Bill Overview
Title: Quantum Computing Cybersecurity Preparedness Act
Description: This act addresses the migration of executive agencies' information technology systems to post-quantum cryptography. Post-quantum cryptography is encryption strong enough to resist attacks from quantum computers developed in the future. The act does not apply to national security systems. The Office of Management and Budget (OMB) shall issue guidance on the migration of information technology to post-quantum cryptography. Each executive agency must maintain an inventory of all information technology in use by the executive agency that is vulnerable to decryption by quantum computers. After the National Institutes of Standards and Technology (NIST) has issued post-quantum cryptography standards, the OMB shall issue guidance requiring each executive agency to develop a plan to migrate information technology of the agency to post-quantum cryptography. OMB shall submit to Congress a report on a strategy to address the risk posed by the vulnerabilities of information technology of executive agencies to weakened encryption due to the potential and possible capability of a quantum computer to breach such encryption; the funding needed by executive agencies to secure such information technology from the risk posed by an adversary of the United States using a quantum computer to breach the encryption; and a description of federal civilian executive branch coordination efforts led by NIST, including timelines, to develop standards for post-quantum cryptography.
Sponsors: Rep. Khanna, Ro [D-CA-17]
Target Audience
Population: global population with digital data potentially vulnerable to quantum computing attacks
Estimated Size: 335000000
- The bill aims to enhance cybersecurity in executive agencies by preparing for the advent of quantum computing.
- This impacts the executive branch of the US government, its agencies, and indirectly, all individuals whose data might be stored or processed by these agencies.
- Quantum computers, although not yet mainstream, have the potential to break current cryptographic methods, posing a future threat to data security and privacy globally.
- Agencies are required to transition to post-quantum cryptography, impacting IT professionals and related workers in these agencies who will need to implement and manage this change.
- This impacts the security industry worldwide by setting a precedent and standard for post-quantum cryptographic practices.
Reasoning
- The policy is focused on the long-term improvement of cybersecurity infrastructure within US federal agencies, which indirectly benefits the American population by safeguarding their data.
- The average citizen may not directly notice immediate changes in their wellbeing due to this policy, especially since quantum computing threats are not immediate.
- IT professionals and federal employees in agencies may experience increased workload and responsibility as they adapt to new post-quantum cryptography standards.
- The policy primarily impacts the security framework at a government level, so the individual wellbeing impact may be limited or negligible for those outside of this circle.
- Allocating budget and resources effectively is crucial to ensure that the policy is implemented without disrupting existing operations within these agencies.
Simulated Interviews
Federal IT Manager (Washington, D.C.)
Age: 45 | Gender: female
Wellbeing Before Policy: 7
Duration of Impact: 15.0 years
Commonness: 5/20
Statement of Opinion:
- I'm optimistic about enhancing security protocols to stay ahead of potential threats.
- The transition to post-quantum cryptography means more work and training for our team, but it's crucial.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 6 |
| Year 2 | 7 | 6 |
| Year 3 | 8 | 6 |
| Year 5 | 8 | 6 |
| Year 10 | 9 | 7 |
| Year 20 | 9 | 7 |
Software Developer (San Jose, California)
Age: 35 | Gender: male
Wellbeing Before Policy: 8
Duration of Impact: 10.0 years
Commonness: 7/20
Statement of Opinion:
- This is a progressive move towards enhancing cybersecurity.
- Post-quantum cryptography will open new avenues for software development.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 8 |
| Year 2 | 8 | 8 |
| Year 3 | 8 | 8 |
| Year 5 | 8 | 8 |
| Year 10 | 9 | 8 |
| Year 20 | 9 | 8 |
Oil Industry Executive (Houston, Texas)
Age: 50 | Gender: male
Wellbeing Before Policy: 6
Duration of Impact: 5.0 years
Commonness: 10/20
Statement of Opinion:
- I understand the need for such policies nationally, but our industry is not directly affected yet.
- It's good to have government lead with proactive measures.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 6 | 6 |
| Year 3 | 6 | 6 |
| Year 5 | 6 | 6 |
| Year 10 | 6 | 6 |
| Year 20 | 6 | 6 |
Retired Teacher (New York, New York)
Age: 60 | Gender: female
Wellbeing Before Policy: 7
Duration of Impact: 0.0 years
Commonness: 15/20
Statement of Opinion:
- While I appreciate data security, not much changes for me directly.
