Senate legislation would direct federal agencies to fortify against quantum computing cyber threats

A bipartisan pair of senators are introducing legislation Thursday that would direct a White House office to develop a strategy for reckoning with the cybersecurity ramifications of quantum computers, and require agencies to begin pilot programs on quantum-safe encryption.

Sens. Gary Peters, D-Mich., and Marsha Blackburn, R-Tenn., say the National Quantum Cybersecurity Migration Strategy Act is meant to get ahead of rapidly advancing quantum computers that could bypass modern encryption standards and leave important data unprotected.

“It’s critical that the federal government be prepared for any threat posed by quantum computing technology, especially when it concerns our national security,” said Peters, the top Democrat on the Homeland Security and Governmental Affairs Committee. “My bill would help keep Americans safe by ensuring we have a quantum cybersecurity migration strategy to stay ahead of our adversaries and protect Americans’ personal data.”  

Blackburn added that “the National Quantum Cybersecurity Migration Strategy Act would ensure the federal government creates a road map to protect sensitive data and national security from emerging data security threats fueled by quantum computing.”

It’s a follow-up to two quantum computing laws passed in recent years: one devoted to developing U.S. quantum research and another devoted to pushing agencies to acquire IT systems with post-quantum cryptography. 

The latest legislation, which CyberScoop is first to report, would lean on the expertise of the Subcommittee on the Economic and Security Implications of Quantum Science (ESIX) — which is a part of the National Science and Technology Council that coordinates federal government technology policy — to develop the strategy. 

The strategy would recommend standards for federal agencies to define “a cryptographically relevant quantum computer,” to include characteristics such as “the particular point at which such computers are capable of attacking real world cryptographic systems that classical computers are unable to attack.”

The strategy would include an assessment of the need to migrate to post-quantum cryptography for each agency, and measurements for evaluating that migration.

ESIX would also establish a post-quantum pilot program that would require each sector risk management agency responsible for protecting the 16 federally designated critical infrastructure sectors to upgrade at least one high-impact system to post-quantum cryptography by the start of 2027.

“Because stolen data can be stored and decrypted later, experts warn that action must be taken now to secure systems with stronger, quantum-proof protections,” a forthcoming news release on the bill states. “This bill responds to that urgency by requiring federal agencies to begin migrating critical systems before it’s too late.”

Quantum industry leaders at a May hearing urged Congress to expand support for U.S. quantum initiatives. Experts and U.S. government officials are particularly worried about falling behind China on quantum computing.

Peters and Blackburn are introducing their bill the day after the Senate Homeland Security and Governmental Affairs Committee took action on its first slate of bills in 2025.