GoTech Policy Brief #2
Executive Summary
The United States has entered a critical transition period in cryptographic security as advances in quantum computing and artificial intelligence (AI) converge to challenge the integrity of existing systems. Federal policy has already moved toward mandated action. National Security Memorandum-10 (NSM-10) directs that βthe United States must prioritize the timely and equitable transition of cryptographic systems to quantum-resistant standards,β while Office of Management and Budget (OMB) Memorandum M-23-02 requires agencies to inventory cryptographic systems and plan for migration to post-quantum cryptography (PQC). The National Institute of Standards and Technology (NIST) reinforced this effort with the publication of core PQC standards in 2024.
Yet the central challenge extends beyond replacing vulnerable algorithms. Many systems across federal agencies, contractors, and critical infrastructure rely on weak or uneven sources of entropy, which provide the randomness required to generate secure cryptographic keys. These weaknesses create immediate vulnerabilities that adversaries can exploit today using AI-enabled techniques, even before quantum computing becomes operational at scale. Beyond these immediate vulnerabilities, the implementation challenge is vast: the federal government obligates roughly $755β$773 billion annually across more than 100,000 contractors, spanning a highly heterogeneous industrial supply chain.
- The White House, National Security Memorandum-10 (NSM-10) (2022); OMB, M-23-02 (2022).
- NIST, FIPS 203β205 (2024).
- GAO, Federal Contracting Overview. https://www.gao.gov/federal-contracting
Please also check out a paper written by GoTech research partner, Entrokey: A Survey of Entropy Failure as an Attack Surface: Artificial Intelligence and Modern Cryptanalysis