[Congressional Bills 117th Congress] [From the U.S. Government Publishing Office] [H.R. 7535 Introduced in House (IH)] <DOC> 117th CONGRESS 2d Session H. R. 7535 To encourage the migration of Federal Government information technology systems to quantum-resistant cryptography, and for other purposes. _______________________________________________________________________ IN THE HOUSE OF REPRESENTATIVES April 18, 2022 Mr. Khanna (for himself, Ms. Mace, and Mr. Connolly) introduced the following bill; which was referred to the Committee on Oversight and Reform _______________________________________________________________________ A BILL To encourage the migration of Federal Government information technology systems to quantum-resistant cryptography, and for other purposes. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as the ``Quantum Computing Cybersecurity Preparedness Act''. SEC. 2. FINDINGS; SENSE OF CONGRESS. (a) Findings.--The Congress finds the following: (1) Cryptography is essential for our national security and the functioning of our economy. (2) The most widespread encryption protocols today rely on computational limits of classical computers to provide cybersecurity. (3) Quantum computers might one day have the ability to push computational boundaries, allowing us to solve problems that have been intractable thus far, such as integer factorization, which is important for encryption. (4) The rapid progress of quantum computing suggests the potential for adversaries to steal sensitive encrypted data today using classical computers, and wait until sufficiently powerful quantum systems are available to decrypt it. (b) Sense of Congress.--It is the sense of Congress that-- (1) a strategy for the migration of information technology systems of the Federal Government to post-quantum cryptography is needed; and (2) the Governmentwide and industrywide approach to post- quantum cryptography should prioritize developing applications, hardware intellectual property (IP), and software that can be easily updated to support developing cryptographic agility. SEC. 3. MIGRATION TO POST-QUANTUM CRYPTOGRAPHY. (a) Migration and Assessment.-- (1) Migration to post-quantum cryptography.--Not later than 1 year after the date on which the Director of NIST has issued post-quantum cryptography standards, the Director of OMB, in consultation with the Chief Information Officers Council, shall begin to prioritize the migration to post-quantum cryptography and assessment of information technology systems of executive agencies that does not use post-quantum cryptography, including digital signatures. (2) Designation of systems for migration.--Not later than 1 year after the date on which post-quantum cryptography standards have been set by NIST and on an ongoing basis thereafter, the Director of OMB, in consultation with the Chief Information Officers Council, shall designate and prioritize for migration to post-quantum cryptography information technology systems of executive agencies based on the risk of systems that do not use post-quantum cryptography. (b) Report on Post-Quantum Cryptography.--Not later than 1 year after the date of the enactment of this section, the Director of OMB shall submit to Congress a report on the following: (1) A strategy to address the risk posed by the vulnerabilities of information technology systems of executive agencies to weakened encryption due to the potential and possible capability of a quantum computer to breach such encryption. (2) The funding necessary to secure such information technology systems from the threat posed by adversarial access to quantum computers. (3) A description and analysis of ongoing coordination efforts, including any framework and timeline, with international standards development organizations and consortia (such as the International Organization for Standardization) to develop standards for post-quantum cryptography, including any Federal Information Processing Standards developed under chapter 35 of title 44, United States Code. (c) Report on Migration to Post-Quantum Cryptography in Information Technology Systems.--Not later than 1 year after the date on which the Director of NIST has issued post-quantum cryptography standards, and annually thereafter until the date that is 9 years after the date on which such standards are issued, the Director of OMB shall submit to Congress a report on the progress of the Federal Government in transitioning to post-quantum cryptography standards. (d) Definitions.--In this section: (1) Classical computer.--The term ``classical computer'' means a device that accepts digital data and manipulates the information based on a program or sequence of instructions for how data is to be processed and encodes information in binary bits that can either be 0s or 1s. (2) Director of nist.--The term ``Director of NIST'' means the Director of the National Institute for Standards and Technology. (3) Director of omb.--The term ``Director of OMB'' means the Director of the Office of Management and Budget. (4) Executive agency.--The term ``executive agency'' has the meaning given the term ``Executive agency'' in section 105 of title 5, United States Code. (5) Information technology.--The term ``information technology'' has the meaning given that term in section 11101 of title 40, United States Code. (6) Post-quantum cryptography.--The term ``post-quantum cryptography'' means a cryptographic system that-- (A) is secure against decryption attempts using a quantum computer or classical computer; and (B) can interoperate with existing communications protocols and networks. (7) Quantum computer.--The term ``quantum computer'' means a device for computation that uses quantum mechanics like superposition and entanglement to perform computational operations on data. (8) Superposition.--The term ``superposition'' refers to the ability of quantum systems to exist in two or more states simultaneously. (9) Entanglement.--The term ``entanglement'' is a property where two or more quantum objects in a system can be intrinsically linked such that the measurement of one dictates the possible measurement outcomes for another, regardless of how far apart the objects are. <all>