White House PQC order ‘lights a fire’ under post-quantum transition
White House PQC order ‘lights a fire’ under post-quantum transition
Publish Date: 2026-06-23 17:41:00
Source Domain: federalnewsnetwork.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
The White House is accelerating the governmentwide shift to post-quantum cryptography through new deadlines and pilots, but key questions remain about how agencies will fund and carry out a complex PQC transition.
In an executive order signed Monday, President Donald Trump directs agencies to identify lead PQC transition officials within 30 days.
The order requires agencies to transition “high value assets” and “high impact systems” to post-quantum cryptographic keys by Dec. 31, 2030 and PQC digital signatures by the end of 2031.
Under the Biden administration, agencies had generally been planning to shift to the new algorithms by 2035.]]>
Trump’s EO builds on work in recent years to plan for a “cryptographically-relevant quantum computer,” or one that could break current data encryption standards. Cybersecurity experts are particularly concerned that U.S. adversaries could steal data today and decrypt using a quantum computer in the future, in what’s known as a “harvest now, decrypt later” strategy.
In 2024, the National Institute of Standards and Technology finalized the first post-quantum encryption standards and encouraged organizations to start the transition.
The accelerated deadlines in Trump’s new EO “really lights a fire under everyone to say, ‘hey, this is something that the government’s taking seriously,’” according to Garfield Jones, the former associate chief of strategic technology at the Cybersecurity and Infrastructure Security Agency.
“It drops it right in the CIO’s lap to say, ‘I’ve got to get this ready. This is not for somebody else’s tenure 10 years from now. It’s my tenure now that I have to get this done,’” Jones, who is now executive vice president for strategy and research at PQC firm QuSecure, told Federal News Network.
The EO directs the Office of Management and Budget to issue new PQC guidance to agencies within 90 days.
Matthew Hartman, chief strategy officer at Merlin Strategy Group and former acting head of cybersecurity at CISA, said the executive order “makes clear that quantum readiness is no longer a future problem.”
“Organizations need to begin their transition to post-quantum cryptography now, especially as adversaries continue to pursue ‘harvest now, decrypt later’ strategies against sensitive data,” Hartman said in written comments. “Equally important is the administration’s focus on identifying high-value assets and high-impact systems, because agencies cannot effectively prioritize quantum risk without first understanding where their most critical data resides.”]]>
The EO also directs the National Institute of Standards and Technology to start a pilot project for PQC migration in the next 180 days. The pilot should be done by the end of 2027, per the order.
Industry experts also say the EO’s section on procurement is critical.
The order directs OMB, NASA and the General Services Administration to lead an effort to identify “cost-saving opportunities in implementing the national PQC migration policy and strategy, such as migration of cloud-based technologies, shared procurement of PQC tools, joint training programs, and centralized technical support.”
It additionally directs the Federal Acquisition Regulatory Council to develop rules requiring contractors to comply with PQC requirements by Dec. 31, 2030.
Darren Guccione, chief executive and co-founder of Keeper Security, said the EO’s hard deadlines are key.
“NIST spent years developing and approving quantum-resistant algorithms,” Guccione said in written comments. “This order makes that work enforceable.”
He said a separate executive order on quantum innovation, also signed by Trump Monday, is a “necessary counter-part” to the PQC order.
“You cannot build quantum-resistant defenses while ceding ground on quantum computing capability itself,” Guccione wrote. “Establishing a national quantum computing effort, expanding counterintelligence protection for domestic quantum infrastructure and investing in supply chain and workforce development signals that the United States is treating this technology seriously on both sides of the equation – as something to build and something to defend against.”
But experts also pointed to potential gaps in the PQC executive order that may be addressed by forthcoming OMB guidance and other efforts.]]>
Jones said in addition to focusing on “high value” assets and systems, agencies should account for the “lifecycle” of the data within those systems. While some federal information will only remain sensitive for a few years, other data – like taxpayer information or Census data – could be at risk if stolen and decrypted in the future.
“We haven’t implemented the algorithms yet, so between now and 2030, 2031, we still have all that data that’s still moving out, that’s still at risk of being harvested,” Jones said.
Bill Wright, head of government affairs at Everpure, said “real quantum readiness requires resilience and crypto-agility,” referring to the ability of an information system to rapidly change encryption algorithms without disrupting operations.
“Agencies need to know where their sensitive data lives, protect it across its lifecycle, and evolve faster than the threat does,” Wright said in written comments.
Funding the transition to PQC could also be a major challenge. Most agencies have not budgeted for those efforts. During the Biden administration, OMB estimated the federal government’s transition to PQC standards would cost roughly $7.1 billion over 10 years.
Guccione said migrating to PQC is not a simple one-and-done upgrade.
“It means mapping every environment where public-key algorithms are in use, identifying which data carries long-term sensitivity, sequencing changes across interconnected systems and verifying that vendors throughout the supply chain can meet the same standard,” he said. “That work takes years under the best conditions. For most enterprises, 2030 is not a comfortable horizon. It is a hard deadline against a backlog they have not yet measured.”
Copyright
© 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
