Root Causes 480: White House PQC Executive Order

Hosted by

Tim Callan

Chief Compliance Officer

Jason Soroko

Fellow

Original broadcast date

March 24, 2025

Many people believe that the Trump White House rescinded an important cybersecurity executive order from late days of the Biden administration. We set the record straight.

Podcast Transcript

Lightly edited for flow and brevity.

Tim CallanWe're here at Toronto session season three.

So Jay, there was a lot of attention to the White House PQC Executive Order that came out in the final days of the Biden administration, and then after Trump's inauguration, a lot of people were dismayed to see it disappear.

Jason SorokoIt did not disappear. So there were a whole lot of Biden era Executive Orders that were rescinded on day one of Trump's presidency. As far as I know, and as far as several people who've looked it up know, it was not rescinded.

Tim CallanThere's a 404 on the old web, on the old address.

Jason SorokoBut there's a whole lot of old Executive Orders that also disappeared and that is not evidence of it being rescinded.

Tim CallanCorrect? There's a difference between a policy change and the fact that the policy is not sitting visibly on the place that it's supposed to be.

Jason SorokoThe reason why we're having this podcast today about this particular Executive Order, and by the way, it wasn’t a PQC Executive Order, it was a general cybersecurity order. PQC was in it, but it was a very important point in it. We've talked about the call to arms to get ready for PQC. This was quite literally the United States government saying, okay, everybody, we've been doing cybersecurity poorly, and not only are we, we've been doing it poorly, but we've got to take it real serious, serious to the point where we've all got to - - here's the dates you have to have all systems converted over to PQC. So that's going to affect the vendor community, because there's no time to wait. If the United States Government Procurement System is now going to say we demand PQC products - -

Tim CallanI have in the past heard the US government described as the global one.

Jason SorokoThat’s a good way of putting it.

Tim CallanSo if it's the biggest purchaser of IT products in the world, then just making it a requirement for the government makes it a de facto industry requirement.

Jason SorokoTherefore the fire is going to be lit under everybody's butt to productize PQC into their stuff. That's all good news. So everybody was really worried, if that motivation goes away, that Executive Order would have been rescinded, holy smokes. That was a big opportunity for movement forward to, we would have lost the opportunity. And, no, it was not rescinded. Isn't that a big deal, Tim, because the list of rescinded Biden era Executive Orders - that's a long list, dude.

Tim CallanWhich you would expect it to be.

Jason SorokoYou would expect it to be, and we definitely got it. But isn't it very telling that that specific Executive Order from Biden was not rescinded?

Tim CallanI agree with that. I also do think that it is noteworthy, though, that this, by coincidence at the exact same time, that the actual official publication of the Order has gone dark.

Jason SorokoYou can still get it. It took me about 30 seconds, and I found where it actually is.

Tim CallanSo it got moved.

Jason SorokoIt's in the registry of Executive Orders where that's kept. So all the text is there, and also all the text of the rescinded Executive Orders. That list is clear. Therefore it's not on that list.

Tim CallanThat's really important, because there's this kind of firestorm going around security circles saying the Trump White House has pulled this.

Jason SorokoI think that 404 error on the website - -

Tim CallanIt doesn’t help.

Jason SorokoThe White House website - a lot of stuff.

Tim CallanWith a picture of the White House and it says 404. That's good visual. That's good eye candy right there.

Jason SorokoIt was done on purpose. I think. This podcast is not about politics. This podcast is about, I find it interesting that Trump administration felt that that Executive Order should stay.

Tim CallanYes. There's a huge difference between we're going to pull it and this stuff that we saw here. Which could just be accidental. Could be the kinds of error that occur when a whole bunch of people are asked to leave and a whole new bunch of people roll in. We had a bunch of that stuff occur eight years ago. The last time we did this. Maybe we shouldn't be surprised that it's happening again.

Jason SorokoI'd like to go back, Bruno Couillard actually came on our podcast and was a guest for one episode where he actually spoke about an older version of the United States government. In fact, it was a White House directive talking about PQC. It really shook Bruno in that wow, things are moving. I think you and I speculated, United States government seems worried about something. In other words, perhaps another nation state has a more advanced quantum computer, etc.

Tim CallanYou've got to imagine that there is knowledge that is going into the decision making on these kind of directives that isn't being shared publicly, and that you and I will never be told what it is.

Jason SorokoExactly. I think that I don't need to be told much more, though, than this latest Biden era Executive Order, December 2024, was very black and white. There's no room for misinterpretation. PQC has to come to the US government, and that's going to shake up a lot of things. I think that take Bruno's episode and multiply it by 10, is the impact of this thing. There's one last point I want to make in this podcast before we end it, and that is this - I'm gonna draw an analogy to you, Tim, it's funny. I’m surprised I haven't seen this in technical journalism. So let's do some technical journalism.

Tim CallanLet’s be some thought leaders.

Jason SorokoThought leadership, folks. DeepSeek. Just surprised everybody. Specific nation state who put out an AI model that was orders of magnitude cheaper to create than open AI's best model. And Diane Francis actually, a Canadian journalist who I respect, she actually called it the sputnik moment for AI, where the United States went, whoa. We thought we were so great and ahead. Now it actually turns out that other nation states can whip this stuff out 10 times, 100 times cheaper. By the way, I put a post on LinkedIn just a little while ago, and I felt really good this morning to read that I was on to something which is the reasoning model that DeepSeek is using is part of its secret of efficiency. In other words, the way that it self regulates itself on finite problem sets is just awesome. In other words, you don't need a gigantically trained large language model. You could take a very small language model and apply this form of reasoning that DeepSeek has now shown us, and it's just a better idea.

So it's a better idea of how AI simulates thinking and this sputnik moment, Tim - let me draw the analogy back to PQC - if we had a Sputnik moment with AI as big as DeepSeek, I think that a sputnik moment already happened with quantum and we just don't know it yet.

Tim CallanI mean, you don't know it because you don't know, but I think, I think it is a very reasonable guess that the most accomplished quantum computers are not being talked about.

Jason SorokoI think - and you know what, we're not a conspiracy theory podcast, and we don't often talk about nation states. We try to avoid that kind of language, but we can't ignore this one. Anyway, that's it, Tim. The big Executive Order from the White House is showing you something, and it's gonna have teeth and it's gonna have impact, and it survived the Trump Administration.

Tim CallanThere's no reason to think that the force and the power and the timeliness of that order are in any way diminished from what they were on January 1.

Stay informed with expert insights

Subscribe to Root Causes for engaging discussions on PKI, digital security, and best practices for protecting your organization's critical assets. Don’t miss an episode!