Insider Brief
- U.S. officials warned that current encryption systems could be broken by future quantum computers, and urged swift modernization of federal cybersecurity infrastructure to protect national security.
- Witnesses told Congress that quantum computing progress is accelerating and adversaries may already be collecting encrypted data to decrypt once the technology matures.
- Experts and lawmakers emphasized the need for post-quantum cryptography adoption, sustained research investment, and workforce development to maintain U.S. leadership and safeguard critical systems.
U.S. officials warned Wednesday (June 25) that the federal government must urgently modernize its cybersecurity infrastructure to prepare for quantum computing, a technology expected to render today’s encryption systems vulnerable to attack.
During a hearing titled “Preparing for the Quantum Age: When Cryptography Breaks,” the Subcommittee on Cybersecurity, Information Technology, and Government Innovation emphasized that quantum computers could eventually crack cryptographic protocols used to protect everything from classified data to personal health records. Members of Congress and technical experts alike framed the issue as both a matter of national security and technological competitiveness, particularly against adversaries such as China.
Marisol Cruz Cain, Director of Information Technology and Cybersecurity at the U.S. Government Accountability Office, told the committee that the United States must invest in building a skilled workforce, fund basic research and develop long-term strategies to safeguard against quantum-enabled attacks. She outlined how quantum computing, while potentially transformative for fields such as chemistry and materials science, also poses a significant threat to conventional encryption algorithms.
Quantum computers operate on fundamentally different principles from classical machines, using quantum bits—or qubits—that can represent multiple values simultaneously. This capability allows them to solve certain problems far more quickly, including those that underpin widely used encryption methods. While this speed offers advantages in scientific computing and could lead to practical advantages in a range of fields, it could allow hostile actors to decrypt secure information that is currently considered unbreakable, according to Cruz Cain.
“This increased computing power has potential applications in many different fields,” Cruz Crain said. “For example, quantum computers may be able to simulate critical chemistry processes for developing new fertilizers and medicines. However, the flip side of this potential is that quantum computers can threaten the security of information systems and the data they contain, including those controlled by the federal government. For instance, quantum computers could defeat widely used encryption methods that individuals, federal agencies, and critical infrastructure entities rely on.”
She added that many federal systems remain outdated and unprepared for the shift to post-quantum encryption standards.
Progress in Nonlinear
Denis Mandich, Chief Technology Officer at Qrypt, told the subcommittee that quantum progress is accelerating faster than expected, and adversaries may already be approaching the critical thresholds needed to break encryption. He stressed that because progress in quantum technology is nonlinear — prone to sudden leaps — the United States cannot afford to wait.
“The timeline is shrinking,” said Mandich. “The threshold is roughly four thousand logical qubits, and leading programs are racing toward that mark already. Delay is not just risky, it’s irrational. Progress in quantum computing is nonlinear and prone to sudden breakthroughs, and our adversaries have every incentive to conceal milestones until it’s too late. But the real danger isn’t only in the quantum threat — it’s our complacency.”
He also raised concerns about foreign intelligence operations and intellectual property theft, stating that adversaries may already be stockpiling encrypted data in anticipation of decrypting it once quantum systems become powerful enough, a tactic referred to as “steal now, decrypt later.”
IBM executive Scott Crowder echoed those concerns, warning that it could take over a decade for industry and government to fully adopt new post-quantum cryptographic standards. He cited guidance from the National Institute of Standards and Technology (NIST), which recommends transitioning away from encryption systems vulnerable to quantum attacks by 2035. However, he noted that the U.S. has been slow to invest in application-layer research, and risks falling behind other countries that are already deploying resources to explore quantum-enabled use cases.
Bipartisan Support
Lawmakers on the committee expressed bipartisan support for advancing federal action, noting that in previous cases of cyber intrusion—such as the exploitation of weak cryptographic protocols in the FLAME malware campaign or recent Chinese-linked breaches—complacency has come at a high cost.
Subcommittee Chairwoman Nancy Mace (R-S.C.) said the threat posed by quantum computing is not hypothetical. She said there is a need for legislative action and appropriations to accelerate the adoption of post-quantum cryptography and modernize federal IT systems.
Mace told the subcommittee in her opening remarks: “An important role of this Subcommittee is to ensure proper cybersecurity of federal technology. One thing all experts agree on is a sufficiently advanced quantum computer will upend cryptographic security in every sector including finance, healthcare, and defense. The federal government must not wait to tackle this enormous task. Already, we know foreign adversaries are implementing a “steal now, decrypt later” strategy with the hope today’s data will still be valuable when they have a quantum computer. ”
Must Act Now
Several committee members asked for assessments of how far ahead — or behind — the U.S. might be compared to rival nations. Panelists responded that while the U.S. currently leads in quantum hardware, based on public data, other countries may be catching up, especially in software and applications. Mandich pointed out that many Chinese quantum firms operate under a veil of secrecy, and their capabilities may be underestimated.
Crowder stressed that the real risk lies in the delay between recognizing the threat and taking action. Given the long timelines required to transition critical infrastructure to new cryptographic systems, he said the time to act is now.
“Thus, we must act now,” said Crowder. “We must ensure our nation’s most critical systems are safe from threat. Thankfully, this Committee has realized this need and has already begun acting. Congress can help further by supporting the passage of additional legislation that ensures rapid adoption of post-quantum cryptography and appropriating funds to support this transition.”
