S. 2558: The National Quantum Cybersecurity Migration Strategy Act of 2025.

This bill, titled the National Quantum Cybersecurity Migration Strategy Act of 2025, aims to improve the cybersecurity of Federal agencies by transitioning them to a new form of encryption known as post-quantum cryptography. This transition is necessary due to the potential capabilities of quantum computers, which could undermine current cryptographic methods used to protect sensitive information.

Key Provisions

• Creation of a Strategy: Within 180 days after the bill's enactment, a subcommittee will develop a comprehensive strategy for Federal agencies to move to post-quantum cryptography. This strategy will include:
• A definition of what constitutes a cryptographically relevant quantum computer.
• Recommended standards to assess quantum computers and their capabilities.
• An assessment of the urgency for each Federal agency to migrate based on their functions and associated risks from potential quantum attacks.
• Performance measures to track the progress of migration efforts across four stages: preparation, establishing a data baseline, implementing cryptographic solutions, and monitoring success.
• A plan for evaluating at-risk entities, particularly those in critical infrastructure.
• Post-Quantum Pilot Program: The bill mandates the establishment of a pilot program requiring each sector risk management agency to upgrade at least one high-impact system to post-quantum cryptography by January 1, 2027.
• Duties of the Office of Electronic Government: The Office will be tasked with surveying Federal agencies about the costs of migration. This includes assessing the needed personnel, equipment, and time for full implementation, ensuring that the estimates are realistic and financially sound, and identifying necessary funding. The Office will also provide guidance on encouraging private sector adoption of post-quantum cryptography.
• Reporting Requirements: There are several reporting requirements outlined for both the Director of the Office of Management and Budget and the subcommittee. They must submit a report to Congress detailing the assessment of the migration strategy, the pilot program, and the associated costs within one year of the bill’s enactment. Additionally, the Comptroller General must provide an annual assessment of agency progress in migrating to post-quantum cryptography based on the established performance measures.

Definitions

• Cryptography: Protective measures for data as defined by specific National Institute of Standards and Technology publications.
• Quantum Computer: A computer using quantum states to perform calculations, which traditional computers cannot emulate.
• Post-Quantum Cryptography: Cryptographic methods that can withstand potential attacks from both quantum and classical computers.
• Critical Infrastructure: Essential systems and services defined under current U.S. law, including those that underpin public safety and economic stability.
• High-Impact System: A system that holds sensitive information deemed critical; the loss of which would have severe consequences.

Implementation Timeline

The implementation of this bill will occur over several defined timelines, notably:

• 180 days for the development of the National Quantum Cybersecurity Migration Strategy.
• 180 days to establish the post-quantum pilot program, with a deadline for upgrading systems set for January 1, 2027.
• Reporting to Congress and assessments must occur within specific time frames after these actions.

Overall Goals

The overarching goals of the National Quantum Cybersecurity Migration Strategy Act of 2025 include:

• Protecting sensitive federal data from potential quantum computer threats.
• Establishing a clear framework and guidelines for federal agencies to transition to more secure cryptographic systems.
• Encouraging collaborative efforts between government and private sector entities in adopting new security technologies.

Relevant Companies

• None found