This week, President Donald Trump signed two executive orders that called for the acceleration of the United States’ quantum ecosystem.
This included the “Ushering in The Next Frontier of Quantum Innovation,” which will include a “national effort” to further the development of the technology, and the “Securing the Nation Against Advanced Cryptographic Attacks.” The latter order tasked multiple federal agencies, including the Office of Management and Budget (OMB), the Department of Commerce (DoC), the Department of Homeland Security (DHS), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA), with upgrading the federal cryptography to a quantum-resilient standard.
The Quantum Frontier
The first executive order stated that the United States is now on the cusp of the quantum revolution, and called for greater innovation to ensure America reaches it first.
“Quantum information science and technology (QIST) will provide transformational capabilities that will drive American innovation, power economic growth, generate high-paying jobs, and bolster national security,” the order read.
It further stated that in addition to the research to develop a quantum computer, the United States must act to solidify its position as the world’s “QIST superpower,” and to deliver the commercial and research benefits to the American people.
“Equally important, we must protect sensitive technologies and work with allies to ensure adversaries cannot use QIST to undermine national security,” the executive order added.
Among the directives, the order called for expanding and retaining the quantum workforce, and within 90 days ordered the director of the Office of Personnel Management (OPM) – in n consultation with the APST and the Director of OMB and in coordination with the Secretary of War, the Secretary of Commerce, the Secretary of Energy, the DNI, and the Director of NSF – to develop a government-wide QIST recruitment and retention strategy. That could include “special pay rates” and raise the recruitment and retention incentive limits.
Within 120 days, the Secretary of Labor is to prioritize QIST-relevant industry needs by directing workforce training, and the Secretary of Labor and Director of NSF are to develop an approach to track labor statistics for assessing the needs of the nation’s quantum ecosystem.
Securing the Nation From Cryptographic Attacks
The second order seeks to put the guardrails in place to secure the United States from the threat of cryptographic attacks that could be unleashed in the post-quantum era.
“Ongoing cyber activity against our Nation also presents the risk of adversaries collecting United States information now, and decrypting it later once large-scale quantum computers are operational,” the order explained. “In light of these threats, the United States must take steps to strengthen cryptographic protections for the Nation’s sensitive data, critical infrastructure, and digital economy.”
It also directed agency heads to identify post-quantum cryptography (PQC), the cryptographic algorithms or methods that are designed to be resistant to attack by both a quantum computer and a classical computer, mitigation leads, and to provide those details to the o the Director of OMB and the National Cyber Director.
“These executive orders fundamentally shift the post-quantum cryptography, or PQC, timeline from a compliance framework to an active operational mandate, forcing enterprise technology leaders to audit their digital supply chains immediately,” said John Carberry, solution sleuth at cybersecurity provider Xcape, Inc.
“While a fault-tolerant quantum platform by 2028 serves as an aggressive target, the true tactical urgency lies in the federal encryption migration deadlines of 2030 and 2031,” Carberry told ClearanceJobs via email.
Addressing Tomorrow’s Threat Today
Cybersecurity experts have long called for the United States to focus on the threat of quantum before the technology is introduced, arguing that it would be too late to do so later. These executive orders are an indication that the threat is being taken seriously and not passed down the road.
“We tend to think of quantum-enabled decryption as a cybersecurity problem for the future, but as the recent Executive Order makes clear, adversaries can collect data now, and then decrypt it later as quantum computing capabilities develop. That means our sensitive data is at risk today,” explained Doc McConnell, head of policy and compliance at cybersecurity provider Finite State.
McConnell told ClearanceJobs that the executive order on Securing the Nation Against Advanced Cryptographic Attacks will require federal agencies to transition their most sensitive systems to use quantum-resistant cryptography by the end of 2031, and for CISA to work with critical infrastructure owners to develop transition plans.
“We will likely see two limiting factors in meeting these deadlines: availability and transparency,” McConnell continued. “First, manufacturers and suppliers need to make these ‘post-quantum’ solutions available for purchase. Second, they’ll need to be explicit about what algorithms they use, and how they’re implemented.”
Ambitious Not Impossible
The timelines provided in the two executive orders require a rather immediate response, one that could be complicated by their involving multiple agencies that tend to move at their own respective pace.
“Meeting these milestones represents an ambitious engineering challenge, requiring organizations to develop entirely new capabilities where technological gaps exist or significantly mature existing tools to make them commercially viable,” Carberry added. “Security leaders must look past the theoretical long-term risk of a mature quantum computer and actively address the immediate threat of intercept, store, and later decrypt operations carried out by advanced adversaries on the Internet today.”
However, security executives across the tech sector should prioritize implementing automated asset discovery to establish a comprehensive cryptographic bill of materials, or CBOM, while demanding clear, quantum-resistant roadmaps from all critical infrastructure and cloud service providers, Carberry also suggested.
Moreover, enterprise technology leaders will need to implement automated asset discovery immediately to map high-value data assets and establish a clear cryptographic bill of materials.
“The federal deadlines of 2030 and 2031 compress legacy migration timelines, turning post-quantum cryptography into an immediate operational requirement rather than a distant policy objective,” said Carberry. “Organizations must address current intercept and store threats by demanding native quantum-resistant capabilities from all critical infrastructure and cloud providers.”
None of this is impossible, but hurdles remain, not the least of which is explaining this technology and its sudden importance to those who often only look at the bottom line.
As Carberry told ClearanceJobs, “Good luck explaining to your board why a standard infrastructure upgrade now requires a fundamental breakthrough in subatomic physics.”
