Ģ����Ƶ

Quantum computers will eventually break nearly all currently deployed public key cryptography—the algorithms embedded deep into hardware, software, and digital protocols that protect networks from threat actors. It is a question of when not if. Significant engineering challenges must still be overcome before quantum computers can reach the scale and robustness needed to run algorithms that threaten public key cryptography. Despite these hurdles, many commercial roadmaps predict that such devices could become available near 2030.

This accelerated timeline increases the pressure on organizations to transition to NIST’s new PQC standards as quickly as possible. The urgency is even greater for organizations with sensitive datasets that have longer security shelf lives. Such data may already be the target of “Hold Now, Decrypt Later” (HNDL) attacks, in which a nation-state or criminal organization breaks into a network, steals encrypted data, and stores that data on its own servers knowing that it will be able to access it once quantum computers capable of breaking through public key cryptography are available. The Center for Strategic and International Studies has , further underscoring why federal agencies should not wait to start moving to PQC.

Though a growing number of federal requirements have started to structure how agencies approach PQC, the roadmap to achieving it is not as linear as it may seem. Federal chief information security officers (CISOs) have broad discretion to design PQC strategies that align with their agency’s unique attack surface and threat vectors. Commercial companies have even greater discretion. In practice, this means that where organizations start their journeys to PQC is not as important as how they accomplish each phase.

Fortunately, the experiences of early adopters offer key lessons for enterprises embarking on the three core stages of preparing for PQC: cryptographic discovery, prototyping, and agility.

Cryptographic discovery is the process of creating an actionable, prioritized cryptographic inventory by detecting, tracing, and rating the cryptography in use throughout an enterprise based on its security in the post-quantum era. Cryptographic discovery is an intuitive goal, but it can be extremely difficult to achieve. Common cybersecurity tools detect cryptography by design, but they do not catalog vulnerable cryptography to enable prioritization and remediation. For this reason, most tools are ill-equipped to provide the visibility organizations need into cryptographic vulnerabilities driven by emerging quantum computing technologies.

Many new products are emerging in the market to address this gap, but adding additional security tools comes at a price, increasing both the total cost of migration and the time it takes to complete the migration. That is time many organizations don’t have given the risks of “Hold Now, Decrypt Later” attacks and resources they may not need to expend. Rather than purchasing new products, some organizations are turning to novel data engineering methods to overcome common cryptographic discovery challenges.

When the U.S. government raised the alarm on the criticality of PQC in 2022 through National Security Memorandum 10, the , and OMB’s Memorandum on Migration to PQC, one Fortune 10 retail company took note. They found that investing in a scalable, production-grade analytics platform to dynamically discover cryptography across their large, federated systems enabled them to understand their risk exposure without the need for new cyber telemetry.

Extract, transform, load (ETL) pipelines were used to optimize the use of cryptographic metadata from existing sensors and maintain traceability to certificates and unique connections. As a result, security leaders across the organization could use the dashboard to see a real-time snapshot of cryptographic strength across the network and analysts could trace vulnerable cryptography back to its source for remediation, submit custom queries, and expand the discovery tool’s coverage to new network boundaries.

1.�� ��Start small: Define a priority network for an initial cryptographic discovery initiative, recognizing that everything cannot be transitioned all at once.

2.����Optimize reuse: Extract cryptographic data from existing sensors on the network to increase speed-to-solution and avoid added infrastructure costs and complexity.

3.����Engineer for flexibility: Invest in a scalable platform that can be used for both initial inventories during PQC planning and ongoing monitoring during PQC implementation.

Since the 1970s, public key algorithms have secured our digital lives. These unintrusive protections have been embedded deep into hardware, software, and digital protocols. But agility and governance were not baked into design decisions about cryptographic implementation. Hardware vendors integrated cryptography in ways that often prevent it from being updated without replacing an entire chip. Software vendors didn’t track the cryptography throughout the different layers of their applications. These vendors did not imagine a future where the underlying math behind every public key cryptographic algorithm would be vulnerable to attack. Yet that is the reality today, and it requires enterprises to adopt new PQC standards.

Now, NIST’s initial PQC standards (published in August 2024) provide the best available approach to defend against the quantum threat. However, it is possible that future technology advances could make those standards vulnerable to attack. It is also possible that additional and forthcoming PQC standards could offer performance advantages over NIST’s initial standards.

This is where cryptographic agility comes into play. Cryptographic agility refers to the ability to rapidly find, monitor, update, and replace cryptography. It addresses an enterprise’s capacity to navigate future cryptographic changes. This agility is essential for PQC, but its significance extends beyond post-quantum cybersecurity. When undertaken proactively and in concert with other cyber modernization priorities, PQC strategies that emphasize agility can increase the overall effectiveness and efficiency of organizations’ procurement decisions.

A defense customer recognized the need to invest early in PQC to safeguard their infrastructure during high-impact missions. They were already transforming larger cyber operations in areas like zero trust and cryptographic modernization, but they knew these initiatives did not address PQC. These larger efforts can involve the purchase of new, expensive, built-to-last equipment, such as tactical radios and encryptors. Streamlining these decisions to include PQC considerations stood to increase the efficiency and effectiveness of their procurement in the long run, reduce unnecessary purchases, and prevent vendor lock-in with solutions that were not actively preparing for the PQC transition. They needed to develop a plan for cryptographic agility.

Convening internal and external stakeholders, the agency cataloged cryptographic dependencies across vendor and legacy equipment; monitored the existing, new, and potential cryptographic implementations; and inventoried replacement options for capabilities that could not support PQC algorithms.

1.����Integrate PQC into ongoing cybersecurity modernization: Define how PQC aligns with future security architectures to buy down future technical debt and enable rapid adoption.

2.����Enumerate procurement policy impacts: Make PQC a priority with vendors to prevent lock-in with products that lack PQC transition plans.

3.����Establish strategies for infrastructure management and policy enforcement: Enable knowledge transfer to enforce governance throughout the transition.

• CISOs must design unique PQC transition roadmaps that align with their agency’s attack surface and threat vectors.
• Enterprises can avoid added infrastructure costs and increase speed-to-solution by extracting cryptographic data from existing network sensors and analyzing that data in novel ways to enable PQC migration.
• Integrating PQC transition plans with other cyber modernization efforts is critical to prevent vendor lock-in with solutions that are not actively preparing for the PQC transition.