IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

CISA to Address State, Local Government Quantum Readiness

A new memorandum instructs CISA to “engage with” state and local governments by late fall about quantum computing risks. Federal officials, meanwhile, are looking for new ways to build a quantum-focused workforce.

Strategy,Ideas,Concept,Business,Futuristic,Graphic,Icon,And,Golden,Chess
Shutterstock
The U.S. is homing in on the opportunities and risks presented by quantum computing and quantum information sciences, and federal officials are preparing to engage state and local partners on this journey.

A May 4 memorandum instructs federal agencies to reach out to state and local governments this fall about preparing for the threats that will come once quantum computers become powerful enough to crack some of today’s widely used encryption methods.

The memorandum also instructs the U.S. to launch educational and workforce development efforts to ensure the nation has the talent pool needed to benefit from quantum technologies.

Federal officials from the National Security Council and Office of Science and Technology Policy (OSTP) dug into some of the details and implications during a May 16 panel from the national security policy think tank Center for Strategic and International Studies (CSIS).

ENCRYPTION AT RISK


The National Security Memorandum (NSM) set a timeline of steps for promoting the kind of innovation and research needed to keep the U.S. competitive in the quantum sector, while also attending to security needs. It warns that quantum computers are expected to one day be so sophisticated that they can break most public key encryption, introducing threats to “cyber, economic, and national security” — unless organizations are prepared.

Public key encryption is currently used to secure digital communications, many online financial transactions and critical infrastructure’s supervisory systems and control systems, the NSM warned. DHS officials previously told GovTech that they are preparing in case quantum computers capable of besting this encryption emerge as soon as 2030.

The National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) are working on technical standards for cryptography methods intended to withstand even quantum computers, and they are due to release their first standards publicly in 2024.

State and local agencies will need to transition over to those forthcoming cryptographic methods if they want to keep their data safe.

This is likely to be a long process, however, so organizations should start soon, said Charles Tahan, OSTP’s assistant director for Quantum Information Science and director of the National Quantum Coordination Office.

“We know that moving to a new cryptographic system can take 10 years or more if you do it right,” Tahan said during the CSIS panel.

GETTING PREPARED


Agencies have plenty of immediate concerns competing for their attention, but it would be a mistake not to plan for this threat coming down the horizon, said Jonah Force Hill, director of cyber and emerging technology policy for the National Security Council, during the panel.

Many organizations will have their work cut out for them just identifying all the parts of their systems that use the threatened public key encryption methods, Hill said. Organizations also must decide which data to prioritize when implementing the new encryption methods.

“It may sound easy: ‘We’ve got a new standard, just replace the old standard,’ but that is incredibly difficult and not all organizations are going to be able to do it at the same pace,” Hill said.

Hackers also aren’t waiting around for quantum computing advancements; malicious actors are believed to be working today to steal encrypted information that they can then hold onto until computing advancements allow them to decrypt it.

Agencies, therefore, need to consider what information will still be sensitive by the time cryptographically relevant quantum computing is expected to emerge and make plans to protect it, said Hill.

“If you know the information is going to still be sensitive and secret in 20 years, then you need to start thinking about, ‘How do I identify and prioritize securing that data now or as soon as possible?’” Hill said.

Once vulnerable encryptions are identified and priorities set, organizations will be in a stronger position to adopt the quantum-resistant cryptography standards shortly after they’re released.

FEDERAL SUPPORT


Federal agencies plan to partner with state, local, tribal and territorial ones, as well as with private industry and academia to foster quantum technology developments and use of quantum-resistant cryptography, per the NSM. The Cybersecurity and Infrastructure Security Agency (CISA) has 180 days from the memorandum’s release (until late October 2022) to connect with state and local agencies and critical infrastructure entities about “the risks posed by quantum computers.”

CISA will also report annually to the National Cyber Director and other federal offices on ideas for how to help state and local partners more quickly transition over to quantum-proof encryption.

Many state and local governments will be wrestling with legacy systems, which can be particularly hard to update — a problem if those systems have public key encryption “baked in.” Hill said organizations like state and local governments may need more than just an awareness campaign to help them transition, such as financial support and technological assistance.

Federal officials are focused on another security concern, too: keeping the U.S.’s innovations out of the hands of adversary nations. The NSM outlines concerns that rival foreign actors might infiltrate U.S.-based quantum technology programs and steal trade secrets and sensitive intellectual property. The NSM calls for awareness campaigns to alert state, local and other partners about the significance of insider threats, important cybersecurity steps and other concerns.

BUILDING A QUANTUM WORKFORCE


The U.S. also looks to develop a workforce with strong quantum information science skills, to be ready for what the future brings. One piece of that will be encouraging youth to develop this knowledge.

“We’re not familiar and comfortable with quantum mechanics, because we don’t experience it in our daily lives,” unlike classical physics, which we experience constantly, Tahan said.

But this could change. Tahan believes introducing children to the principles of quantum mechanics — and in a fun way — can help the next generation get familiar and comfortable with these concepts early on, making the field feel more intuitive.

Quantum mechanics involves a few core principles that students need to learn to wrap their minds around, and games that infuse these principles into their rules can get students used to this different kind of thinking, he said.

The California Institute of Technology (Caltech), for example, developed a quantum chess game, as part of World Quantum Day, where players can make moves based on principles like superposition and entanglement.

“For example, players can decide to split their kings into a state of superposition, such that one king piece exists on two squares at once,” Caltech explains in an article. “If one player tries to capture their opponent’s superposed king on one of the two squares, then there is only a 50 percent chance the king is actually there.”
Jule Pattison-Gordon is a senior staff writer for Governing and former senior staff writer for Government Technology, where she'd specialized in cybersecurity. Jule also previously wrote for PYMNTS and The Bay State Banner and holds a B.A. in creative writing from Carnegie Mellon. She’s based outside Boston.