Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreibbevjk7khy7ltkium7niyqogehxlesq2qnps4xrghu522nvx77h4",
    "uri": "at://did:plc:qz6ohvpdsdvv5kniizyfz25y/app.bsky.feed.post/3moz6527d7sv2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreifr3wkxtmzaswbw7zxl67wrfrc7bbbvtcuwgfbuus2hblismvq7mu"
    },
    "mimeType": "image/jpeg",
    "size": 8260085
  },
  "path": "/article/4188512/trump-sets-post-quantum-crypto-deadlines-launches-broader-federal-quantum-initiative-2.html",
  "publishedAt": "2026-06-23T18:28:34.000Z",
  "site": "https://www.cio.com",
  "tags": [
    "Data and Information Security, Emerging Technology, Encryption, Government, Government IT, Quantum Computing, Security",
    "executive order",
    "companion order",
    "fact",
    "sheets",
    "quantum-resistant encryption",
    "Chris Hickman",
    "readiness for post-quantum cryptography",
    "decrypted years from now",
    "cybersecurity executive order",
    "the Cyber Strategy for America",
    "its first post-quantum cryptography standards",
    "software bill of materials",
    "Stefan Leichenauer"
  ],
  "textContent": "US President Donald Trump on Monday signed a pair of executive orders aimed at accelerating the federal government’s transition to post-quantum cryptography while expanding US investment in quantum technologies, establishing what the administration describes as a coordinated strategy to prepare for the opportunities and risks posed by quantum computing.\n\nThe actions include an executive order, “Securing the Nation Against Advanced Cryptographic Attacks,” and a companion order, “Ushering in the Next Frontier of Quantum Innovation.” Accompanying White House fact sheets frame the initiatives as part of the administration’s broader national security, economic competitiveness, and cybersecurity strategy.\n\nFor security leaders, the most immediate impact comes from the cryptography order, which establishes federal migration deadlines for quantum-resistant encryption, directs agencies to inventory cryptographic assets, and signals future procurement requirements for government contractors.\n\n“It’s a great step and definitely in alignment with what we’ve seen from other jurisdictions around the world,” Chris Hickman, CISO at post-quantum cryptography company Keyfactor, tells CSO. “It compels action.”\n\nHickman said the deadlines could have effects far beyond federal agencies because contractors and critical infrastructure operators will face increasing pressure to demonstrate readiness for post-quantum cryptography.\n\n“A lot of suppliers out there don’t want to lose revenue from the federal government, so it’s time to take this stuff seriously,” he said.\n\nThe administration argues that adversaries may already be collecting encrypted communications and sensitive data in anticipation of future breakthroughs that could render today’s public key cryptography obsolete.\n\nThe White House described the threat as a “harvest now, decrypt later” scenario in which information stolen today could be stored and decrypted years from now once sufficiently powerful quantum computers become available.\n\nAlthough experts continue to debate how long it will take to build cryptographically relevant quantum computers, federal officials argue that organizations cannot wait until such systems exist before beginning preparations.\n\nThe White House said the order builds on a broader administration cybersecurity agenda, including a June 2025 cybersecurity executive order and the Cyber Strategy for America released earlier this year. Officials said the effort is intended not only to protect federal systems but also to accelerate adoption of quantum-resistant security technologies across critical infrastructure sectors and the broader digital ecosystem.\n\nIlona Cohen, chief legal and policy officer at HackerOne and former general counsel of the White House Office of Management and Budget, said in a statement that recent administration cybersecurity initiatives reflect growing concern about the role contractors play in federal cyber risk. “Federal networks are only as resilient as the contractors supporting them,” Cohen said.\n\n## Federal migration deadlines established\n\nThe executive order directs federal agencies to accelerate migration to post-quantum cryptography standards developed by the National Institute of Standards and Technology.\n\nNIST finalized its first post-quantum cryptography standards in 2024 and continues to evaluate additional algorithms intended to replace cryptographic systems vulnerable to future quantum attacks.\n\nUnder the order, federal agencies must complete migration of key-establishment mechanisms by Dec. 31, 2030. Migration of digital-signature systems must be completed by Dec. 31, 2031. Within 30 days, agencies must designate senior officials responsible for overseeing post-quantum cryptography migration efforts.\n\nThe Office of Management and Budget must issue implementation guidance within 90 days, while agencies are expected to develop plans for replacing vulnerable cryptographic systems across federal environments.\n\nThe deadlines represent one of the clearest federal mandates to date regarding the timeline for government adoption of post-quantum cryptography.\n\n## Cryptographic bill of materials requirements\n\nThe order also introduces measures intended to improve visibility into cryptographic dependencies throughout government systems and software supply chains.\n\nAmong the most significant is a directive requiring NIST and the Cybersecurity and Infrastructure Security Agency to develop minimum elements for a cryptographic bill of materials (CBOM) within 270 days.\n\nThe concept is similar to a software bill of materials but focuses specifically on identifying cryptographic algorithms, libraries, and dependencies embedded within products and systems.