惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

H
Heimdal Security Blog
P
Privacy International News Feed
S
Schneier on Security
P
Proofpoint News Feed
L
Lohrmann on Cybersecurity
Spread Privacy
Spread Privacy
P
Privacy & Cybersecurity Law Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Scott Helme
Scott Helme
K
Kaspersky official blog
大猫的无限游戏
大猫的无限游戏
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
aimingoo的专栏
aimingoo的专栏
Simon Willison's Weblog
Simon Willison's Weblog
S
Securelist
Help Net Security
Help Net Security
B
Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Security Archives - TechRepublic
Security Archives - TechRepublic
云风的 BLOG
云风的 BLOG
The GitHub Blog
The GitHub Blog
N
News and Events Feed by Topic
Hacker News: Ask HN
Hacker News: Ask HN
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
M
MIT News - Artificial intelligence
雷峰网
雷峰网
博客园 - 司徒正美
V
V2EX
AWS News Blog
AWS News Blog
Know Your Adversary
Know Your Adversary
N
News | PayPal Newsroom
T
Tor Project blog
Cisco Talos Blog
Cisco Talos Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
PCI Perspectives
PCI Perspectives
Google DeepMind News
Google DeepMind News
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
U
Unit 42
C
Cybersecurity and Infrastructure Security Agency CISA
P
Palo Alto Networks Blog
G
Google Developers Blog
T
Threat Research - Cisco Blogs
博客园 - Franky
I
InfoQ
D
DataBreaches.Net
爱范儿
爱范儿
Y
Y Combinator Blog
博客园 - 叶小钗
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报

Google adds end-to-end Gmail encryption to Android, iOS devices for enterprises | CSO Online

