Quantum Readiness for Global Security Policy

👉 Recently, my work on #quantum #technology and its impacts on international security was published at SIPRI. Here, I would like to highlight my observations and recommendations. I would like to point out the main observations and recommendations, especially covering: 🔸High-resolution magnetic and gravity data sets will become strategic assets 🔸Quantum decryption capabilities may widen intelligence asymmetries between states with different levels of technological advancement 🔸The strategic impact of quantum will depend on its integration with other technologies, not on quantum systems alone 🔸Dual-use quantum development will accelerate and attempts to fully separate civilian and military pathways are unlikely to succeed 🔸National self-sufficiency in quantum technologies is unrealistic—international cooperation is necessary for resilience and innovation 🔸There is a growing need for dedicated institutions to assess the peace and security implications of quantum technologies 🔸Malicious or illicit use of quantum technologies by non-state actors is likely to emerge over time

The global quantum computing race just shifted from theoretical physics to sovereign risk. If you sit on a Global 1000 board, direct national defense policy, or deploy tier-one capital, the era of quantum "hype" is officially over. Based on the latest 2025–2026 data, Israel has quietly engineered a highly coordinated "Two-Engine" quantum ecosystem designed for industrial integration and strategic resilience. Here is the executive snapshot of where the capital, the supply chain, and the geopolitics are colliding—and how boards must govern it: 🏗️ 1. The "Two-Engine" Architecture Israel is executing a ruthless, dual-pronged strategy: • Engine 1 (Sovereignty): Hyper-focused on defense superiority, post-quantum cryptography (PQC), and financial resilience. • Engine 2 (Market): Anchored by a massive concentration of multinational R&D centers securing the global supply chain. 💰 2. Strategic Capital Allocation Smart money is no longer trying to build the "race car" (the QPU); it is building the engine and the dashboard. • Public: The Israel National Quantum Initiative (INQI) is deploying a $390M budget. • Private: Capital is flooding the "enabling layers." Quantum Machines raised ~$280M to lead global control systems; Classiq secured massive Series C funding ($173M+) to dominate software synthesis. • Geopolitical: A proposed $200M US-Israel Quantum Fund is advancing for 2026–2030 to counter adversarial tech dominance. ⚓ 3. The Multi-National Anchors You cannot map this sovereign infrastructure without the silicon giants: • Nvidia: Driving the backbone of AI and quantum data center networking. • Intel: Leveraging its massive Kiryat Gat fabrication footprint. • AWS: Designing custom silicon that bleeds directly into quantum control logic. 🏦 4. The Regulatory Shockwave (Directive 364) In January 2025, the Bank of Israel issued Directive 364, requiring banks to map encryption dependencies and submit PQC preparedness plans within one year. This instantly shifted the industry from "theory" to mandatory board-level compliance. 🛡️ 5. The Governance Imperative: The GBAC QSI Overlay With tightening U.S. export controls, the goal is independent technological sovereignty. But how does a global enterprise govern this? Traditional frameworks (COSO, COBIT, ITIL) are failing at the quantum layer. To safely integrate these technologies, organizations must deploy the Quantum Strategic Intelligence (QSI) model. QSI acts as the overarching governance architecture—overlaying sovereign infrastructures like Israel’s—to protect the enterprise from the "Atom to the Algorithm." A question for my network: With central banks now mandating post-quantum preparedness plans, how is your board or agency mapping its cryptographic dependencies? Are you still relying on legacy models? Let's discuss below. 👇 Aviad Tamir, Nir Minerbi, Asif Sinay #QuantumComputing #CorporateGovernance #NationalSecurity #DeepTech #TechStrategy #Geopolitics #PostQuantumCryptography #GBAC #QSI

