White House Report: U.S. Federal Agencies Brace for $7.1 Billion Post-Quantum Cryptography Migration
Insider Brief
- Federal agencies must start migrating to post-quantum cryptography (PQC) now due to the “record-now, decrypt-later” threat, which anticipates quantum computers decrypting captured data in the future.
- The transition to PQC is estimated to cost U.S. federal agencies $7.1 billion by 2035, with costs likely to increase as agencies refine their plans and replace legacy systems.
- The migration to PQC is a continuous effort requiring regular updates to cryptographic inventories, cost estimates, and prioritization of systems for timely and secure transitions.
Quantum computing is both tool and weapon, promise and threat. One of quantum’s biggest threats is its ability crack existing cryptographic systems. While full-scale quantum computing may still be in the future, its bill is coming due now.
In a just-released White House report, U.S. federal agencies are now facing a monumental task: ensuring that the nation’s cryptographic infrastructure is ready to withstand the powerful capabilities of these next-generation computers. The report offers a glimpse into how the federal government is laying out its strategy to transition to PQC, but the process comes with considerable challenges and, according to these initial figures, a pretty hefty price tag—an estimated $7.1 billion over the next decade.
The Urgency of Migration: “Record-Now, Decrypt-Later” Threat
According to the report, the federal strategy for migrating to PQC is built on four fundamental principles, each of which underscores the critical need to act swiftly.
Among these is the threat of “record-now, decrypt-later” attacks, where adversaries could hack into and steal encrypted data today with the hope of decrypting it in the future once quantum computers become operational. This looming threat means that the migration to PQC cannot wait until a quantum computer is fully realized. The report stresses that the transition must begin immediately to protect sensitive information.
“A comprehensive and ongoing cryptographic inventory is a key baseline for successful migration to PQC,” the report states, highlighting the importance of understanding the scope of existing cryptographic systems within federal agencies.
This inventory process involves identifying systems that use vulnerable cryptographic algorithms and cataloging them as part of a broader strategy to secure federal information systems.
Prioritization and Identification: Where to Start
The strategy also pinpoints the need for agencies to prioritize which systems and data should migrate to PQC first. Not all systems will require the same level of urgency, so a tiered approach is recommended. This means focusing first on the most sensitive and critical systems, ensuring that they are protected as early as possible.
Identifying systems that cannot support PQC algorithms is another crucial step. Some systems, particularly older ones, may have cryptographic algorithms hardwired into their hardware or firmware, making them unable to accommodate the new, quantum-resistant cryptographic algorithms.
According to the report: “Agencies must identify these unsupported systems as early as feasible in order to begin planning and avoid PQC migration delays. Because of the interconnected and interoperable nature of cryptography across agency networks, one system that cannot be migrated may prevent others from migrating as well.”
This identification process is vital for avoiding costly delays and ensuring that the transition to PQC is as smooth as possible, the report continues.
The Cost of Securing the Future: A $7.1 Billion Price Tag
This won’t be cheap — but the alternative — ignoring the problem until quantum is a realized threat to data security — would obviously be much, much more expensive. According to the report, the Office of Management and Budget (OMB) and the Office of the National Cyber Director (ONCD), in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST), estimate that the total cost for federal agencies to migrate to PQC will be approximately $7.1 billion between 2025 and 2035.
This figure, which is based on 2024 dollars, reflects a “high, but expected, level of uncertainty” as agencies begin to better understand the complexities of the transition process.
The report notes that these cost estimates are not fixed and will likely evolve as agencies refine their inventories and transition plans.
“Agencies are required to update their cost estimates annually to allow for adjustments as they gain familiarity with the inventories, costing methodologies, and the transition process,” the report explains.
This ongoing revision process is essential for ensuring that the migration to PQC remains on track and within budget.
The Challenge of Legacy Systems
One of the most significant challenges identified in the report, as noted above, is the need to replace or upgrade legacy systems that cannot support PQC algorithms. These systems often have cryptographic algorithms embedded directly into their hardware or firmware, making them particularly difficult and expensive to update. The report indicates that the cost to replace these systems represents a significant portion of the overall $7.1 billion estimate.
Moreover, the Department of Defense, the Office of the Director of National Intelligence and other national security agencies are expected to develop separate funding estimates for the migration of national security systems (NSS) to PQC, which could further increase the overall cost to the federal government.
Continuously Refine
Unlike other models of technological disruptions, like Y2K, PQC is not a one-shot cure. The migration to post-quantum cryptography will be a continuous process that will require ongoing attention and resources, according to the report.
Federal agencies will be required to remain vigilant and proactive in their efforts to secure the nation’s information systems against the future threats posed by quantum computing. This means regularly updating inventories, refining cost estimates, and staying informed about the latest developments in PQC technology.
For a deeper dive than this summary can provide, please read the entire report here.