Die besten DAST- & SAST-Tools CISA mulls new three-day remediation deadline for critical flaws CISA pushes critical infrastructure operators to prepare to work in isolation CISOs step up to the security workforce challenge 10 Anzeichen für einen schlechten CSO Anthropic Mythos spurs White House to weigh pre-release reviews for high-risk AI models Security agencies draw red lines around agentic AI deployments The fake IT worker problem CISOs can’t ignore How CISOs should utilize data security posture management to inform risk Was ist ein Botnet? Human-centric failures: Why BEC continues to work despite MFA Just 34% of cyber pros plan to stick with their current employer Managing OT risk at scale: Why OT cyber decisions are leadership decisions 4 ways to prepare your SOC for agentic AI ‘Trivial’ exploit can give attackers root access to Linux kernel Bank regulator sounds warning over cybersecurity threat posed by AI models Dismantle implicit trust in OT networks, CISA tells critical infrastructure operators Max-severity RCE flaw found in Google Gemini CLI Stopping the quiet drift toward excessive agency with re-permissioning ODNI to CISOs on threat assessments: You’re on your own 10 wichtige Security-Eigenschaften: So setzen Sie die Kraft Ihres IT-Sicherheitstechnik-Teams frei Researchers unearth industrial sabotage malware that predated Stuxnet by 5 years AWS leans on prior ingenuity to face future AI and quantum threats What it takes to win that CSO role Third Party Risk Management: So vermeiden Sie Compliance-Unheil Critical Cursor bug could turn routine Git into RCE Securing RAG pipelines in enterprise SaaS What CISOs need to get right as identity enters the agentic era Stopping AiTM attacks: The defenses that actually work after authentication succeeds EDR-Software – ein Kaufratgeber Microsoft patched an ‘agent-only’ role that was not AI is reshaping DevSecOps to bring security closer to the code The 'manager of agents': How AI evolves the SOC analyst role 4 Wege aus der Security-Akronymhölle New US House privacy bills raise hard questions about enterprise data collection Scattered Spider co-conspirator pleads guilty Security-KPIs und -KRIs: So messen Sie Cybersicherheit Bitwarden CLI password manager trojanized in supply chain attack 3 practical ways AI threat detection improves enterprise cyber resilience The curious case of Sean Plankey’s derailed CISA nomination Google gets agent-ready for the Mythos age Google drafts AI agents secure systems against AI hackers CNAPP – ein Kaufratgeber Riddled with flaws, serial-to-Ethernet converters endanger critical infrastructure NFC tap-to-pay gets tapped by hackers Anthropic bets on EPSS for the coming bug surge SBOM erklärt: Was ist eine Software Bill of Materials? Thousands of Apache ActiveMQ instances still unpatched, weeks after an actively exploited hole discovered Prompt injection turned Google’s Antigravity file search into RCE Why identity is the driving force behind digital transformation Top techniques attackers use to infiltrate your systems today The thin gray line: Handala, CyberAv3ngers and Iran’s proxy ops Attackers abuse Microsoft Teams to impersonate the IT helpdesk in a new enterprise intrusion playbook CISOs reshape their roles as business risk strategists Copilot & Agentforce offen für Prompt-Injection-Tricks Claude Mythos – ist der Hype gerechtfertigt? Für Cyberattacken gewappnet – Krisenkommunikation nach Plan Critical sandbox bypass fixed in popular Thymeleaf Java template engine White House moves to give federal agencies access to Anthropic’s Claude Mythos Another Microsoft Defender privilege escalation bug emerges days after patch Palo Alto’s Helmut Reisinger sees a cyber sea change ahead as AI advances Positiv denken für Sicherheitsentscheider: 6 Mindsets, die Sie sofort ablegen sollten NIST cuts down CVE analysis amid vulnerability overload Was bei der Cloud-Konfiguration schiefläuft – und wie es besser geht The endless CISO reporting line debate — and what it says about cybersecurity leadership Behind the Mythos hype, Glasswing has just one confirmed CVE Insurance carriers quietly back away from covering AI outputs RCE by design: MCP architectural choice haunts AI agent ecosystem Critical nginx UI tool vulnerability opens web servers to full compromise Copilot and Agentforce fall to form-based prompt injection tricks The deepfake dilemma: From financial fraud to reputational crisis 7 biggest healthcare security threats The need for a board-level definition of cyber resilience Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action 13 Fragen gegen Drittanbieterrisiken April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs 4 questions to ask before outsourcing MDR 5 trends defining the future of AI-powered cybersecurity EU regulators largely denied access to Anthropic Mythos China-linked cloud credential heist runs on typos and SMTP How AI is transforming threat detection The AI inflection point: What security leaders must do now Cyber-Inspekteur: Hybride Attacken nehmen weiter zu Anthropic’s Mythos signals a structural cybersecurity shift Seven IBM WebSphere Liberty flaws can be chained into full takeover CISOs tackle the AI visibility gap Was ist Federated Identity Management? Old Docker authorization bypass pops up despite previous patch Hacker Unknown now known, named on Europol’s most-wanted list The cyber winners and losers in Trump’s 2027 budget CMMC compliance in the age of AI Claude uncovers a 13‑year‑old ActiveMQ RCE bug within minutes Was CISOs von Moschusochsen lernen können Hackers have been exploiting an unpatched Adobe Reader vulnerability for months New ClickFix variant bypasses Apple safeguards with one‑click script execution Cloudflare ‘actively adjusting’ quantum priorities in wake of Google warning Patch windows collapse as time-to-exploit accelerates So geht Post-Incident Review 6 Winter 2026 G2 Leader Badges prove this DDoS protection stands out Arelion employs NETSCOUT Arbor DDoS protection products
Trump sets post-quantum crypto deadlines, launches broader federal quantum initiative
Cynthia Brumfield · 2026-06-24 · via Google adds end-to-end Gmail encryption to Android, iOS devices for enterprises | CSO Online

New executive orders direct agencies to accelerate quantum-resistant encryption efforts and lay the groundwork for contractor compliance as the White House warns adversaries are already collecting encrypted data for future decryption.

