Sen. Marsha Blackburn, R-Tenn., endorsed an aggressive effort by U.S. policymakers to help governments and businesses adapt to a future where quantum computers can break most standard forms of encryption. She also confirmed key details of a White House initiative on quantum technology previously reported by CyberScoop, while also promoting her own legislation on quantum migration and related strategies.

Blackburn, chair of the Senate Commerce, Science and Transportation Subcommittee on Consumer Protection, Technology, and Data, told audiences at a Wednesday event hosted by Politico that such an effort is needed to ensure that American technology is prepared well in advance for the shift and to counter potential threats from countries like Russia, China, Iran and North Korea.

Blackburn said lawmakers are asking questions about these countries such as, “What type of development are they doing? What kind of experimentation are they doing? And what is the expectation of those applications?”

“Now those are answers that we don’t know, so it is up to us to say, ‘how do we best prepare ourselves and how do we make certain that China is not going to lead this emerging tech space by 2049 — which is their goal — and how do we [combat] that?’” Blackburn said. 

When asked about reports that the White House was planning its own slate of executive actions, Blackburn confirmed elements of that push, saying Michael Kratsios, director of the White House Office of Science, Technology and Policy, and White House crypto and AI czar David Sacks are doing “a tremendous job.” Kratsios  is among the White House officials leading the federal quantum effort, in tandem with the Commerce Department and the Office of Management and Budget, sources told CyberScoop last month.

However, Blackburn did not provide a timeline for any formal rollout by the administration, and promoted legislation like the National Quantum Cybersecurity Migration Strategy Act she co-sponsored with Sen. Gary Peters, D-Mich., as a vehicle for speeding up federal quantum migration strategies.

That bill would mandate that federal agencies move at least one high-risk information system to quantum-resistant encryption by Jan 1, 2027.

“You look at agencies like the IRS … you look at [the Department of Defense] and some of the cyber implications and you say, ‘OK, this makes sense,’” Blackburn said. “So, what we are trying to do is push them to move forward and not say, ‘well, we’ll get around to that later.’”

She characterized the White House initiative as focused on strengthening the quantum workforce, increasing commercial sector involvement, and ensuring strong security and encryption is in place to deal with threats from China and other adversaries.

“That I feel is more of the definition of how the White House sees this as moving forward,” Blackburn said.

Blackburn is leading or co-sponsoring several other quantum-related bills on the Hill, including the Defense Quantum Acceleration Act, which would require DOD to develop a strategic quantum roadmap, the Quantum Sandbox for Near-Term Applications Act, which would create a sandbox environment for quantum computing experimentation housed within the National Institute for Standards and Technology, and the Advancing Quantum Manufacturing Act, which would create a federal institute for quantum manufacturing.

The post GOP senator confirms pending White House quantum push, touts legislative alternatives appeared first on CyberScoop.

In August 2024, the National Institute of Standards and Technology published its first set of post-quantum cryptography (PQC) standards, the culmination of over seven years of cryptographic scrutiny, review and competition. 

As the standards were announced, the implications for cybersecurity leaders were clear: The U.S. government must re-secure its entire digital infrastructure — from battlefield systems to tax records — against adversaries preparing to use quantum computers to break our encryption.

This isn’t a theoretical risk; it’s an operational vulnerability. The cryptography that secures federal data today will be obsolete — NIST has already set a deadline to ban some algorithms by 2035 — and our adversaries know it.

A foundational national security threat

Quantum computers are no longer science fiction — they’re a strategic priority for governments across the United States, Europe, China, and beyond, investing billions in their development. While the technology holds promise for scientific and economic breakthroughs, it also carries significant risks for national security.

If just one adversarial state succeeds in building a large enough quantum computer, it would render RSA, ECC, and other foundational cryptographic systems — the algorithms underpinning federal communications, authentication, and data protection — completely obsolete. This would occur not in years or decades that it would take a classical computer today, but in days.

