Since World War II, cryptography has been a cornerstone of U.S. national security, helping protect our citizens, businesses, critical infrastructure, military, and government operations. In today’s digital era, the need for strong cryptography has become even more critical, with increasing instances of AI-fueled cyber warfare and future threats from quantum computers. Despite recent legislation, National Security Memoranda, and Executive Orders from the past and current administrations, many government agencies are still lagging in terms of modernizing critical cryptographic systems.
One of the biggest barriers facing government CISOs is a lack of visibility and related insights into what cryptographic elements they use, where they reside, or whether they meet current security standards. This lack of comprehensive cryptographic visibility leaves agencies vulnerable to increasingly sophisticated cyber threats with escalating national security implications. Without knowing what cryptographic keys, certificates, algorithms and protocols are deployed, agencies cannot efficiently replace outdated cryptography, mitigate vulnerabilities, or comply with evolving federal cybersecurity mandates. As a result, adversaries can exploit these blind spots to exfiltrate sensitive data, disrupt operations, and compromise critical infrastructure and our ability to govern securely and effectively.
The severe consequences of inadequate cryptography management have become painfully clear through numerous high-profile breaches targeting U.S. Government (USG) systems. China-based hackers have repeatedly compromised sensitive government infrastructure over the past decade, notably in incidents such as the 2024 Salt Typhoon breach, the 2023 Microsoft Cloud Email Compromise, the 2021 Microsoft Exchange Hack, and the devastating 2015 Office of Personnel Management data breach. Each attack resulted in the exposure of highly sensitive data, confidential communications, and personal information affecting millions of U.S. citizens, government entities, and senior officials.
Similarly, Russian hackers have aggressively targeted USG assets, including the 2023 infiltration of the MOVEit file-sharing platform widely utilized by government agencies, the 2021 breach of the Republican National Committee, and the catastrophic 2020 SolarWinds cyberattack. Moreover, in 2022, an unidentified hacker successfully breached InfraGard, compromising sensitive data belonging to over 80,000 individuals—information later sold openly on cybercrime forums. These breaches underscore an urgent need for significantly enhanced cryptographic security measures to protect national interests and prevent further devastating cyberattacks.
Cybercriminals and nation-state actors today are increasingly exploiting artificial intelligence (AI) to launch devastating cyber attacks. AI-driven phishing campaigns, highly convincing deepfake-enabled social engineering, and rapid, automated malware creation are overwhelming traditional cybersecurity defenses. Even more pressing is the imminent threat posed by quantum computing. Adversaries are already carrying out "Store Now, Decrypt Later" (SNDL) attacks—stealing encrypted government data today with plans to decrypt it once quantum computing reaches cryptographic relevance. When that happens, existing public-key encryption, which has safeguarded our personal, financial, commercial, and government information for decades, will become dangerously obsolete. Transitioning to quantum-resistant cryptography is no longer a future concern; it demands immediate attention and action.
While the federal government is currently leveraging Zero Trust Architecture (ZTA) to improve security posture, ZTA's effectiveness hinges entirely on robust cryptographic foundations. Weak encryption, poor key management, expired certificates, and vulnerable algorithms significantly undermine the protective capabilities of Zero Trust frameworks. Strengthening encryption and cryptographic infrastructure is an essential, urgent prerequisite to ensuring Zero Trust can deliver on its promise of resilient cybersecurity.
Cyber threats against the United States Government (USG) are escalating rapidly in both frequency and sophistication. Immediate action to implement a comprehensive, unified approach to encryption management is no longer optional—it's essential. Unified cryptography management provides USG agencies with complete visibility into their entire cryptographic infrastructure, actively and continuously detecting outdated or non-compliant cryptographic assets wherever they exist throughout the IT landscape.
Automated remediation urgently replaces vulnerable or expired cryptographic elements before adversaries can exploit them. This proactive approach ensures swift, seamless compliance with crucial regulatory frameworks such as NIST, FIPS 140-3, and PCI DSS. Equally critical is quantum-readiness—accelerated deployment of post-quantum cryptographic (PQC) algorithms is vital to staying ahead of evolving threats.
While some agencies, like the Department of Health & Human Services (HHS), have already begun proactively enhancing encryption policies to meet federal health data regulations, broader modernization efforts must be drastically accelerated across all government sectors. Delays are unacceptable, especially with AI-driven cyberattacks already emerging and quantum threats approaching rapidly.
The window for effective action is shrinking every day. Modernizing cryptographic foundations across extensive and complex government IT systems will take a decade or longer. Meanwhile, hostile nations and adversaries are heavily investing in quantum computing and AI-based cyber warfare. Any hesitation now will directly hand them our technological advantage.
Failure to urgently modernize cryptographic infrastructure will have catastrophic consequences, including compromised national security, severe financial losses, widespread disruption of essential services, and erosion of public trust in government digital systems. The U.S. government must immediately prioritize and lead the implementation of unified cryptography management across all USG agencies. Our communities, national security, and the integrity of the global digital economy depend on swift and decisive action.
