On Jan. 16, 2025, President Joe Biden signed a comprehensive executive order aimed at strengthening U.S. cybersecurity defenses and the nation’s digital infrastructure against emerging technology threats. The order comes as the U.S. grapples with several high-profile Chinese government hacks of its systems (U.S. Treasury) and top officials’ communications (Salt Typhoon).
Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity features new cybersecurity requirements for government contractors and agency security teams. It builds on the Administration’s earlier directives made in 2021 but adds teeth to the provisions that lacked an enforcement mechanism under the old order.
Of particular interest to Quantum Xchange and the market we serve is Sec. 4: Securing Federal Communications. Here Biden points to NSM 10 (May 4, 2022) stressing that the Federal Government prepare to transition to cryptographic algorithms that would not be vulnerable to a Cryptographically Relevant Quantum Computer (CRQC).
But, as Roger Grimes points out, there’s a major news story buried in the order: U.S. Government Just Pushed PQC Deadline from 2035 to ASAP, or “as soon as practicable…” Language in this order, differs from previous directives that state, “The U.S. must prioritize the timely and equitable transition of cryptographic systems to quantum-resistant cryptography, with the goal of migrating as much of the quantum risk as is feasible by 2035,” to the following, more urgent guidance:
- Agencies shall implement PQC key establishment or hybrid key establishment including a PQC algorithm as soon as practicable upon support being provided by network security products and services already deployed in their network architectures.
- Within 90 days of the date of this order, the Secretary of State and the Secretary of Commerce, acting through the Director of NIST and the Under Secretary for International Trade, shall identify and engage foreign governments and industry groups in key countries to encourage their transition to PQC algorithms standardized by NIST.
- The Federal Government should take advantage of commercial security technologies and architectures, such as hardware security modules, trusted execution environments, and other isolation technologies, to protect and audit access to cryptographic keys with extended lifecycles.
While the longevity of this order and these directives (both overt and veiled) can be uncertain with an administrative transition taking place next week, the bipartisan nature of cybersecurity suggests that many of these measures may continue to be prioritized by President-elect Trump.
Regardless, the tone is clear – PQC is now. Government agencies and their allies need to start replacing legacy encryption with NIST-standardized, post-quantum cryptographic algorithms using a policy-driven, FIPS-validated platform like Phio TX that embraces crypto-agility, diversifies risks, and establishes a crypto control plane to dynamically stack, switch, mix, deliver and manage enterprise cryptography with no network interruptions or downtime.
Do your part to ensure a resilient, prosperous, and bright digital future. Contact Quantum Xchange today!