US President Donald Trump on Monday signed a pair of executive orders aimed at accelerating the federal government’s transition to post-quantum cryptography while expanding US investment in quantum technologies, establishing what the administration describes as a coordinated strategy to prepare for the opportunities and risks posed by quantum computing.

The actions include an executive order, “Securing the Nation Against Advanced Cryptographic Attacks,” and a companion order, “Ushering in the Next Frontier of Quantum Innovation.” Accompanying White House fact sheets frame the initiatives as part of the administration’s broader national security, economic competitiveness, and cybersecurity strategy.

For security leaders, the most immediate impact comes from the cryptography order, which establishes federal migration deadlines for quantum-resistant encryption, directs agencies to inventory cryptographic assets, and signals future procurement requirements for government contractors.

“It’s a great step and definitely in alignment with what we’ve seen from other jurisdictions around the world,” Chris Hickman, CISO at post-quantum cryptography company Keyfactor, tells CSO. “It compels action.”

Hickman said the deadlines could have effects far beyond federal agencies because contractors and critical infrastructure operators will face increasing pressure to demonstrate readiness for post-quantum cryptography.

“A lot of suppliers out there don’t want to lose revenue from the federal government, so it’s time to take this stuff seriously,” he said.

The administration argues that adversaries may already be collecting encrypted communications and sensitive data in anticipation of future breakthroughs that could render today’s public key cryptography obsolete.

The White House described the threat as a “harvest now, decrypt later” scenario in which information stolen today could be stored and decrypted years from now once sufficiently powerful quantum computers become available.

Although experts continue to debate how long it will take to build cryptographically relevant quantum computers, federal officials argue that organizations cannot wait until such systems exist before beginning preparations.

The White House said the order builds on a broader administration cybersecurity agenda, including a June 2025 cybersecurity executive order and the Cyber Strategy for America released earlier this year. Officials said the effort is intended not only to protect federal systems but also to accelerate adoption of quantum-resistant security technologies across critical infrastructure sectors and the broader digital ecosystem.

Ilona Cohen, chief legal and policy officer at HackerOne and former general counsel of the White House Office of Management and Budget, said in a statement that recent administration cybersecurity initiatives reflect growing concern about the role contractors play in federal cyber risk. “Federal networks are only as resilient as the contractors supporting them,” Cohen said.

Federal migration deadlines established

The executive order directs federal agencies to accelerate migration to post-quantum cryptography standards developed by the National Institute of Standards and Technology.

NIST finalized its first post-quantum cryptography standards in 2024 and continues to evaluate additional algorithms intended to replace cryptographic systems vulnerable to future quantum attacks.

Under the order, federal agencies must complete migration of key-establishment mechanisms by Dec. 31, 2030. Migration of digital-signature systems must be completed by Dec. 31, 2031. Within 30 days, agencies must designate senior officials responsible for overseeing post-quantum cryptography migration efforts.

The Office of Management and Budget must issue implementation guidance within 90 days, while agencies are expected to develop plans for replacing vulnerable cryptographic systems across federal environments.

The deadlines represent one of the clearest federal mandates to date regarding the timeline for government adoption of post-quantum cryptography.

Cryptographic bill of materials requirements

The order also introduces measures intended to improve visibility into cryptographic dependencies throughout government systems and software supply chains.

Among the most significant is a directive requiring NIST and the Cybersecurity and Infrastructure Security Agency to develop minimum elements for a cryptographic bill of materials (CBOM) within 270 days.

The concept is similar to a software bill of materials but focuses specifically on identifying cryptographic algorithms, libraries, and dependencies embedded within products and systems.

Security practitioners have long argued that organizations cannot effectively migrate to post-quantum cryptography without first understanding where cryptography exists throughout their environments.

The administration also directed NIST to establish a federal post-quantum cryptography migration pilot program by the end of 2027 to identify implementation challenges and develop migration best practices.

