Author: Harvey Morrison

Marion Square is actively working with our partners and clients to understand and map the requirements Federal Agencies have for transitioning to Post Quantum Encryption (PQE). For PQE technology companies, this transition presents a unique opportunity: a growing market with billions in potential federal contracts. 

In this post, we'll explore the steps federal agencies are required to take, why it's crucial for them to act now, and how engaging with the right expertise can make this transition smoother.

Step 1: Inventory and Assess Vulnerabilities

NSM 10 and OMB 23-02 mandate that federal agencies begin by identifying where public key encryption is used across their systems. This involves a comprehensive inventory of cryptographic assets, with a focus on determining which systems are vulnerable to future quantum attacks.

Agencies must ask themselves:

• Where is public key encryption used?

• Which systems hold sensitive or critical data?

• What assets are most exposed to potential quantum threats?

While this might seem like a basic first step, it is one of the most essential. Without a clear understanding of the vulnerabilities in their existing infrastructure, agencies cannot prioritize effectively.

Step 2: Prioritize Critical Systems

Not all systems are equally vulnerable, nor do they carry the same level of risk. According to OMB 23-02, agencies must prioritize their cryptographic systems based on their criticality and potential exposure to quantum-enabled decryption.

This process involves identifying:

• Which systems and data are mission-critical?

• What would the impact be if these systems were compromised?

Agencies must develop a timeline for transitioning their most critical systems to post-quantum cryptography (PQC). This prioritization will guide the overall transition plan, ensuring the most at-risk systems are protected first.

 

Step 3: Align with NIST Guidelines and Standards

Federal agencies aren’t navigating this transition alone. NIST has been actively working on post-quantum cryptographic standards and has already identified candidate algorithms that are resilient to quantum attacks. Agencies are expected to align their migration plans with these guidelines.

Key actions include:

• Adopting NIST-approved PQC algorithms as they are finalized.

• Staying updated on NIST’s PQC timeline to ensure timely adoption.

However, aligning with NIST standards is just the beginning. Agencies must also ensure that these new cryptographic solutions are seamlessly integrated into their existing systems, minimizing disruption.

 

Step 4: Develop a Transition Plan

Agencies must now translate these requirements into action. Both NSM 10 and OMB 23-02 emphasize the need for agencies to craft a clear roadmap for migrating to PQE. This includes establishing timelines for transition, creating risk mitigation strategies, and ensuring that critical systems are protected in the interim.

A robust transition plan involves:

• Establishing interim risk management controls to protect systems until PQE is fully implemented.

• Regular reporting to OMB on the progress of PQE adoption.

• Coordinating with vendors to ensure third-party systems and software also align with PQC standards.

Step 5: Continuous Monitoring and Adjustment

Quantum computing is rapidly evolving, and the threat landscape is shifting accordingly. Agencies are required to continuously monitor the progress of quantum technologies and adjust their PQE strategies to ensure they remain ahead of emerging threats.

This continuous evolution includes:

• Tracking the latest advancements in quantum computing.

• Staying agile in response to new NIST standards.

• Refining the PQE strategy as new vulnerabilities or risks are identified.

Whether you're a PQE technology company or a services provider in the PQE space, Marion Square has the expertise to help you navigate the federal market. We can assist you in understanding the PQE landscape, identifying near-term, funded opportunities, and developing a winning go-to-market strategy that positions your solutions for federal contracts.

If you're ready to explore how Marion Square can support your success, connect with us today to learn more about our services.