Quantum Encryption Strategies for Government Roadmaps

Only 10,000 reconfigurable atomic qubits (https://lnkd.in/eXwBgNW3); if the results in the new paper from Madelyn Cain, Dolev Bluvstein & John Preskill hold, we need to stop treating post-quantum migration as a long-term roadmap item and start treating it as an emergency requirement across the entire stack. Modern cryptography is built on a specific engineering assumption: some problems are computationally intractable. That assumption underpins TLS, PKI, secure routing, financial systems, essentially everything that moves data. Quantum computing does not chip away at that assumption but it invalidates it for the systems we actually use. RSA and elliptic curves do not become “weaker”, they become solvable in a way that removes their security guarantees. The usual response is “we’ll move to PQC” eventually. That is necessary, but not sufficient. PQC replaces one set of hardness assumptions with another. Lattice-based, code-based, multivariate schemes are believed to resist both classical and quantum attacks, but they are still assumptions. We do not have the same level of long-term confidence we thought we had with factoring and discrete logs, and we already know how that story can go. If the failure mode you are protecting against is global cryptographic breakage, then “probably hard” is not the bar to aim for everywhere. Critical infrastructure, root keys, long-lived secrets, inter-datacenter links, anything with a long confidentiality horizon are not places to rely purely on unproven hardness assumptions, even if they are currently the best we have. We do have an alternative model: Quantum Key Distribution anchors security in physics, not computation. An eavesdropper is not “computationally limited”, they are physically detectable. That is a different security boundary. This is not a call to replace PQC with QKD. That would be unrealistic at scale today. It is a call to combine them properly. PQC should be deployed broadly because it scales and integrates with existing systems. QKD should be used on top where failure is not acceptable, to secure key exchange and establish trust in a way that does not depend on future algorithmic breakthroughs. A hybrid QKD+PQC architecture is not overkill. It is the only approach that addresses both known and unknown risks. The other point that gets ignored is timing. You do not migrate global cryptographic infrastructure quickly. These are multi-year, often decade transitions. By the time there is a clear case that current cryptographic systems are broken at scale, the opportunity to respond will have passed. The referenced paper suggests this risk horizon is rapidly approaching. So the relevant question is not “when will quantum computers break crypto.” It is whether you are comfortable designing systems today that assume they will not. Because if that assumption fails, everything built on top of it fails with it, and no one is prepared for that outcome.

In August 2024, the National Institute of Standards and Technology (NIST) finalized three encryption standards designed to protect data against potential threats from quantum computers. These standards are part of NIST’s ongoing efforts to develop cryptographic solutions resilient to quantum attacks, ensuring that sensitive information remains secure in a future where quantum computers could break traditional encryption methods. Summary of the Three Finalized Post-Quantum Encryption Standards: 1. FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) • Purpose: Designed for general encryption tasks, such as securing data exchanged over public networks. • Algorithm: Based on the CRYSTALS-Kyber algorithm, now referred to as ML-KEM. • Advantages: Offers relatively small encryption keys for efficient key exchange and operates with high speed. 2. FIPS 204: Module-Lattice-Based Digital Signature Algorithm (ML-DSA) • Purpose: Secures digital signatures, ensuring the authenticity and integrity of digital communications. • Algorithm: Uses the CRYSTALS-Dilithium algorithm, now called ML-DSA. • Advantages: Provides strong security for identity authentication and signing digital transactions. 3. FIPS 205: Stateless Hash-Based Digital Signature Algorithm (SLH-DSA) • Purpose: Another approach for securing digital signatures, serving as an alternative method. • Algorithm: Utilizes the Sphincs+ algorithm, now named SLH-DSA. • Advantages: Based on a different mathematical approach compared to ML-DSA, designed as a backup in case vulnerabilities are found in lattice-based methods. Impact and Transition to Quantum-Secure Cryptography NIST encourages organizations to begin transitioning to these post-quantum cryptographic standards as soon as possible. Quantum computers, once they reach sufficient power, could compromise existing encryption systems, making proactive adoption essential for government agencies, financial institutions, and enterprises handling sensitive data. These new standards provide a robust foundation to protect communications, transactions, and identity verification in a quantum-resilient digital environment.