Even before such computers exist, the risk is clear. Intelligence agencies like the National Security Agency have long warned of “harvest now, decrypt later” attacks. That means sensitive U.S. government data — captured today over insecure links or stolen in data breaches — may be stored in data centers with the intention of being decrypted years from now when quantum capabilities mature. This includes classified material, personally identifiable information, defense logistics data, and more.

We are not talking about theoretical vulnerabilities or bugs. We are talking about a complete systemic failure of classical cryptography in the face of a new computing paradigm, and a long-known one at that.

You’ve been warned and instructed

If you work in federal IT or security and haven’t started quantum-proofing your systems, you are already behind. The U.S. government has made its intentions crystal clear over the past three years. 

National Security Memorandum 10 (NSM-10), under the Biden administration, was signed in 2022 and mandates that all National Security Systems transition to quantum-resistant cryptography by 2030. This was followed by Office of Management and Budget memo M-23-02 in November 2022, which requires all federal civilian agencies to inventory their cryptographic assets, assess quantum vulnerability, and develop transition plans.

These early instructions were cemented in the NSA’s CNSA 2.0 guidelines, stating that systems protecting classified and national security data must move to quantum-safe algorithms before the 2035 deadline, with many systems already transitioned by 2030, using NIST’s approved cryptographic standards.

This is not a proposal; it is federal policy. The deadlines are set. The threat is recognized and the technology is ready.

The scale is unprecedented but not insurmountable

There hasn’t been a cryptographic overhaul of this magnitude since the transition to public-key cryptography in the 1980s and arguably not since Y2K. But unlike Y2K, there is no fixed date when things will fail. There won’t be a headline or official press release when quantum computing arrives. If you’re waiting for a clear signal, you won’t get one — it will simply be here, and those who haven’t prepared will already be behind.

Just as when the Allies broke the Enigma machine, the first nation to build a cryptographically relevant quantum computer is not likely to announce this to the world and their adversaries. 

Quantum-safe transition isn’t as simple as swapping out a cryptographic library. Legacy systems across agencies rely on hardcoded cryptographic protocols. Hardware modules may require firmware upgrades or full replacement. Key management systems will need to be redesigned. Certification and compliance processes must be updated. 

This encryption is found everywhere across the technology supply chain and in everyday life. With so many critical government functions, services, systems and departments now run online, just one weak link in the supply chain could bring the whole network down. 

Under the NSA’s CNSA 2.0 guidelines, any business that wants to do business with the U.S. government must implement PQC, especially for any new technology procurement beyond 2030. Furthermore, any products using the designated vulnerable encryption will be discontinued by 2035.

Most agencies aren’t prepared, and the private sector vendors they depend on are working hard to provide the tools needed to deliver the transition. What we must be careful of is some suppliers marketing “quantum-safe” solutions that do not meet NIST standards and may introduce new vulnerabilities down the line.

What federal IT leaders must do today 

The countdown to 2030 and 2035 has already begun. Federal CIOs, CISOs, and program managers should take the following steps this fiscal year:

1. Enforce cryptographic discovery mandates. OMB memo M-23-02 requires all agencies to submit an annual inventory of cryptographic systems. If your agency hasn’t complied or gone beyond minimal discovery, it’s time to escalate.
   
2. Demand vendor transparency. Your suppliers must tell you when and how they plan to support NIST’s PQC algorithms, not “proprietary” solutions. If they can’t, find new ones.
   
3. Fund pilot deployments now. Testing post-quantum algorithms in isolated systems today will reveal architectural bottlenecks and allow for smoother rollout in future years.
   
4. Educate procurement teams. Use the NSA’s quantum-safe procurement guidance to ensure RFPs, contracts, and tech refreshes explicitly require PQC readiness.
   
5. Treat PQC as a cybersecurity budget line item, not a future capital project. Quantum risk is not hypothetical, it’s live and needs action to address it today.
   

The bottom line: This is a national defense imperative

You don’t have to believe the quantum hype — you just have to follow your own government’s threat assessments.

