Securing the Nation Against Advanced Cryptographic Attacks
4 hours ago
- #quantum cryptography
- #federal cybersecurity
- #executive order
- Executive Order 14409 addresses the threat posed by large-scale quantum computers to cryptographic security systems and the risk of adversaries collecting and later decrypting U.S. information.
- It establishes a policy to transition Federal information systems to NIST-approved Post-Quantum Cryptography (PQC) standards and assist critical infrastructure owners in their transitions.
- Key definitions include terms like 'critical infrastructure,' 'high impact system,' 'PQC,' and 'PQC migration lead' for clarity in implementation.
- Coordination of the PQC transition is led by the Director of OMB and the National Cyber Director, with technical guidance from the Secretary of Commerce through NIST and the Secretary of Homeland Security through CISA.
- Agencies must identify a PQC migration lead within 30 days and develop plans to transition high value assets and high impact systems to PQC for key establishment by December 31, 2030, and for digital signatures by December 31, 2031.
- NIST will initiate a pilot project for PQC migration within 180 days to be completed by December 31, 2027.
- Sector Risk Management Agencies will assist critical infrastructure owners, and the Secretary of State will engage foreign governments to encourage PQC adoption.
- Procurement efforts include identifying cost-saving opportunities, revising validation processes for cryptographic modules, and amending Federal Acquisition Regulations to require contractor compliance with PQC standards by 2030.
- The order includes general provisions stating it does not impair existing authorities, is subject to appropriations, and does not create enforceable rights.