Headline: Quantum Threats Extend to Orbit as Space Systems Face Urgent Security Overhaul Introduction: The approaching “Q-Day,” when quantum computers can break current encryption, is no longer theoretical. Experts warn that space systems—long considered secure by distance—are now highly exposed, forcing governments and industry to accelerate a complex transition to post-quantum cryptography. Key Developments: Breaking the Illusion of Space Security Recent cyber incidents, including satellite hacks and data interceptions, prove space is not inherently secure Adversaries can already intercept and store satellite communications for future decryption Threats include spoofing, jamming, command hijacking, and denial-of-service attacks Quantum Race and Strategic Risk U.S. and China are competing to achieve quantum breakthroughs with national security implications Concerns persist that China may gain a first-mover advantage while obscuring progress Q-Day could render current encryption across space and terrestrial systems obsolete Mandated Transition to Post-Quantum Security U.S. policy requires migration to quantum-resistant cryptography under CNSA 2.0 Deadlines: quantum-secure systems by 2035, with major milestones in 2025 and 2027 NIST standardized key algorithms in 2024, enabling immediate transition efforts Operational Challenges in Space Space systems face constraints in size, weight, power, and compute capacity Post-quantum keys are larger, complicating deployment in constrained environments Satellites have long lifecycles, making hardware upgrades difficult or impossible Emerging Solutions and Industry Response Emphasis on crypto agility to enable software-based updates without hardware replacement Manufacturers are embedding post-quantum security directly into hardware and onboard systems New quantum-secure space infrastructure, including routers and communication modules, is under development Immediate Risk Factors “Harvest now, decrypt later” exposes sensitive data already in transit or storage Side-channel attacks and key extraction are already feasible in some scenarios Delay in migration increases long-term exposure and potential mission compromise Why It Matters: Space is now a contested digital domain where encryption integrity underpins national security, economic infrastructure, and military operations. The transition to post-quantum cryptography is not optional—it is a strategic imperative. Organizations that fail to act risk systemic vulnerability across satellite networks that cannot be easily repaired once deployed. The broader implication is clear: future resilience will depend on proactive architecture, crypto agility, and the ability to secure systems against threats that have not fully materialized—but are already inevitable. I share daily insights with tens of thousands followers across defense, tech, and policy. Keith King https://lnkd.in/gHPvUttw

EY’s perspective on securing against #quantum #risks emphasizes that quantum #computing is rapidly evolving from a theoretical concern into a material cybersecurity threat that requires immediate strategic action. The core issue lies in the vulnerability of widely used cryptographic algorithms, such as RSA and elliptic curve cryptography, which could be broken by sufficiently advanced quantum computers. This creates a systemic risk to sensitive data, including financial information, intellectual property, and personal records. A central concept highlighted is the “harvest now, decrypt later” threat model, in which adversaries collect encrypted data today with the intention of decrypting it in the future as quantum capabilities mature. This makes quantum risk a present-day problem, particularly for data requiring long-term confidentiality. EY stresses that organizations must adopt a proactive and structured approach to quantum readiness. A foundational step is to conduct a comprehensive cryptographic inventory, identify sensitive #data, and map existing #encryption methods. This enables organizations to assess which systems are most exposed and prioritize remediation efforts. Transitioning to post-quantum cryptography (PQC) is a complex, multi-year transformation that requires careful planning, integration into existing #technology roadmaps, and alignment with emerging standards. Organizations are encouraged to build crypto-agility, allowing them to adapt encryption methods as technologies and standards evolve. EY also highlights the importance of #governance, #compliance, and #workforce readiness. Quantum resilience requires enterprise-wide coordination, including policy development, regulatory alignment, continuous monitoring, and personnel training. EY frames quantum cybersecurity not just as a technical upgrade but as a strategic #transformation initiative. Organizations that act early can strengthen resilience, improve cyber maturity, and gain a competitive advantage, while those that delay risk long-term exposure to data breaches, regulatory challenges, and erosion of #digital #trust.

By 2029, the encryption protecting India's banks, hospitals, power grid, and defence networks may no longer work. We have 36 months. And we are still debating algorithms when we should be writing policy. India has a Quantum Mission. India does not yet have a Quantum Policy. Here is what that policy must contain — in six moves, not sixty: → A National Quantum Security Directive under Section 70B of the IT Act — giving CERT-In and NCIIPC statutory teeth. → Sectoral PQC mandates from RBI, SEBI, IRDAI, TRAI, CEA, and NHA. One directive each. This fiscal year. → "No New Classical-Only" procurement, codified in the General Financial Rules and flagged on GeM. Every rupee earns a Cryptographic Bill of Materials. → DPDP rules protecting long-life data — Aadhaar, UPI, ABDM — with hard re-encryption timelines by 2028. → A National QKD Backbone anchored by C-DoT fiber and ISRO satellites. The 1,000 km milestone is the floor, not the ceiling. → A Quantum Security Coordinator in the PMO — because ownership is the single biggest gap today. A roadmap is not a regulation. A laboratory is not a standard. A mission is not a market. Adversaries are already running Harvest-Now-Decrypt-Later against critical infrastructure in India. Every day without a statutory quantum-safe policy is another day of encrypted Indian data being archived for the year the quantum era arrives. Ministries. Regulators. CISOs. Where does your cryptographic inventory stand? #QuantumPolicy #QDay2029 #PostQuantum #CyberSecurity #DigitalIndia #WDC

