1、Page 1 GAO-25-107703 Quantum Cybersecurity Strategy Federal agencies and our nations critical infrastructuresuch as energy,transportation systems,communications,and financial servicesare dependent on technology systems and electronic data to provide essential services and to process,maintain,and rep

2、ort vital information.Agencies and critical infrastructure owners and operators rely on cryptography(e.g.,encryption)to protect sensitive systems and data.However,the emergence of quantum computers could undermine the security of widely used cryptographic methods.Some experts predict that a quantum

3、computer capable of breaking certain cryptographyreferred to as a cryptographically relevant quantum computer(CRQC)may be developed in the next 10 to 20 years,putting agency and critical infrastructure systems that rely on cryptography for security at risk.Furthermore,adversaries could copy data pro

4、tected by cryptography today and store it with the intention of accessing it later once a CRQC is developed.We were asked to examine the federal governments strategy to address the threat that quantum computers pose to cryptography on unclassified systems.This report provides information on how cryp

5、tographic methods protect systems and data,the threat quantum computers pose,strategies that international organizations have established to address this threat,and the U.S.national quantum computing cybersecurity strategy and the extent to which it addresses the desirable characteristics of a natio

6、nal strategy.Various documents developed over the past eight years have contributed to an emerging U.S.national quantum computing cybersecurity strategy.Based on our review of these documents,we identified three central goals:(1)standardize post-quantum cryptography,(2)migrate federal systems to tha