The EU published its Post-Quantum Cryptography (PQC) Roadmap in June 2025, setting out fairly aggressive target dates for migration. But without introducing any explicit enforcement mechanisms. That has led many to conclude that the roadmap lacks enforcement power and is therefore “just a non-binding recommendation.” It’s a very common misconception. The roadmap expects all EU Member States to begin transitioning to PQC by launching national strategies and taking concrete “first steps” in the migration process. In practical terms, this means starting assessments, awareness campaigns, and cryptographic inventories no later than 2026. I’m increasingly involved in conversations around these topics. So I tried to clarify how EU recommendations typically operate in conjunction with binding regulations. The roadmap is more than a polite suggestion. While non-binding on its own, it aligns closely with enforceable frameworks such as NIS2 and DORA, effectively creating indirect mandates through risk-based compliance requirements. The EU does not need a standalone PQC regulation for the roadmap to matter. It functions more like a lens through which regulators and auditors will interpret what “appropriate,” “proportionate,” and “state-of-the-art” cryptography means under existing law. NIS2 already requires entities to maintain policies and procedures on the use of cryptography. DORA goes further, explicitly requiring financial entities to track the evolving cryptographic threat landscape - including “threats from quantum advancements.” And the Commission is not presenting this as permanently voluntary. It has made clear that it will monitor progress and may take additional steps, including proposing binding acts of Union law, if necessary. I tried to summarize this “roadmap + binding law” logic here: https://lnkd.in/dcf4bsht #PQC #PostQuantum #QuantumSecurity #Cybersecurity #Cyber #NIS2 #DORA

🔐Word o’ the Day | Year | Decade: Crypto-agility, Baby! Yesterday morning, I did a fun fireside chat with Bethany Gadfield - Netzel at the FIA, Inc. Expo in Chicago. We talked about cyber resilience, artificial intelligence, Rubik’s cubes, and that thing called quantum! A question came up at the end, “What can firms actually do today to begin transitioning to post-quantum cryptography?” So thought I would take the opportunity to share my thoughts more broadly on this important, but not super well understood, topic: 1. Don’t wait. The clock for quantum-safe cryptography is already ticking. NIST released its first set of post-quantum standards last year (https://lnkd.in/esTm8uPw) and CISA put out a “Strategy for Migrating to Automated Post-Quantum Discovery and Inventory Tools” last year as part of its broader Post Quantum Cryptography (PQC) Initiative (https://lnkd.in/evpF4umv). h/t Garfield Jones, D.Eng.! 2. Inventory & prioritize. Map all cryptographic usage: what keys, certificates, protocols, and data streams exist today? Which assets hold long-lived value and are at risk of “harvest-now, decrypt-later”? Build a migration roadmap that prioritizes highest-risk systems (e.g., financial settlement platforms, inter-bank links, legacy encryption). 3. Establish crypto-agility. Ensure your architecture supports swapping algorithms, updating certificates, & layering classical + post-quantum primitives without a full system rebuild. This kind of flexibility is key for resilience. 4. Pilot and migrate. Use the new NIST-approved algorithms; experiment first on less time-sensitive systems, validate performance and interoperability, then scale to mission-critical applications. NIST’s IR 8547 report provides a framework for this transition. 5. Vendor & supply-chain alignment. Ask your vendors & service providers: “What’s your PQC transition plan? When will you support NIST-approved post-quantum algorithms? Are your update paths crypto-agile?” If the answer isn’t clear or (as a former boss of mine used to say) they look at you like a “pig at a wristwatch,” you’ve got a potentially serious third-party risk. 6. Board and Exec engagement. Position this not as an IT problem but a fiduciary risk and resilience imperative. The transition to quantum-safe cryptography is multi-year and multi-layered—waiting until it’s urgent means it will be too late.

By 2029, the encryption protecting India's banks, hospitals, power grid, and defence networks may no longer work. We have 36 months. And we are still debating algorithms when we should be writing policy. India has a Quantum Mission. India does not yet have a Quantum Policy. Here is what that policy must contain — in six moves, not sixty: → A National Quantum Security Directive under Section 70B of the IT Act — giving CERT-In and NCIIPC statutory teeth. → Sectoral PQC mandates from RBI, SEBI, IRDAI, TRAI, CEA, and NHA. One directive each. This fiscal year. → "No New Classical-Only" procurement, codified in the General Financial Rules and flagged on GeM. Every rupee earns a Cryptographic Bill of Materials. → DPDP rules protecting long-life data — Aadhaar, UPI, ABDM — with hard re-encryption timelines by 2028. → A National QKD Backbone anchored by C-DoT fiber and ISRO satellites. The 1,000 km milestone is the floor, not the ceiling. → A Quantum Security Coordinator in the PMO — because ownership is the single biggest gap today. A roadmap is not a regulation. A laboratory is not a standard. A mission is not a market. Adversaries are already running Harvest-Now-Decrypt-Later against critical infrastructure in India. Every day without a statutory quantum-safe policy is another day of encrypted Indian data being archived for the year the quantum era arrives. Ministries. Regulators. CISOs. Where does your cryptographic inventory stand? #QuantumPolicy #QDay2029 #PostQuantum #CyberSecurity #DigitalIndia #WDC

