Bill Overview
Title: Quantum Computing Cybersecurity Preparedness Act
Description: This bill addresses the migration of executive agencies information technology systems to post-quantum cryptography. Post-quantum cryptography is encryption strong enough to resist attacks from quantum computers developed in the future. Not later than one year after the National Institutes of Standards and Technology has issued post-quantum cryptography standards, the Office of Management and Budget (OMB) shall begin to prioritize the migration of agency information technology systems to post-quantum cryptography. Not later than one year after the date of the enactment of this bill, the OMB shall submit to Congress a report on a strategy to address the risk posed by the vulnerabilities of agency information technology systems to the potential capability of a quantum computer; the funding necessary to secure such information technology systems from the threat posed by adversarial access to quantum computers; and a description of federal coordination efforts to develop standards for post-quantum cryptography, including any federal Information Processing Standards.
Sponsors: Sen. Hassan, Margaret Wood [D-NH]
Target Audience
Population: People using computing systems and encrypted communication worldwide
Estimated Size: 331000000
- The bill focuses on securing information technology systems of government agencies which utilize the personal data of citizens.
- Quantum computing technologies have the potential to impact nearly all industries, including finance, healthcare, and telecommunications, influencing the data protection standards across these fields globally.
- As cyber threats become universal, post-quantum cryptography standards will be implemented worldwide, affecting all users of internet and data processing technologies.
- Migrating to post-quantum cryptography impacts not just government data systems but also sets a precedent for private sector adoption to ensure compatibility and data security.
Reasoning
- The policy mainly impacts IT professionals and individuals in roles connected to cybersecurity and data protection. Thus, their perspectives are crucial as they will be directly involved in implementing the migration to post-quantum cryptography.
- Everyone in the US benefits indirectly from this policy as it enhances the security of government systems that store personal data belonging to millions of citizens.
- People in high-tech industries or educational institutions focused on computing might be more concerned or aware of the implications of quantum computing and cybersecurity than other industries.
- Given the long-term nature of the threat from quantum computing, the impact might not be immediately visible to some people, balancing the perceived urgency of the policy.
- Budget constraints of $1.5 billion USD in year 1 mainly cover the initial adjustments necessary for migration, while the $9.4 billion over 10 years suggests a sustained effort, potentially leading to gradual and perceptible increases in national security.
Simulated Interviews
Cybersecurity Analyst (San Francisco, CA)
Age: 45 | Gender: female
Wellbeing Before Policy: 7
Duration of Impact: 20.0 years
Commonness: 7/20
Statement of Opinion:
- This policy is crucial for national security given the rapid advancements in quantum computing.
- Immediate effects might not be visible, but the long-term benefits are significant.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 7 | 7 |
| Year 3 | 8 | 7 |
| Year 5 | 9 | 6 |
| Year 10 | 9 | 5 |
| Year 20 | 9 | 3 |
Software Developer (Austin, TX)
Age: 30 | Gender: male
Wellbeing Before Policy: 8
Duration of Impact: 5.0 years
Commonness: 6/20
Statement of Opinion:
- I don't see a direct impact on my personal work, but it might push our company to consider stronger encryption practices.
- Personally, I am interested in the technological advancement it brings.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 8 |
| Year 2 | 8 | 8 |
| Year 3 | 8 | 8 |
| Year 5 | 9 | 8 |
| Year 10 | 9 | 8 |
| Year 20 | 9 | 7 |
Retired Teacher (Providence, RI)
Age: 55 | Gender: female
Wellbeing Before Policy: 6
Duration of Impact: 10.0 years
Commonness: 10/20
Statement of Opinion:
- I'm glad the government is taking steps to protect our data, but it's hard to see how this directly affects me right now.
- I trust that this will make online transactions safer in the future.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 6 |
| Year 2 | 7 | 6 |
| Year 3 | 7 | 6 |
| Year 5 | 8 | 6 |
| Year 10 | 8 | 5 |
| Year 20 | 7 | 4 |
Computer Science Student (New York, NY)
Age: 22 | Gender: male
Wellbeing Before Policy: 7
Duration of Impact: 15.0 years
Commonness: 5/20
Statement of Opinion:
- I am excited about quantum technologies and understand the importance of staying ahead in cybersecurity.
