The Senate Proposes National Quantum Cybersecurity Strategy: What It Means for Your Organization

Author: Harvey Morrison

On August 6, 2025, Senators Gary Peters (D-MI) and Marsha Blackburn (R-TN) introduced bipartisan legislation that could significantly accelerate the nation’s migration to post-quantum cryptography (PQC). The bill, known informally as the National Quantum Cybersecurity Strategy Act, underscores a growing federal urgency: quantum computing is no longer just a research milestone it’s a looming cybersecurity disruptor.

For technology providers, government contractors, and agencies alike, this legislation represents both a challenge and a market defining opportunity.

Why This Matters Now

The bill is rooted in a core reality: data stolen today can be decrypted tomorrow. Adversaries are believed to be engaged in “harvest now, decrypt later” campaigns harvesting encrypted data with the intent of unlocking it once cryptographically relevant quantum computers (CRQCs) arrive.

When those systems reach maturity, today’s widely used encryption standards (RSA, ECC) will be vulnerable. That’s why this bill pushes for a coordinated, government wide migration strategy to quantum-resistant encryption and soon.

Key Provisions of the Bill

The proposed legislation amends the Quantum Computing Cybersecurity Preparedness Act to give the White House Office of Science and Technology Policy (OSTP) specifically its Emerging and Security Initiatives Executive Office (ESIX) the lead role in defining and driving this transition.

Here’s what’s inside:

1. Defining the Threat
   ESIX will establish the definition of a “cryptographically relevant quantum computer” the moment when a quantum system’s capabilities present a real and immediate risk to federal encryption systems.

2. Agency-Specific Risk Assessments
   Each federal agency must assess its own exposure and urgency based on mission requirements, data sensitivity, and system architecture.

3. Four-Stage Migration Framework
   The bill lays out a staged migration plan:

• Preparation – Governance, awareness, and resourcing

• Baseline Inventory – Cataloging cryptographic assets and dependencies

• Implementation – Rolling out PQC algorithms and controls

• Monitoring & Evaluation – Tracking performance against security and operational metrics

4. Pilot Programs by 2027
   Every Sector Risk Management Agency (SRMA) must transition at least one high-impact system to PQC by January 1, 2027 to demonstrate feasibility and guide broader adoption.

5. Cost and Incentive Analysis
   The Office of Electronic Government will collect cost projections, resource requirements, and recommendations for accelerating PQC adoption in both public and private sectors.

6. Oversight and Accountability

• One-year progress report from OMB and ESIX to Congress

• Annual reviews by the Comptroller General to ensure agencies are meeting migration benchmarks

Implications for Federal Contractors and Technology Providers

If you develop, integrate, or secure IT systems for the U.S. Government, this bill, if passed, will directly shape your roadmap. Even before it becomes law, the momentum toward PQC is accelerating. NIST has finalized its first set of PQC algorithms, and agencies are under increasing pressure to identify and remediate vulnerable cryptographic systems.

For industry, this means:

• Opportunities in Pilot Programs – Contractors with PQC capabilities will be in high demand for the 2027 high impact system transitions.

• Alignment with Federal Mandates – Vendors that can show compliance readiness will have a competitive advantage in upcoming procurements.

• Acceleration of Legacy System Modernization – PQC migration often goes hand-in-hand with broader IT modernization, opening additional revenue streams.

How Marion Square Helps

At Marion Square, we work with quantum technology innovators, cybersecurity firms, and federal contractors to bridge the gap between legislative mandates and operational execution.

We can help you:

• Interpret the Framework – Translate the ESIX migration stages into actionable, agency-aligned work plans.

• Assess Readiness – Conduct cryptographic inventories and quantum risk assessments to prioritize migration efforts.

• Engage in Federal Pilots – Position your solution or service to participate in—and benefit from—agency pilot programs.

• Navigate Compliance and Procurement – Align your offering with federal acquisition priorities, OMB guidance, and NIST standards. Via our partnership with Carahsoft.

The Bottom Line

This bill sends a clear signal: quantum migration is no longer a “someday” conversation. It’s a strategic, measurable, and near-term priority for the U.S. Government and by extension, for every organization in its supply chain.

If you’re ready to map your path to PQC adoption and position your organization for success in this evolving market, Marion Square can help.