The U.S. Army didn't select QuSecure for our algorithms. They selected us because tactical communications have a unique vulnerability that most commercial security vendors don't understand. Here's what keeps DoD CIOs awake at night: Tactical radio systems deployed today will operate for 20 to 30 years. That's not a bug, it's by design. Military hardware goes through rigorous testing and certification that takes years. But here's the problem: those systems are transmitting classified data with cryptography that might be vulnerable in 5 to 10 years. The operational timeline creates quantum exposure: → A tactical network deployed in 2024 will still be in use from 2044 to 2054 → Cryptographically relevant quantum computers could emerge by 2030 to 2035 → Adversaries can record encrypted tactical transmissions today and store them for future decryption For commercial enterprises, this might mean financial loss or reputation damage. For defense operations, it means mission compromise and potential loss of life. What makes tactical communications different: Unlike enterprise IT, where you can patch and update constantly, military systems operate in: → Disconnected environments (no internet access for updates) → Hostile territories (physical security paramount) → Resource-constrained conditions (bandwidth, power, computational limits) → Multi-domain operations (air, land, sea, space, cyber) You can't just push a software update to a submarine or fighter jet. The crypto-agility has to be built in from day one. The DoD's forcing function: CNSA 2.0 mandates post-quantum cryptography for National Security Systems by December 31. That's about 40 days away for new acquisitions. But the real deadline? Every classified system fielded between now and quantum computer emergence needs to be crypto-agile. We've deployed quantum-resilient encryption for U.S. Army tactical networks, with one key requirement: the ability to update cryptographic algorithms without requiring hardware changes or interrupting operations. That's not just a nice-to-have. It's a mission-critical capability. Defense contractors listening: if you're bidding on DoD contracts in 2025, quantum readiness is no longer optional. It's table stakes. Comment below with "DoD" for the high-resolution cheatsheet. (send connection request so I can DM you)

Deloitte’s Global Quantum Cyber Readiness News & Insights hub consolidates thought #leadership, frameworks, and practical guidance to help organizations prepare for the disruptive #cybersecurity implications of quantum computing. At its core, the content emphasizes that while #quantum technologies unlock transformative capabilities, they also pose a systemic threat to current cryptographic systems, making proactive preparation imperative. A central theme is “quantum #risk”—the likelihood that future quantum computers could break widely used encryption, exposing sensitive #data. Deloitte highlights that this risk is not theoretical; adversaries may already be harvesting encrypted data today for future decryption (“harvest now, decrypt later”). The hub outlines a structured approach to readiness. Organizations are encouraged to begin with cryptographic discovery and inventory, identifying where #encryption is used and assessing vulnerabilities. This is followed by developing a migration roadmap toward post-quantum cryptography (PQC) and embedding crypto-agility, enabling systems to adapt quickly as standards evolve. Deloitte also stresses the importance of #governance and enterprise-wide #transformation. Quantum readiness is not solely a technical issue; it requires leadership awareness, cross-functional coordination, regulatory alignment, and continuous monitoring of emerging standards (e.g., National Institute of Standards and Technology (NIST) A key contribution is the Quantum Readiness Toolkit, developed with the World Economic Forum, which provides guiding principles and actionable steps. These include integrating quantum risk into enterprise risk management, educating stakeholders, prioritizing investments, and collaborating across ecosystems to address systemic vulnerabilities. Deloitte frames quantum cyber readiness as a strategic imperative. Early adopters can enhance #trust, #resilience, and market positioning, while delayed action increases exposure to significant operational, financial, and reputational risks in the emerging quantum era.

The biggest threat to your data isn’t happening tomorrow. It happened yesterday. If you haven’t heard of HNDL (Harvest Now, Decrypt Later), your long-term data strategy has a massive blind spot. Here is the reality: State actors and cybercriminals are capturing your encrypted data today. They can’t read it yet, so they’re storing it in massive data vaults, waiting for the "Qday"—the moment quantum computers become powerful enough to break current encryption. If your data needs to stay private for 5, 10, or 20 years, it’s already at risk. What’s on the line? ↳ Intellectual Property (IP) and trade secrets. ↳ Government and identity data. ↳ Long-term financial records and contracts. ↳ Sensitive customer health data. How do we solve it? 🛠️ We cannot wait for quantum supremacy to react. The fix starts now: ↳ Inventory: Identify which data has a long shelf-life. ↳ Crypto-Agility: Move toward systems that can swap encryption methods without a total overhaul. ↳ Hybrid PQC: Implement Post-Quantum Cryptography alongside classical methods to ensure traffic captured today remains a mystery tomorrow. The transition to quantum-resistant security is a marathon, not a sprint. Are you tracking HNDL on your current risk register? Let’s discuss in the comments. 👇 P.S. If you want help mapping your exposure or building a PQC migration plan, drop me a message. ♻️ Share this post if it speaks to you, and follow me for more. #QuantumSecurity #PQC