 Federal legislation, including the Quantum Computing Cybersecurity Preparedness Act, signed into law in December 2022, requires agencies to prepare for the migration.

If your systems still rely on RSA, ECC, or other legacy algorithms without a transition roadmap,  you are not defending them — you are leaving them open to attack.

The NIST standards show that with one year of progress behind us, there are five years of opportunity ahead.

Ali El Kaafarani is the founder and CEO of PQShield, a global leader in post-quantum cryptography.

The post Why federal IT leaders must act now to deliver NIST’s post-quantum cryptography transition appeared first on CyberScoop.

The Trump administration is signaling to industry and allies that it is considering a broader set of actions related to quantum computing, both to improve the nation’s capacity to defend against future quantum-enabled hacks and ensure the United States promotes and maintains global dominance around a key national security technology.

The discussions include potentially taking significant executive action, such as one or more executive orders, a national plan similar to the AI Action Plan issued earlier this year, and a possible mandate for federal agencies to move up their timelines for migrating to post-quantum protections, multiple sources told CyberScoop.

None of the sources CyberScoop spoke with could provide a definitive timeline for an official rollout, but multiple executives in the quantum computing industry and former national security officials said the White House has signaled serious interest in taking bolder action to promote and shape the development of the technology. Some felt official announcements could come as soon as this week, while others cautioned the process could stretch into the coming months.

While quantum computers capable of breaking through classical encryption currently remain a theoretical threat, both government and industry have spent years planning for the day when the threats become real.

A major element of that plan has been slowly switching out older encryption algorithms in IT infrastructure for newer “post quantum” algorithms over the span of more than a decade.

One quantum executive, citing direct conversations with the government, said “everyone in the quantum industry from a policy standpoint” has been told some variation of the message “that the White House wants to do for quantum what they did for AI in July.”

A key component of one or perhaps multiple executive orders is language that would accelerate the deadline for federal agencies’ post-quantum migrations from 2035 to 2030.

The executive, speaking on condition of anonymity to avoid jeopardizing their relationship with the government, said the effort is being led by the White House’s Office of Science and Technology Policy (OSTP) and the Department of Commerce.

Commerce Deputy Secretary Paul Dabbar, a former Department of Energy official during President Donald Trump’s first term who co-founded and led his own quantum networking technology company during the Biden years, is “driving a lot of this,” the source said.

It’s not just industry that has received the message. A former official at the Department of Homeland Security who works with the Trump administration confirmed they had also been advised of upcoming action, and that officials at OSTP and the Office of Management and Budget have been particularly aggressive about moving forward.

“I did hear there was some forthcoming guidance for agencies, given the push with AI, but more specifically the need for government departments to be much more aggressive about what they’re doing, since the codebreaking capability of quantum is pretty significant for federal agencies,” said the official, who requested anonymity to discuss sensitive conversations with the federal government.

Multiple other former government officials and administration allies told CyberScoop that they have heard that the administration was preparing to take some kind of action around quantum computing in the near future.

An OMB official declined a request for comment from CyberScoop this week on the administration’s plans. The Department of Commerce did not respond to a similar request.

But White House officials have already teased bold action on quantum is in the works. In July, after the administration released its AI Action Plan, OSTP Director Michael Kratsios told an audience at a conference that “the president wrote me a letter the first week or two that I was in office that essentially gave me a charge for what I was supposed to do for the next three years.”

“He named three technologies in that letter: It was AI, quantum, and nuclear,” Kratsios said. “We had our big nuclear day a month-and-a-half ago. We had AI yesterday, so you can only assume — stay tuned.”

Pranav Gokhale, chief technology officer at Infleqtion, another quantum computing company, told CyberScoop he has heard similar rumors about an impending executive order focused at least in part on speeding up post-quantum migration efforts by federal agencies.

Part of the urgency reflects a desire to be aggressive in the face of uncertainty: no one knows quite when we will develop quantum computers capable of breaking encryption. There’s a running joke among experts and observers that quantum codebreaking is perpetually “five to 10 years away” from becoming reality.