\n\nSecurity practitioners have long argued that organizations cannot effectively migrate to post-quantum cryptography without first understanding where cryptography exists throughout their environments.\n\nThe administration also directed NIST to establish a federal post-quantum cryptography migration pilot program by the end of 2027 to identify implementation challenges and develop migration best practices.\n\n## Contractors likely to face new compliance obligations\n\nThe executive order also signals significant future implications for federal contractors.\n\nThe Federal Acquisition Regulatory Council was directed to develop procurement requirements that would require covered contractors to comply with applicable NIST post-quantum cryptography standards by the end of 2030.\n\nWhile details remain to be determined, the provision suggests federal purchasing requirements may become a major driver of post-quantum cryptography adoption across the technology industry.\n\nSecurity vendors, cloud providers, software developers, and managed service providers that do business with federal agencies may ultimately need to demonstrate compliance with emerging post-quantum cryptography requirements.\n\nThe order’s emphasis on cryptographic inventories, migration planning, and standards compliance suggests federal agencies will increasingly expect suppliers to understand and document the cryptographic components embedded within their products.\n\n## Quantum innovation initiative expands\n\nAlongside the cybersecurity order, Trump signed a separate executive order, which intends to accelerate the development of quantum computing and related technologies.\n\nThe administration argues that quantum technologies could eventually transform industries, including pharmaceuticals, manufacturing, logistics, energy, and defense, while providing strategic advantages in scientific research and national security.\n\nAt the center of the initiative is a government-wide effort known as Quantum Computing for Accelerated Discovery and Development for Science (QC-ADDS), which aims to develop at least one quantum computer capable of enabling what the administration calls “quantum-enabled scientific discovery.”\n\nThe Department of Energy, Department of Commerce, Department of Defense, National Science Foundation, NASA, National Security Agency, and elements of the intelligence community are directed to coordinate research and development activities under the program.\n\nAgencies are tasked with developing technical requirements within 90 days and implementation plans within 180 days.\n\nIndustry leaders said the order reflects a growing recognition that leadership in quantum computing will require coordinated investment across multiple layers of the technology stack.\n\n“The United States has a window of opportunity to lead in this domain,” Stefan Leichenauer, vice president of engineering at SandboxAQ, said in a statement. “It requires coordinated investment across the stack: cryptography, compute infrastructure, data generation, and application development. It also requires strong partnerships between government, industry, and academia.”\n\nThe order also calls for expanded support for quantum networking and quantum sensing technologies and directs the creation of a national capability for evaluating and benchmarking quantum computing systems.\n\n## Commercialization, workforce, and security priorities\n\nA major focus of the innovation initiative is moving quantum technologies from research laboratories into commercial deployment.\n\nThe White House said the United States must strengthen domestic quantum supply chains, support technology transfer, and ensure federally funded discoveries translate into commercial products and economic growth.\n\nAnkur Saxena, investment director at TDK Ventures, thinks the order reflects the industry’s growing focus on turning scientific advances into deployable technologies. “Quantum is shifting from a scientific frontier to an engineering and industrial race,” Saxena said in a statement. “US leadership will depend not just on breakthrough hardware, but on resilient supply chains and the enabling infrastructure that makes quantum deployable at scale.”\n\nThe administration also announced plans to reconstitute the National Quantum Initiative Advisory Committee and expand activities of the Quantum Counterintelligence Protection Team to help protect sensitive research and intellectual property.\n\nThe order places significant emphasis on workforce development as well, directing agencies to support quantum-related education, credentialing, and apprenticeship programs and to establish National Quantum Information Science and Technology Workforce Development Institutes.\n\n## Two sides of the same strategy\n\nThe executive orders reflect an effort to pursue what administration officials view as two sides of the same challenge: accelerating development of quantum technologies while preparing for the security consequences those technologies may eventually create.\n\nFor cybersecurity leaders, the post-quantum cryptography provisions are likely to have the most immediate impact. The combination of migration deadlines, cryptographic inventory requirements, pilot programs, and anticipated procurement mandates signals that federal agencies are moving from planning for post-quantum cryptography to implementing it.\n\nFor the broader technology sector, the orders underscore a growing consensus in Washington that quantum computing is no longer merely a long-term research project but a strategic technology that requires simultaneous investment, governance and risk management.",
  "title": "Trump sets post-quantum crypto deadlines, launches broader federal quantum initiative"
}