I've given talks about Post Quantum Cryptography the past few years and pretty much everyone has appreciated the heads up, for those that haven't made it to a talk here are the highlights of what you need to do to prepare for Quantum Computers. 1) Build organizational readiness: • Educate and align the C-suite on the urgency of quantum risk and make the business case for a multi-year investment, i.e. get budget. • Identify personnel responsible for migration execution across different teams, i.e. assign a point person for this project. 2) Discover what you have and assess if the systems are ready: • Get an inventory of you hardware and software assets to identify encryption protocols and categorize them (PQ ready, depreciated, really old). • Assess whether hardware assets have sufficient compute to support PQC algorithms (most systems will but the OS might not be ready) • Figure out which systems will require upgrades or replacements. • Identify vendors and partners that you use and discuss their PQC roadmaps, migration support capabilities. [This one is key, talk to your vendors, find out what they are doing, or not doing!] 3) Begin getting Quantum ready • Buy the hardware / software and replace or upgrade whatever does not support PQ cryptography • Test things! Run proof-of-concept deployments in controlled environments (i.e. your test environment) and use a hybrid approach that combine current and post-quantum algorithms. 4) Deploy Quantum ready solutions • Roll out your solutions / new hardware & software in phases, starting with your high priority systems (Duh). • Ensure configurations enforce quantum-safe algorithms by default and automatically block deprecated algorithms when possible (this will be harder than you might think). • Update your security policies to manage both current and quantum-safe network traffic as you transition. • For the old stuff you can't get rid of, use proxy solutions to make IoT devices (like hospitals, manufacturing, etc.) quantum-ready until they can be updated directly. Last but not least, be prepared to change encryption schemes going forward, what we call, Crypto Agility. 5) Keep patching your stuff • Now that you have a list of your hardware and software and what kind of encryption is uses, do this: • Monitor your inventory for vulnerabilities or new threats. Keep in mind that PQ standards are new and they will likely change over time. • Establish a process to replace or update vulnerable algorithms There, you've now just read my talk, but you missed all my jokes and fun stories, but you got the details / important take aways. 😃 😁 😀 If you want the Internal Control Questionnaire (#ICQ) I put together for some auditor friends, message me here and I'll send it to you.

IS YOUR ENTERPRISE READY FOR "Q-DAY"? "Q-day" (or Quantum Day) is the point in time when quantum computers become powerful enough to break the public-key encryption (like RSA or ECC) that currently secures global digital, financial, and government infrastructure. Our current best estimates is that Q-Day will happen by 2029! Huge thanks to Dr. Rob Campbell, FBBA. , IBM Global Quantum-Safe Executive and IBM Quantum Ambassador, for guest lecturing to our University of Arkansas ­- Sam M. Walton College of Business EMBA students. His insights into the "Quantum-Safe" transition provided a crucial roadmap for how leadership must navigate the next few years of cybersecurity. Here's what we learned: Adversaries are currently collecting encrypted data to store and decrypt once quantum computers are powerful enough to calculate private keys—a strategy known as "Harvest now, decrypt Later". Because enterprise cryptographic migrations can take 5 to 15+ years, many large organizations will still be in transition when quantum computers become capable of breaking current encryption. What enterprises can do NOW: Dr. Campbell emphasized that Post-Quantum Cryptography (PQC) is a leadership issue, not just a technical one. To preserve trust and resilience, leaders should authorize these "low-regret" actions immediately: - Inventory cryptographic dependencies: identify what you have before you plan what to change. - Prioritize high-value data: Focus on data with the longest confidentiality horizons, not just the most "critical" systems. - Invest in crypto-agility: Design systems for the permanent ability to swap algorithms without rebuilding the entire architecture. - Pilot PQC today in non-mission critical systems: PQC standards were finalized by NIST in 2024 and are ready for deployment on classical computers now. Enterprises can learn in these lower risk systems. - Communicate metrics to boards in non-technical jargon. Dr. Campbell noted, the question is whether we manage this change deliberately now or inherit it under pressure later. He stressed the importance of wide-spread education. To that end, Professor Daniel Conway will be offering the Walton College's first Quantum Computing class this fall! Adam Stoverink, Ph.D.; Shaila Miranda; Brian Fugate; Brent D. Williams; James Allen Regenor, Col USAF(ret) #QuantumSafe #PQC #CyberSecurity #Leadership #EMBA #DigitalTransformation #RiskManagement