The impact of NIST’s PQC standardization on the Federal cybersecurity ecosystem
Specifically, this milestone is critical to federal agencies and agency partners who are mandated under NSM-10 to transition to quantum-resistant cryptography by 2035. According to the mandate, some key post-standardization requirements take effect:
-
- Federal civilian agencies must start regular reporting of timelines and plans to make the transition. Federal partners are also advised to prepare themselves to support PQC as soon as possible after the standardization takes place, according to NSA/CISA.
- The Secretary of Commerce will be proposing (within 90 days) a timeline for the deprecation of quantum-vulnerable cryptography standards. The goal will be to move “the maximum number of systems off quantum-vulnerable cryptography” over the next decade.
- Heads of agencies operating or maintaining National Security Systems (NSS) must submit (within one year) an initial plan to transition to quantum-resistant cryptography in all NSS.
This is more than a box-checking exercise, as these standards will take on force of law for federal agencies and agency partners who are mandated under NSM-10 to transition to quantum-resistant cryptography by 2035. Additionally, the PQC algorithms are likely to become “market standard” in the private sector
According to the OMB report delivered to Congress last month, the total government-wide cost required to perform a migration of prioritized information systems to PQC between 2025 and 2035 will be approximately $7.1 billion in 2024 dollars. This total does not include funding for National Security Systems which was to be estimated separately.
Prior to the standardization, NSM-10 discouraged the procurement of any commercial quantum-resistant cryptographic solutions. Now that the initial standardization is complete, federal agencies will be authorized to procure such solutions. The question then becomes, how will these procurements be funded?
Meta warns of looming ‘quantum apocalypse’ for modern encryption, cryptography standards
Sheran Lin, software engineering manager at Meta, said the tech firm is in close collaboration with standardization bodies like NIST, ISO, and IETF to ensure that the post-quantum cryptography (PQC) algorithms are rigorously vetted and standardized.
Lin added that Meta is combining traditional algorithms — namely X25519 and Kyber — to create its post-quantum cryptography (PQC). This results in a hybrid method that ensures Meta’s systems remain secure against both current and future threats.
This would be beneficial for blockchains as well since they are based on the asymmetric cryptography model, which relies on pairs of public and private keys.
Moreover, despite Meta’s efforts to become quantum-ready, transitioning from current cryptographic algorithms to quantum-resistant ones is a time-consuming process that could take years or even decades.
India’s DRDO, TIFR successfully test 6-qubit quantum processor
This achievement marks a crucial step forward in the country’s quantum computing capabilities. The project is a collaborative effort between DYSL-QT, TIFR, and Tata Consultancy Services (TCS). The DYSL-QT team developed the control and measurement apparatus using a combination of off-the-shelf electronics and custom-programmed development boards.
The successful testing of this 6-qubit processor represents a significant milestone in India’s quantum computing journey. It not only demonstrates the country’s growing expertise in this cutting-edge field but also positions India as a potential player in the global quantum technology race.
The next phase of development aims to scale up the number of qubits and assess the challenges associated with larger quantum systems. This includes evaluating technological hurdles, development efforts, and the resources required for creating and commercializing quantum computers of various sizes