- It's a relief to know that stronger measures are being taken for our data protection.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 7 | 7 |
| Year 3 | 7 | 7 |
| Year 5 | 7 | 7 |
| Year 10 | 7 | 7 |
| Year 20 | 7 | 7 |
Cybersecurity Analyst (Chicago, Illinois)
Age: 28 | Gender: other
Wellbeing Before Policy: 6
Duration of Impact: 20.0 years
Commonness: 6/20
Statement of Opinion:
- This is an exciting field to work in, and I'm glad the federal government is prioritizing it.
- I look forward to applying new skills and learning post-quantum cryptography.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 6 |
| Year 2 | 8 | 6 |
| Year 3 | 8 | 6 |
| Year 5 | 9 | 6 |
| Year 10 | 9 | 7 |
| Year 20 | 9 | 7 |
Public Policy Advisor (Atlanta, Georgia)
Age: 40 | Gender: female
Wellbeing Before Policy: 7
Duration of Impact: 10.0 years
Commonness: 4/20
Statement of Opinion:
- This move is imperative for national security and should set a global standard.
- It serves as a proactive step to future-proof governmental operations.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 7 | 7 |
| Year 3 | 8 | 7 |
| Year 5 | 8 | 7 |
| Year 10 | 8 | 7 |
| Year 20 | 8 | 7 |
Small Business Owner (Los Angeles, California)
Age: 55 | Gender: male
Wellbeing Before Policy: 5
Duration of Impact: 2.0 years
Commonness: 12/20
Statement of Opinion:
- I trust the government to protect national interests, but I wish more help was given to small businesses like mine.
- Quantum computing is not on my immediate list of worries.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 5 | 5 |
| Year 2 | 5 | 5 |
| Year 3 | 5 | 5 |
| Year 5 | 5 | 5 |
| Year 10 | 5 | 5 |
| Year 20 | 5 | 5 |
Data Scientist (Seattle, Washington)
Age: 32 | Gender: female
Wellbeing Before Policy: 8
Duration of Impact: 10.0 years
Commonness: 8/20
Statement of Opinion:
- Ensuring secure data handling is crucial, and going quantum-proof is a necessary next step.
- This policy reinforces my work and provides a new framework to operate within.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 8 | 7 |
| Year 3 | 8 | 7 |
| Year 5 | 8 | 7 |
| Year 10 | 9 | 8 |
| Year 20 | 9 | 8 |
Government Contractor (Philadelphia, Pennsylvania)
Age: 48 | Gender: male
Wellbeing Before Policy: 6
Duration of Impact: 15.0 years
Commonness: 5/20
Statement of Opinion:
- Enhancing cybersecurity through government contracts is beneficial for our business.
- This policy encourages innovation and preparedness in the tech field.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 6 |
| Year 2 | 8 | 6 |
| Year 3 | 9 | 6 |
| Year 5 | 9 | 7 |
| Year 10 | 9 | 7 |
| Year 20 | 9 | 7 |
Academic Researcher (Boston, Massachusetts)
Age: 42 | Gender: female
Wellbeing Before Policy: 7
Duration of Impact: 10.0 years
Commonness: 3/20
Statement of Opinion:
- I'm excited to see government policies aligning with quantum research.
- This could direct more funding and urgency towards practical quantum-resistant solutions.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 7 |
| Year 2 | 8 | 7 |
| Year 3 | 8 | 7 |
| Year 5 | 8 | 7 |
| Year 10 | 9 | 7 |
| Year 20 | 9 | 7 |
Cost Estimates
Year 1: $150000000 (Low: $120000000, High: $200000000)
Year 2: $160000000 (Low: $130000000, High: $210000000)
Year 3: $170000000 (Low: $140000000, High: $220000000)
Year 5: $200000000 (Low: $160000000, High: $250000000)
Year 10: $300000000 (Low: $250000000, High: $400000000)
Year 100: $0 (Low: $0, High: $0)
Key Considerations
- Post-quantum cryptography standards are still evolving, which could lead to changes in cost estimates as standards are solidified.
- There is uncertainty regarding the timeline of when quantum computers will become a significant threat, which can affect urgency and spending levels.
- Coordination across multiple federal agencies is complex and may increase implementation costs.