Most experts — including cryptologists at the National Institute of Standards and Technology and the National Security Agency, which set encryption standards for the federal government and intelligence community — believe it is only a matter of time before such a breakthrough occurs. If that happens sooner than anticipated, the U.S. could be left unprepared.

Some national security officials pointed out that if governments in China, Russia or another country were to make a significant breakthrough on quantum codebreaking, there would be a powerful incentive to keep it secret for as long as possible to maintain an intelligence advantage.

Gokhale also said from the conversations he’s had, some in government and industry are pushing to make the safe and secure transition of cryptocurrencies to newer quantum-resistant encryption a priority, an issue that could be addressed by an executive order.

Discussions around prioritizing the migration of cryptocurrencies were confirmed by the first quantum executive that spoke with CyberScoop, though they said it’s less clear whether those ideas will ultimately make it into any White House executive order or formal plan. 

Bitcoin in particular may need a bespoke strategy to safely migrate, Gokhale said, citing a research study put out last year by the U.K.’s University of Kent that looked at the technical costs of upgrading Bitcoin assets to newer quantum-resistant encryption.

Given that cryptocurrencies are already lucrative targets for cybercriminals and foreign hackers from countries like North Korea, the industry is likely to be among the early targets of a quantum-enabled hack, and left more vulnerable by a slower rollout.

“The conclusion is that the Bitcoin upgrade to quantum-safe protocols needs to be started as soon as possible in order to guarantee its ongoing operations,” the Kent authors wrote.

Madison Alder contributed reporting to this story.

The post Trump administration planning expansion of U.S. quantum strategy appeared first on CyberScoop.

The United States needs a “new, coordinated strategy” to counter its cyber adversaries and “shift the burden of risk in cyberspace from Americans to them,” National Cyber Director Sean Cairncross said Tuesday.

“Collectively, we’ve made great progress in identifying, responding to and remediating threats, but we still lack strategic coherence and direction,” he said at the Billington Cybersecurity Summit. “A lot has been done, but it has not been sufficient. We’ve admired the problem for too long, and now it’s time to do something about it.”

The Biden administration produced its first cybersecurity strategy in 2023, with its Office of the National Cyber Director leading the writing of that document. It was part of a broader Biden administration approach to shift the cyber burden from individuals to more powerful institutions like the private sector. 

“The Trump administration will drive a new coordinated strategy that will advance U.S. interests and thwart our adversaries in cyberspace,” Cairncross said in a speech that marked his first public remarks since his confirmation in August. “America has the best talent, the most innovative private sector, the brightest research universities, broad academic resources and powerful government capabilities.

“We have all the tools, and now we have the political will in place to address these challenges,” he said. “We must work together, using all of our nation’s cyber capabilities, to shape adversary behavior and, most importantly, shift the burden of risk in cyberspace from Americans to them.”

The United States needs to “create an enduring advantage” over China, he said. China and other U.S. cyber adversaries that Cairncross called “brittle authoritarian regimes” simultaneously have to expend resources tracking dissidents and maintaining control, but also have the advantage of being able to “integrate instruments of power more seamlessly than we can.”

Cairncross said of cyberspace that “for too long, our adversaries have operated in this environment with near impunity. For too long, we have foregone the chances to set conditions for sustained security and stability. Our action or inaction today holds tremendous implications for our future.”

In separate remarks at another event Tuesday, Cairncross said he also wants to help international allies, particularly nations in the Five Eyes intelligence alliance, combat China’s efforts. 

“There’s many partners around the world who are looking for help as China attempts to export a surveillance state across planet Earth, country by country, continent by continent,” he said at an event hosted by Politico. “We have to engage to help fight that.” 

At the Politico event, he also said he expects the office to be more streamlined with the National Security Council and Cybersecurity and Infrastructure Security Agency, adding that the White House has been focused on what Cairncross referred to as eliminating the “turf wars and bureaucratic nonsense” of prior administrations.   

