While researching the Titanic recently, I was struck by something profound: the ship received numerous warning signs that could have prevented the catastrophic disaster of 1912. More than a century later, organizations continue making the same mistake, ignoring blatant warnings about pending disasters.
Today's iceberg? The quantum computing revolution that threatens to render our current cryptography obsolete.
The Warning Signs Are Already Here
Any entity using digital networks to store sensitive data needs to move away from classical cryptography toward post-quantum cryptography (PQC) standards. Organizations that fail to course correct risk drifting dangerously off course by maintaining the same classical cryptography instead of implementing new quantum-resistant algorithms that are already available.
This lack of proactive course correction, or what I call "cryptographic drift," creates what is now referred to as cryptographic debt – a burden that builds up until it may be too late to avoid disaster. One of the other perspectives to understand is that adversaries are constantly harvesting your data during the cryptographic drift, and the slow implementation of PQC-resistant algorithms will ease the adversarial burden to decrypt the data once a cryptographically relevant quantum computer (CRQC) becomes operationally available. The Titanic didn't sink simply from drifting off course, but because it maintained high speed into a known ice field despite numerous warnings that never reached the captain. Everyone was too busy to act.
Sound familiar?
Understanding the Quantum Threat
Quantum computers harness quantum mechanical phenomena, including superposition and entanglement, to process information in fundamentally different ways from classical systems. While classical computers encode data as binary bits (0s and 1s), quantum computers use quantum bits (qubits) that can occupy multiple states at once, potentially delivering exponential speedups for specific problem classes.
Quantum computers using gate-based operations (analogous to classical and/or gates) have been built with dozens of qubits, though their quality remains inconsistent. Scaling to fully error-corrected systems with logical qubits that can perform substantially more operations likely won't arrive until around 2030. Organizational management needs to understand what lies ahead in the cryptographic space of quantum computing. Advanced planning is essential to implement quantum-resistant algorithms before a CRQC arrives on the scene.
The primary organizational risk from quantum computing is that a CRQC could break widely used classical encryption schemes. This threat has prompted formal government action, including OMB Memorandum M-23-02 (Migrating to Post-Quantum Cryptography) and National Security Memorandum 10 (NSM-10, Promoting United States Leadership in Quantum Computing While Mitigating Risk to Vulnerable Cryptographic Systems), which direct federal agencies to take steps toward post-quantum cryptography (PQC) migration. The Department of Defense has issued additional guidance outlining implementation requirements and constraints for PQC adoption across government systems.
Private sector organizations, particularly those working with or seeking to work with government entities, should closely monitor these directives, as compliance will likely become essential for maintaining those relationships.
Planning safeguards your organization against the threat of a CRQC rendering current public-key encryption such as RSA (Rivest, Shamir, and Adleman) and Elliptic Curve Cryptography (ECC) obsolete. It may also mitigate "harvest now, decrypt later" (HNDL) attacks – a continuing threat where adversaries intercept and store encrypted data today, intending to decrypt it once error-correcting quantum computers become capable of breaking today's cryptographic protections.
Recent academic and industry publications have accelerated the timeline for operational CRQCs to on or before 2030, exponentially increasing risk in three critical areas:
- Business operations disruption
- Data exposure and breaches
- Cost of emergency transition
Most forward-thinking organizations are already shifting their encryption ahead of 2030, anticipating moderate impacts to these areas.
Organizations experiencing cryptographic drift will continue operating normally, creating a dangerous illusion of security while adversaries store sensitive data now and decrypt it later (also known as HNDL attacks)—capturing encrypted data today for future exploitation. A crypto-agile approach maintains operational continuity while moving to quantum-resistant algorithms that protect data in transit. As shown in the figure, cryptographic debt accumulates over time and can become overwhelming or irreversible as organizations scale, eventually leading to loss of operational functionality and relevance due to government mandates and guidance. Wholesale replacement of IT infrastructure is neither practical nor cost-effective for achieving quantum resistance. Instead, implementing crypto-agility enables seamless migration from obsolete encryption to quantum-resistant standards, positioning organizations for future competitiveness through reduced costs, accelerated transition timelines, minimized data compromise risk, and uninterrupted operations.
The Time to Act Is Now
My advice is simple: start changing course now.
The quantum-resistant/PQC algorithms have been released by the National Institute of Standards and Technology (NIST):
- FIPS 203 (ML-KEM) - key encapsulation
- FIPS 204 (ML-DSA) - digital signatures
- FIPS 205 (SLH-DSA) - stateless hash-based signatures
These standards form the foundation of the post-quantum cryptography migration mandated by government directives like OMB M-23-02 and NSM-10.
Start by inventorying your assets to understand what encryption is currently being used within the organizational enterprise. Focus on migrating the highly operationally used assets (high value or high impact) to the standard quantum-resistant algorithms, as they most likely transmit most of your sensitive data. For now, the HNDL threat is at the data in transit level, not particularly at the data in use and data at rest levels.
Additionally, migrating from TLS 1.2 to TLS 1.3 can counter a CRQC due to PQC algorithms integrating more naturally into the TLS 1.3 architecture. This is available now!
Reactive Planning
Migrating only after it's too late and your cryptography has been rendered void by an error-correcting/fault-tolerant quantum computer will dramatically increase the risk of your organization ending up like the Titanic.
Side Note
It took 73 years to find the wreckage, and to date, the Titanic has never been fully recovered from the ocean floor. Let's try not to have that happen to your organization.
The warnings are here. The danger is real. The timeline is shorter than you think. There are mitigations out there now that can be implemented within your organization.
Don't be too busy to change course. Pay attention to the warnings.