Happy to see my article has been published at ABP Live on "Beyond AI: Why Quantum-Safe #Cryptography Is a Business Imperative in 2025" The alarming rise in cyberattacks—both in India and globally—makes one thing painfully clear: traditional encryption is no longer enough. In India alone, businesses stand to lose ₹20,000 crore this year, while global cybercrime costs are projected to reach $13.82 trillion by 2028. Even worse? The impending quantum era threatens to render our current cryptographic systems obsolete. Technologies like RSA, which power everything from internal communications to critical external collaborations, are vulnerable to quantum-enabled decryption. So what must businesses do right now? Embrace Quantum-Safe Messaging: Opt for end-to-end encrypted platforms designed to withstand quantum attacks, especially for communications with clients, partners, and vendors. Follow Standards and Best Practices: NIST has already rolled out the first wave of Post-Quantum Cryptography (PQC) standards—like ML-KEM for encryption and ML-DSA for digital signatures. Think Strategically, Not Just Tactically: Transitioning to PQC is more than a technical upgrade—it’s a strategic initiative. Build governance, crypto-agility, and roadmap planning into your cybersecurity strategy. What the world is doing: - Europe aims to migrate to quantum-safe encryption by 2030, starting with risk assessments and awareness campaigns in 2026 - The UK’s NCSC is urging organizations to begin full migration planning by 2028 and complete it by 2035 - Setting an example in the private sector, it has integrated post-quantum encryption into its WireGuard and Lightway protocols using NIST’s ML-KEM algorithm Reports from India’s BFSI sector show a worrying lack of readiness—yet almost 58% of CISOs recognize the threat within the next three years Key takeaway: Quantum-safe cryptography isn’t a futuristic concept—it’s a present-day necessity. The threat of "store now, decrypt later" attacks means the data we transmit today may be vulnerable tomorrow. Waiting isn’t an option Whether you’re in BFSI, government, telecoms, or healthcare, the time to act is now. Let’s lead the shift toward a secure quantum future. #QuantumSafe #Cybersecurity #PostQuantumCryptography #CryptoAgility #DigitalTrust #QuantumReady #QNulabs QNu Labs

Global #PQC Sector Readiness: A Map of Structural Unpreparedness This heatmap is not a prediction and it’s not a narrative. It’s an empirical synthesis of the global regulatory landscape, industry spending patterns, and cryptographic‑standards adoption as of early 2026. Classification is based on observable regulatory mandates, sector migration programmes, and real‑world cryptographic infrastructure dependencies. How the RAG status is determined 🔹 Mandates — Is there a legal or regulatory requirement to migrate to PQC? 🔹 Interoperability — Does the sector depend on legacy protocols (TLS, VPNs, PKI stacks) that cannot be upgraded quickly? 🔹 Data Longevity — Will the data still be sensitive when a cryptographically relevant quantum computer exists? What the data shows 🏥 Healthcare & Pharma Critical exposure in four of six regions. Clinical data, research pipelines, and patient records remain dependent on legacy cryptography with no mandated migration path. ⚖️ Legal & Professional Services Red almost everywhere. The global confidentiality backbone is structurally unprepared, with long‑lived data and no regulatory pressure to modernise. 🏭 Manufacturing & Auto The same red clustering. OT, supply chain telemetry, and design IP remain unprotected across most regions. 💳 Financial Services A sector that should be leading — yet yellow or red outside North America and Europe. Even there, the status is mixed. ☁️ IT & Cloud The only private‑sector domain with pockets of green — and only in North America, Europe, and parts of Asia. Everywhere else: red. The contrast is stark 🛡️ Government & Defence is the only sector consistently green across major regions. They treated PQC as a national‑security dependency years ago. The private sector did not. The result is a global map of structural unpreparedness — a cryptographic debt crisis already visible in the data. The first step It is not a roadmap or a vendor conversation. It is a transformation of your cryptographic inventory — the one artefact every organisation should already have and almost none do. If your sector is red or yellow on this map, the exposure is not abstract. It is operational, measurable, and already exploitable under Harvest‑Now‑Decrypt‑Later models. Where does your organisation sit on this map — and who is accountable for closing the gap? #Quantum #Governance SITG-Consulting

