Jane Edwards
Jen Sovada, president of global public sector at SandboxAQ, expressed concerns over an Office of Management and Budget document recommending that organizations conduct manual network scans each year instead of automated assessments during their migration to post-quantum cryptography, Nextgov/FCW reported Tuesday.
“It’s a really great start to a document that really outlines steps that the government needs to take, and then also companies can follow in order to really start their journey on to [post-quantum cryptography],” Sovada, a 2024 Wash100 awardee, said of the OMB document.
“My concern primarily is based off of the requirement to have a manual inventory, and the fact that they’re stating that an automated inventory isn’t as comprehensive,” she told the publication.
According to the SandboxAQ executive, manual network scans highly rely on those who perform them and the status of the network at a specific moment.
Some government networks related to national security operations are more consolidated and streamlined, while other systems include diverse applications developed, fielded and tracked by agency personnel and contractors.
“Unless you know every single piece of software that is on your system, everything that is on your file systems, in your networks and the [application program interfaces] that are on there, it’s very difficult to do a manual inventory,” said Sovada, chair of Executive Mosaic’s 4×24 Quantum Group.