“The United States hasn’t had an overarching cyber policy strategy that’s set in coordination from offense all the way through to end-user defense, to state, local and tribal governments, working together in putting tactical operations and policies in place that support and feed into that strategy,” he said. “That is what we are going to do.”

In the shorter term, Cairncross mentioned three priorities. One is passage of legislation to reauthorize a law expiring this month that provides legal protections to companies for sharing cyber threat data with the government and within the private sector, the Cybersecurity Information Sharing Act of 2015.

Another is for “the federal government to get our own house in order,” he said.

“Our federal systems need rapid modernization,” Cairncross said, and the Trump administration is working on policies to “update our technologies and ensure that we’re prepared for a post-quantum future.”

And third, industry needs to focus on securing its products and protecting privacy at the outset, during the design process — and the administration will work to streamline cybersecurity regulations on industry’s behalf, he said.

Cairncross said it was a priority of the first Trump administration, and would continue to be in the second, to develop the cybersecurity workforce. Under Trump, however, the administration has pushed to dramatically slash personnel and funding for CISA.

Greg Otto contributed to this report. 

The post National cyber director: U.S. strategy needs to shift cyber risk from Americans to its adversaries appeared first on CyberScoop.

A bipartisan pair of senators are introducing legislation Thursday that would direct a White House office to develop a strategy for reckoning with the cybersecurity ramifications of quantum computers, and require agencies to begin pilot programs on quantum-safe encryption.

Sens. Gary Peters, D-Mich., and Marsha Blackburn, R-Tenn., say the National Quantum Cybersecurity Migration Strategy Act is meant to get ahead of rapidly advancing quantum computers that could bypass modern encryption standards and leave important data unprotected.

“It’s critical that the federal government be prepared for any threat posed by quantum computing technology, especially when it concerns our national security,” said Peters, the top Democrat on the Homeland Security and Governmental Affairs Committee. “My bill would help keep Americans safe by ensuring we have a quantum cybersecurity migration strategy to stay ahead of our adversaries and protect Americans’ personal data.”  

Blackburn added that “the National Quantum Cybersecurity Migration Strategy Act would ensure the federal government creates a road map to protect sensitive data and national security from emerging data security threats fueled by quantum computing.”

It’s a follow-up to two quantum computing laws passed in recent years: one devoted to developing U.S. quantum research and another devoted to pushing agencies to acquire IT systems with post-quantum cryptography. 

The latest legislation, which CyberScoop is first to report, would lean on the expertise of the Subcommittee on the Economic and Security Implications of Quantum Science (ESIX) — which is a part of the National Science and Technology Council that coordinates federal government technology policy — to develop the strategy. 

The strategy would recommend standards for federal agencies to define “a cryptographically relevant quantum computer,” to include characteristics such as “the particular point at which such computers are capable of attacking real world cryptographic systems that classical computers are unable to attack.”

The strategy would include an assessment of the need to migrate to post-quantum cryptography for each agency, and measurements for evaluating that migration.

ESIX would also establish a post-quantum pilot program that would require each sector risk management agency responsible for protecting the 16 federally designated critical infrastructure sectors to upgrade at least one high-impact system to post-quantum cryptography by the start of 2027.

“Because stolen data can be stored and decrypted later, experts warn that action must be taken now to secure systems with stronger, quantum-proof protections,” a forthcoming news release on the bill states. “This bill responds to that urgency by requiring federal agencies to begin migrating critical systems before it’s too late.”

Quantum industry leaders at a May hearing urged Congress to expand support for U.S. quantum initiatives. Experts and U.S. government officials are particularly worried about falling behind China on quantum computing.

Peters and Blackburn are introducing their bill the day after the Senate Homeland Security and Governmental Affairs Committee took action on its first slate of bills in 2025.

The post Senate legislation would direct federal agencies to fortify against quantum computing cyber threats appeared first on CyberScoop.