- GAO identifies cybersecurity risks posed by future quantum computers.
- Three federal goals on quantum resilience remain incomplete without performance measures.
- No single agency has been formally tasked with leading national implementation—despite the existence of the National Cyber Director’s Office.
- GAO urges centralized coordination to protect federal and private sector encryption systems.
The Lead
The U.S. Government Accountability Office (GAO) warned Congress on June 24 that the nation remains vulnerable to cyber threats posed by quantum computing due to a lack of centralized leadership and a fully developed national strategy. The report calls for the Office of the National Cyber Director to take charge in coordinating a comprehensive plan to defend American cryptographic infrastructure before it’s too late.
Background: A Race Against Time
Quantum computing holds the promise to revolutionize modern science and problem-solving, but it also carries significant national security implications. While traditional computers would take centuries to break certain encryption algorithms, quantum computers may do so in hours—potentially exposing everything from classified military communications to financial transactions.
According to the report released by GAO, the federal government has made early strides by identifying three key national goals:
- Standardize post-quantum cryptography to defend against both traditional and quantum attacks.
- Transition federal systems to use these quantum-resistant cryptographic methods.
- Encourage private and public sectors across the U.S. economy to begin preparing for quantum threats.
Where the Strategy Falls Short
Despite these goals, the GAO noted that current strategy documents lack fundamental elements of a comprehensive national security roadmap. Among the issues identified:
- No detailed objectives for encouraging the broader economy to prepare.
- Absence of performance metrics to evaluate progress on any of the three goals.
- Lack of an agency clearly responsible for leading coordination efforts across sectors.
While Congress established the Office of the National Cyber Director (ONCD) in January 2021 to serve as a central authority on cybersecurity coordination, the GAO says the ONCD has yet to assume an active leadership role in quantum readiness.
Outlook: The Clock Is Ticking
The GAO has long urged proactive planning, warning in both 2021 and 2024 reports that a quantum computer capable of breaking existing encryption methods could arrive within the next 10 to 20 years. If developed by adversaries before mitigation strategies are implemented, the consequences could be devastating for federal systems and critical infrastructure.
In its 2024 report, GAO formally recommended that the Office of the National Cyber Director lead the quantum cybersecurity coordination effort. The office has neither accepted nor rejected the recommendation—and no measurable action has yet been taken.
Why It Matters
Modern society’s dependence on encrypted communication spans nearly every aspect of life—from online banking and health records to power grids and defense networks. Without a clear national approach, even basic digital trust could be at risk in a post-quantum world.
Congress is expected to hold hearings on GAO’s findings later this summer. Whether or not centralized leadership emerges soon could determine the nation’s cyber resilience in the quantum era.
(With inputs from U.S. Naval Institute and GAO Reports)