About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

GAO-25-107703 1 (2024-11-21)

handle is hein.gao/gaorcm0001 and id is 1 raw text is: Why This Matters Key Takeaways Federal agencies and our nation's critical infrastructure-such as energy, transportation systems, communications, and financial services-are dependent on technology systems and electronic data to provide essential services and to process, maintain, and report vital information. Agencies and critical infrastructure owners and operators rely on cryptography (e.g., encryption) to protect sensitive systems and data. However, the emergence of quantum computers could undermine the security of widely used cryptographic methods. Some experts predict that a quantum computer capable of breaking certain cryptography-referred to as a cryptographically relevant quantum computer (CRQC)-may be developed in the next 10 to 20 years, putting agency and critical infrastructure systems that rely on cryptography for security at risk. Furthermore, adversaries could copy data protected by cryptography today and store it with the intention of accessing it later once a CRQC is developed. We were asked to examine the federal government's strategy to address the threat that quantum computers pose to cryptography on unclassified systems. This report provides information on how cryptographic methods protect systems and data, the threat quantum computers pose, strategies that international organizations have established to address this threat, and the U.S. national quantum computing cybersecurity strategy and the extent to which it addresses the desirable characteristics of a national strategy. * Various documents developed over the past eight years have contributed to an emerging U.S. national quantum computing cybersecurity strategy. Based on our review of these documents, we identified three central goals: (1) standardize post-quantum cryptography, (2) migrate federal systems to that cryptography, and (3) encourage all sectors of the economy to prepare for the threat. * The U.S. strategy documents partially address the desirable characteristics of a national strategy, as identified in prior GAO work. For example, with respect to the objectives, activities, milestones, and performance measures characteristic, the strategy documents identified objectives and activities for the first two goals but not for the third. In addition, the strategy documents did not fully identify milestones for the second and third goals and did not identify performance measures for any of the three goals. Page 1 GAO-25-107703 Quantum Cybersecurity Strategy Page 1 GAO-25-107703 Quantum Cybersecurity Strategy

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Contact us for annual subscription options:

Contact Us

Already a HeinOnline Subscriber?

Log In

profiles profiles most