Up to 50% Federal IT Leaders Rush to Adopt Post-Quantum Cryptography Measures

As quantum computing advancements threaten to break traditional encryption methods, a new research study by General Dynamics Information Technology (GDIT) reveals that 50% of federal IT leaders are actively developing strategies to transition to post-quantum cryptography (PQC).

The study, conducted with input from IBM, surveyed 200 experts and decision-makers across defense, civilian, and intelligence agencies. According to Ben Gianni, GDIT senior vice president and chief technology officer, achieving cryptographic agility is critical to securing sensitive information against future threats. The findings highlight the need for federal agencies to adapt to evolving threats by preparing for a future where current cryptographic standards may no longer be sufficient.

Key challenges include the lack of formal guidance and strategic frameworks, modernizing legacy systems, and integrating PQC into the supply chain.

Accelerating the Transition to Post-Quantum Cryptography: A Federal IT Imperative

The advent of quantum computing poses a significant threat to the encryption methods currently used to protect sensitive data. In response, 50% of federal IT leaders are actively developing strategies to accelerate their transition to post-quantum cryptography (PQC), according to a recent research study by General Dynamics Information Technology (GDIT) with input from IBM. This shift is crucial for federal agencies to adapt to evolving threats and prepare for a future where current cryptographic standards may be insufficient.

The study, Quantum Waves, surveyed 200 experts and decision-makers across defense, civilian, and intelligence agencies, exploring how agencies are addressing the PQC transition and identifying risks, challenges, and technologies needed for migration. The findings reveal that significant obstacles remain while planning for PQC is gaining momentum. For instance, 37% of respondents cited the lack of formal guidance and strategic frameworks as a major challenge, highlighting the need for federal agencies to develop flexible and scalable strategies to modernize and build long-term resilience against emerging quantum threats.

The importance of cryptographic agility cannot be overstated. As Ben Gianni, GDIT senior vice president and chief technology officer, noted, “Quantum computing represents a turning point for cybersecurity, and achieving cryptographic agility is critical to secure our sensitive information against future threats.” With finalized NIST PQC standards, agencies must accelerate their migration efforts to ensure they are prepared to counter emerging quantum threats.

Key Risks and Challenges Associated with Current Cryptographic Practices

The study’s findings highlight several key risks and challenges associated with current cryptographic practices. For example, 46% of respondents have identified key risks but have not yet begun formal assessments, and only 8% have fully integrated current PQC standards. This underscores the need for federal agencies to prioritize risk assessment and management in their PQC transition strategies.

Furthermore, 44% of respondents cited vulnerability management as a top capability needed to discover, assess, and manage cryptographic assets, prioritize risks, and accelerate the PQC transition. This emphasizes the importance of developing robust vulnerability management capabilities to support the transition to PQC.

Modernizing Legacy Systems: A Significant Challenge

Modernizing legacy systems remains a significant challenge for federal agencies transitioning to PQC. According to the study, 48% of respondents cited this as a major obstacle. This is not surprising, given the complexity and interconnectedness of many legacy systems. However, it is essential that agencies address these challenges head-on, as failing to do so could leave them vulnerable to emerging quantum threats.

In addition to modernizing legacy systems, 29% of respondents also cited the implications for operational technology – the interconnected systems that control physical operations in critical infrastructure – as a significant challenge. This highlights the need for federal agencies to adopt a holistic approach to PQC transition, one that considers the interdependencies between different systems and technologies.

Integrating Post-Quantum Cryptography into the Supply Chain

Integrating PQC into the supply chain is another obstacle facing federal agencies. According to the study, 24% of respondents reported this as a challenge. This is not surprising, given the complexity of modern supply chains and the need for seamless integration with existing systems.

To overcome this challenge, federal agencies must work closely with their suppliers and partners to develop PQC-enabled solutions that can be easily integrated into their existing infrastructure. This will require close collaboration, robust testing, and validation procedures to ensure that PQC-enabled solutions meet the required security standards.

In conclusion, the transition to post-quantum cryptography is a critical imperative for federal IT leaders. While significant obstacles remain, the study’s findings highlight the need for agencies to develop flexible and scalable strategies to modernize and build long-term resilience against emerging quantum threats. By prioritizing risk assessment and management, vulnerability management, and supply chain integration, federal agencies can ensure a successful transition to PQC and protect their sensitive information against future threats.