Contractors likely to face new compliance obligations

The executive order also signals significant future implications for federal contractors.

The Federal Acquisition Regulatory Council was directed to develop procurement requirements that would require covered contractors to comply with applicable NIST post-quantum cryptography standards by the end of 2030.

While details remain to be determined, the provision suggests federal purchasing requirements may become a major driver of post-quantum cryptography adoption across the technology industry.

Security vendors, cloud providers, software developers, and managed service providers that do business with federal agencies may ultimately need to demonstrate compliance with emerging post-quantum cryptography requirements.

The order’s emphasis on cryptographic inventories, migration planning, and standards compliance suggests federal agencies will increasingly expect suppliers to understand and document the cryptographic components embedded within their products.

Quantum innovation initiative expands

Alongside the cybersecurity order, Trump signed a separate executive order, which intends to accelerate the development of quantum computing and related technologies.

The administration argues that quantum technologies could eventually transform industries, including pharmaceuticals, manufacturing, logistics, energy, and defense, while providing strategic advantages in scientific research and national security.

At the center of the initiative is a government-wide effort known as Quantum Computing for Accelerated Discovery and Development for Science (QC-ADDS), which aims to develop at least one quantum computer capable of enabling what the administration calls “quantum-enabled scientific discovery.”

The Department of Energy, Department of Commerce, Department of Defense, National Science Foundation, NASA, National Security Agency, and elements of the intelligence community are directed to coordinate research and development activities under the program.

Agencies are tasked with developing technical requirements within 90 days and implementation plans within 180 days.

Industry leaders said the order reflects a growing recognition that leadership in quantum computing will require coordinated investment across multiple layers of the technology stack.

“The United States has a window of opportunity to lead in this domain,” Stefan Leichenauer, vice president of engineering at SandboxAQ, said in a statement. “It requires coordinated investment across the stack: cryptography, compute infrastructure, data generation, and application development. It also requires strong partnerships between government, industry, and academia.”

The order also calls for expanded support for quantum networking and quantum sensing technologies and directs the creation of a national capability for evaluating and benchmarking quantum computing systems.

Commercialization, workforce, and security priorities

A major focus of the innovation initiative is moving quantum technologies from research laboratories into commercial deployment.

The White House said the United States must strengthen domestic quantum supply chains, support technology transfer, and ensure federally funded discoveries translate into commercial products and economic growth.

Ankur Saxena, investment director at TDK Ventures, thinks the order reflects the industry’s growing focus on turning scientific advances into deployable technologies. “Quantum is shifting from a scientific frontier to an engineering and industrial race,” Saxena said in a statement. “US leadership will depend not just on breakthrough hardware, but on resilient supply chains and the enabling infrastructure that makes quantum deployable at scale.”

The administration also announced plans to reconstitute the National Quantum Initiative Advisory Committee and expand activities of the Quantum Counterintelligence Protection Team to help protect sensitive research and intellectual property.

The order places significant emphasis on workforce development as well, directing agencies to support quantum-related education, credentialing, and apprenticeship programs and to establish National Quantum Information Science and Technology Workforce Development Institutes.

Two sides of the same strategy

The executive orders reflect an effort to pursue what administration officials view as two sides of the same challenge: accelerating development of quantum technologies while preparing for the security consequences those technologies may eventually create.

For cybersecurity leaders, the post-quantum cryptography provisions are likely to have the most immediate impact. The combination of migration deadlines, cryptographic inventory requirements, pilot programs, and anticipated procurement mandates signals that federal agencies are moving from planning for post-quantum cryptography to implementing it.

For the broader technology sector, the orders underscore a growing consensus in Washington that quantum computing is no longer merely a long-term research project but a strategic technology that requires simultaneous investment, governance and risk management.

SUBSCRIBE TO OUR NEWSLETTER

From our editors straight to your inbox

Get started by entering your email address below.