Quantum Computing: The Leadership Challenge and Cybersecurity Imperative Quantum computing is no longer a distant dream—it’s a rapidly approaching reality. With its potential to redefine problem-solving, cryptography, and data security, leaders across industries must start preparing now for the opportunities and risks it presents. As leaders, we don’t need to be quantum physicists, but we must be visionaries. The rise of quantum computing is a strategic inflection point—one that will challenge how we think about security, innovation, and resilience. The Leadership Perspective 🔹 Embrace the Learning Curve – we all know that technology evolves faster than we can keep up. Staying ahead requires that we embrace curiosity, adaptability, and a commitment to continuous learning. 🔹 Drive Innovation, Not Fear – while quantum presents risks (such as breaking today’s encryption standards), it also offers groundbreaking opportunities in AI, material science, and optimization. As leaders we must foster a mindset of progress, not paralysis. 🔹 Build Quantum-Ready Teams – educating and upskilling our security professionals, developers, and business leaders in quantum-resistant strategies and concepts will be critical. I firmly believe that those who start now will have a competitive edge. The Cybersecurity Challenge Quantum computing’s ability to break traditional encryption threatens the foundations of cybersecurity. The era of post-quantum cryptography is coming, and some argue is already here. As security leaders we must start preparing for the eventual accessibility and democratization of this technology: 🔹 Identify Vulnerabilities Now – we must start assessing our cryptographic dependencies and begin planning the transition to quantum-safe algorithms. 🔹 Engage with Industry & Policy Leaders – governments and tech giants are already developing post-quantum encryption. Aligning with standards (like NIST’s PQC initiative) will be crucial for our organizations. 🔹 Adopt a Future-Proof Security Strategy – a proactive, adaptive cybersecurity approach will separate the resilient from the vulnerable. The Call to Action Quantum computing isn’t just a technological shift—it’s also a leadership challenge. How we prepare today will determine our security, competitiveness, and future success. #QuantumComputing #Leadership #Cybersecurity #Innovation #PostQuantumSecurity

The UK’s National Cyber Security Centre just issued a quiet but critical wake-up call: quantum computing isn’t science fiction anymore — it’s a looming reality with the power to break today’s encryption standards. As someone who follows cybersecurity and tech trends closely, this stood out to me. The NCSC is urging large organisations — especially in energy, transport, and other critical sectors — to start preparing now to migrate to post-quantum cryptography. Why the urgency? Because once quantum machines mature, they’ll be able to crack public key encryption at a speed today’s systems aren’t built to defend against. Their guidance outlines a 10-year roadmap, with milestones in 2028, 2031, and full readiness by 2035. That sounds far off — until you consider how long it takes to upgrade legacy infrastructure and secure bespoke IT systems. We don’t know the exact timeline for a quantum breakthrough, but waiting for it to happen before acting would be a mistake. Is your org already thinking about this shift? How are you preparing for a post-quantum world? #cybersecurity #quantum #technology https://lnkd.in/d-jUCRPS

I've given talks about Post Quantum Cryptography the past few years and pretty much everyone has appreciated the heads up, for those that haven't made it to a talk here are the highlights of what you need to do to prepare for Quantum Computers. 1) Build organizational readiness: • Educate and align the C-suite on the urgency of quantum risk and make the business case for a multi-year investment, i.e. get budget. • Identify personnel responsible for migration execution across different teams, i.e. assign a point person for this project. 2) Discover what you have and assess if the systems are ready: • Get an inventory of you hardware and software assets to identify encryption protocols and categorize them (PQ ready, depreciated, really old). • Assess whether hardware assets have sufficient compute to support PQC algorithms (most systems will but the OS might not be ready) • Figure out which systems will require upgrades or replacements. • Identify vendors and partners that you use and discuss their PQC roadmaps, migration support capabilities. [This one is key, talk to your vendors, find out what they are doing, or not doing!] 3) Begin getting Quantum ready • Buy the hardware / software and replace or upgrade whatever does not support PQ cryptography • Test things! Run proof-of-concept deployments in controlled environments (i.e. your test environment) and use a hybrid approach that combine current and post-quantum algorithms. 4) Deploy Quantum ready solutions • Roll out your solutions / new hardware & software in phases, starting with your high priority systems (Duh). • Ensure configurations enforce quantum-safe algorithms by default and automatically block deprecated algorithms when possible (this will be harder than you might think). • Update your security policies to manage both current and quantum-safe network traffic as you transition. • For the old stuff you can't get rid of, use proxy solutions to make IoT devices (like hospitals, manufacturing, etc.) quantum-ready until they can be updated directly. Last but not least, be prepared to change encryption schemes going forward, what we call, Crypto Agility. 5) Keep patching your stuff • Now that you have a list of your hardware and software and what kind of encryption is uses, do this: • Monitor your inventory for vulnerabilities or new threats. Keep in mind that PQ standards are new and they will likely change over time. • Establish a process to replace or update vulnerable algorithms There, you've now just read my talk, but you missed all my jokes and fun stories, but you got the details / important take aways. 😃 😁 😀 If you want the Internal Control Questionnaire (#ICQ) I put together for some auditor friends, message me here and I'll send it to you.