CISA Affirms 2035 Quantum Encryption Target Feasible Despite Technological Advancements
The Cybersecurity and Infrastructure Security Agency (CISA) maintains that the 2035 deadline for federal entities to transition to quantum-resistant encryption remains a viable target, even in light of significant advancements in quantum computing technology, such as Google’s recent unveiling of the Willow quantum chip. This chip has been touted for its potential to solve challenging problems that would take conventional supercomputers an estimated 10 septillion years to address.
While the unveiling of this 105-qubit quantum processor has raised eyebrows in the scientific community, Garfield Jones, CISA’s associate chief of strategic technology, indicates that such advancements were not unexpected. He emphasized the importance of continuing to integrate the National Institute of Standards and Technology’s (NIST) developed algorithms into practical applications, while also focusing on enhancing data protection solutions and cataloging assets across federal agencies.
Recent developments from NIST, which released its inaugural set of finalized encryption standards resilient to quantum threats, coincide with Google’s breakthrough. However, CISA is actively working with various federal partners to adopt tools that facilitate the identification and tracking of existing cryptographic systems to prepare for the impending shift towards quantum-resistant technologies. The agency warns that threats posed by quantum computing could become tangible within a decade, and experts caution that preparations may be lagging.
Rex Booth, former chief of cyber threat analysis at CISA, noted that a sense of urgency surrounds federal efforts to safeguard against these emerging threats, as adversaries have long been gathering data, awaiting an opportunity to exploit quantum capabilities to compromise encrypted communications. This sentiment aligns with growing calls from watchdog groups urging the federal government to bolster investments in quantum preparedness initiatives.
As federal networks continue to face vulnerabilities from potential quantum-enabled risks, the 2035 deadline stands as a critical guideline for organizations, according to Marc Manzano, head of quantum security at SandboxAQ. He argues that the timeline provides a structured pathway, although challenges remain such as the complexity of transitioning from legacy systems and resource limitations.
During discussions at the Quantum World Congress summit, Department of Defense officials highlighted initiatives aimed at fostering quantum readiness, including programs by the Defense Advanced Research Projects Agency focused on accelerating the development of more advanced quantum computers. Nevertheless, transitioning the federal infrastructure to quantum-resistant systems is expected to require substantial investment, with recent estimates suggesting that updating key systems could cost over $7 billion by 2035.
In response to the pressing need for updated cyber defenses, particularly in the context of quantum threats, federal stakeholders are adapting their strategies. Heightened awareness of adversary tactics from the MITRE ATT&CK framework—such as initial access, privilege escalation, and data exfiltration—can guide agencies in fortifying their cybersecurity postures. As developments in quantum computing continue to unfold, the urgency for federal agencies to enhance their cybersecurity strategies becomes increasingly clear.
