House subcommittee hearing flags urgent need to harden federal systems for the quantum era
Get AI-powered insights, summaries, and transcripts
Subscribe
Summary
Industry and government witnesses told the House Subcommittee on Cybersecurity that advancing quantum computers could break today's encryption, urging faster adoption of post-quantum cryptography, more funding for research and workforce training, and coordinated federal leadership.
At a House Subcommittee on Cybersecurity, Information Technology, and Government Innovation hearing, industry and government experts warned that sufficiently powerful quantum computers will be able to break widely used encryption and urged the federal government to accelerate migration to post-quantum cryptography.
The witnesses told the subcommittee that the threat is not purely theoretical and recommended immediate steps: complete agency risk inventories, fund migration work, expand algorithm and application research, and develop a coordinated federal strategy led by the Office of the National Cyber Director. "A sufficiently advanced quantum computer will upend cryptographic security in every sector," said Chairwoman Mace in her opening remarks, noting the Quantum Computing Cybersecurity Preparedness Act she helped pass in December 2022.
Why this matters: Current encryption protects financial systems, health records and defense communications. Multiple witnesses described a "harvest now, decrypt later" threat—adversaries copying encrypted data today to decrypt it once they possess quantum capability—and said that federal legacy IT and insufficient funding make the migration more difficult.
Dr. Scott Crowder, vice president for IBM Quantum Adoption, told the subcommittee that IBM operates numerous quantum systems and is investing to scale fault-tolerant machines. Crowder said standards work has progressed and that "we must act now" to move federal systems to post-quantum cryptography because broad adoption can take more than a decade. He noted IBM's announcement of a planned large-scale fault-tolerant system targeted for 2029 and said the industry expects to demonstrate certain quantum advantages within a short time horizon.
Marisol Cruz Kane, director of information technology and cybersecurity at the U.S. Government Accountability Office, told members that GAO has found the federal government lacks a comprehensive national strategy for quantum-related cybersecurity. She said agencies have begun inventories and testing as directed by Office of Management and Budget guidance but that a unified federal risk assessment and clear assignment of roles and milestones are missing. Cruz Kane told the subcommittee she recommends the Office of the National Cyber Director coordinate a full federal strategy.
Dennis Mandich, chief technology officer at Crypt, emphasized the national-security dimension and described the threat as inevitable rather than hypothetical: "This is not a black swan event. It's inevitable." He said the cryptographically relevant threshold is roughly on the order of thousands of logical qubits—he referenced a commonly cited estimate around 4,000 logical qubits—and warned that adversaries could conceal progress until they can exploit it. Mandich and other witnesses also cautioned that no single post-quantum algorithm is a guaranteed long-term solution and that cryptographic agility will be essential.
Dr. Brenda Rubinstein, associate professor of chemistry and physics at Brown University, told the subcommittee that sustained federal investment in basic research and graduate training is essential to maintain U.S. leadership. Witnesses and members noted recent and proposed cuts to science funding and said those reductions risk shrinking the pipeline of researchers and engineers needed for both quantum hardware and application research.
Committee members pressed witnesses on several related topics: how rapidly a cryptographically relevant quantum computer might appear, whether the U.S. would receive advance warning, the role of artificial intelligence in accelerating cryptanalysis, the risks presented by legacy federal IT systems, and workforce development. On the question of warning, witnesses representing intelligence and industry perspectives warned that states could keep breakthroughs secret and that the U.S. should assume limited advance notice.
The subcommittee record includes references to existing statutes and standards cited by witnesses: the Quantum Computing Cybersecurity Preparedness Act (signed into law December 2022), the National Quantum Initiative Act (2018), and NIST's post-quantum cryptography standardization work. Members indicated interest in more appropriation and programmatic support to implement standards and to fund algorithm and application research.
The hearing recessed for votes and will accept additional written questions and materials for the record. Witness written statements will be included in the hearing record.