-generation cryptography, as highlighted by White House deputy national security adviser Anne Neuberger during an event at the University of Cambridge.
Quantum computers, which perform calculations in parallel rather than sequentially, could potentially render current encryption systems obsolete. Although a fully operational quantum computer capable of breaking existing encryption does not yet exist, the US and UK governments are proactively addressing the risk. In a unanimous vote in 2022, the US Senate passed a bill addressing the quantum threat to cryptography, giving government agencies the authority to mandate compliance with NIST’s standards. Contractors working with the US government will be required to meet these new encryption standards by 2035, although certain sensitive projects may necessitate earlier adoption.
The initiative reflects a broader recognition of the significant cybersecurity challenges posed by quantum computing. At the Cambridge event, Neuberger emphasized the importance of preemptive action to safeguard national security secrets and maintain the integrity of online transactions and communications. UK officials, including Anne Keast-Butler of GCHQ and Ollie Whitehouse from the National Cyber Security Centre, also expressed support for adopting NIST’s standards. This collaborative effort underscores the critical need for robust encryption to protect against future quantum threats and ensure the security of sensitive information.