- This will likely influence my career path and academic focus.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 7 |
| Year 2 | 8 | 7 |
| Year 3 | 8 | 7 |
| Year 5 | 9 | 7 |
| Year 10 | 9 | 6 |
| Year 20 | 9 | 5 |
Government Contractor (Seattle, WA)
Age: 40 | Gender: male
Wellbeing Before Policy: 7
Duration of Impact: 10.0 years
Commonness: 8/20
Statement of Opinion:
- The policy will create more work and job security for me and my colleagues.
- It shows that the government is planning ahead, which is promising.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 7 |
| Year 2 | 8 | 7 |
| Year 3 | 8 | 7 |
| Year 5 | 9 | 7 |
| Year 10 | 9 | 6 |
| Year 20 | 8 | 5 |
Healthcare Professional (Miami, FL)
Age: 29 | Gender: female
Wellbeing Before Policy: 6
Duration of Impact: 10.0 years
Commonness: 9/20
Statement of Opinion:
- Although my work is not directly impacted, protecting patient data is crucial.
- I see an indirect benefit as healthcare systems secure their data against future threats.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 7 | 6 |
| Year 3 | 7 | 6 |
| Year 5 | 8 | 6 |
| Year 10 | 8 | 5 |
| Year 20 | 7 | 4 |
Retired Engineer (Chicago, IL)
Age: 65 | Gender: male
Wellbeing Before Policy: 5
Duration of Impact: 5.0 years
Commonness: 8/20
Statement of Opinion:
- I'm happy to see the government taking proactive steps.
- However, I doubt I'll directly see the effects, being retired.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 5 | 5 |
| Year 2 | 5 | 5 |
| Year 3 | 6 | 5 |
| Year 5 | 6 | 5 |
| Year 10 | 6 | 4 |
| Year 20 | 5 | 3 |
Financial Analyst (Los Angeles, CA)
Age: 37 | Gender: female
Wellbeing Before Policy: 7
Duration of Impact: 8.0 years
Commonness: 6/20
Statement of Opinion:
- Increased security in government could lead to better standards in finance.
- I'm optimistic about the potential tech investments.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 8 | 7 |
| Year 3 | 8 | 7 |
| Year 5 | 9 | 6 |
| Year 10 | 9 | 5 |
| Year 20 | 8 | 4 |
Entrepreneur (Atlanta, GA)
Age: 34 | Gender: other
Wellbeing Before Policy: 6
Duration of Impact: 5.0 years
Commonness: 7/20
Statement of Opinion:
- This could lead to pressure on small businesses to upgrade too.
- I'll have to keep up with encryption trends to protect client data.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 7 | 6 |
| Year 3 | 7 | 6 |
| Year 5 | 8 | 6 |
| Year 10 | 8 | 5 |
| Year 20 | 7 | 4 |
Bank IT Manager (Charlotte, NC)
Age: 50 | Gender: male
Wellbeing Before Policy: 7
Duration of Impact: 15.0 years
Commonness: 5/20
Statement of Opinion:
- A federal mandate sets a benchmark that banks often follow.
- This aligns with our internal discussions on quantum threats.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 7 |
| Year 2 | 8 | 7 |
| Year 3 | 9 | 7 |
| Year 5 | 9 | 6 |
| Year 10 | 9 | 5 |
| Year 20 | 8 | 4 |
Cost Estimates
Year 1: $1500000000 (Low: $1200000000, High: $1800000000)
Year 2: $1300000000 (Low: $1000000000, High: $1600000000)
Year 3: $1100000000 (Low: $900000000, High: $1400000000)
Year 5: $900000000 (Low: $700000000, High: $1100000000)
Year 10: $600000000 (Low: $500000000, High: $800000000)
Year 100: $50000000 (Low: $40000000, High: $60000000)
Key Considerations
- The rapid development of quantum computing technology which necessitates immediate advancements in cryptography to secure data.
- The potential high initial costs associated with upgrading nationwide infrastructure to support post-quantum cryptography.
- The probability that adversaries could quickly develop quantum capabilities that could compromise current encryption standards.