Harvest Now, Decrypt Later -- Preparing for the Quantum Threat

December 8, 2025

“Harvest Now, Decrypt Later” – the mindset of threat actors who are collecting encrypted data today, for the promise of a powerful quantum computer that can decrypt it in the near future. The impending threat is clear enough, so, how do we prepare for it?

First Things First – What are Quantum Computers?

Quantum computers use quantum mechanics in their internal operations, which enable them to complete specific tasks with unprecedented speed and efficiency. These computers are constantly evolving and will soon be able to break through current encryption with ease, becoming Cryptographically Relevant Quantum Computers (CRQC).

The arrival date of these machines is still unknown but, according to Mosca’s Inequality, it will likely come before we are able to complete our migration to Post-Quantum Cryptography (PQC). Meaning, organizations need to start preparing for the threat now.

Federal Mandates for PQC

The Federal government has established several key actions and mandates that require agencies to prepare for, and implement, PQC:

• Quantum Computing Cybersecurity Preparedness Act (H.R.7535): Requires that agencies create a roadmap for migration and directs the Office of Management and Budget (OMB) to prioritize funding.
• National Security Memorandum 10 (NSM-10): Directs agencies to prepare for the transition to quantum-resistant algorithms to mitigate national security risks.
• OMB Memorandum (M-23-02): Provides specific instructions for civilian agencies, including:
  • Inventory vulnerable cryptographic systems
  • Develop transition plans to use NIST-standardized algorithms
  • Submit annual funding assessments
• Executive Order 14144: Requires that agencies be able to support Transport Layer Security (TLS) protocol version 1.3 (or a successor incorporating PQC) by January 2, 2030. It also mandates that CISA must publish a list of PQC-enabled products for cryptographic systems by December 2025.
• National Security Agency’s (NSA) Commercial National Security Algorithm (CNSA) Suite 2.0: Outlines specific PQC requirements, setting a goal that national security systems will be fully quantum-resistant by 2035.

Migrating to PQC – The Roadmap and Common Pitfalls

As agencies begin to plan out and implement their PQC migrations, it is important to follow a structured, multi-phase roadmap:

• Discovery and Inventory: Conduct a comprehensive inventory of all systems using public-key cryptography and determine the sensitivity, and required security lifetime, of the data you are protecting.
• Assessment and Planning: Prioritize systems for migration (focusing on high-value assets), develop detailed transition plans, and update procurement policies to require PQC readiness in any new technology purchases.
• Implementation and Testing: Deploy pilot programs to test PQC algorithms.
  • The National Institute of Standards and Technology’s (NIST) recently finalized three primary standards: FIPS 203, 204, and 205.
  • Consider hybrid approaches for a safer transition and the ability to easily swap out algorithms in the future (i.e. "crypto agility").
• Collaboration and Communication: Engage with vendors, coordinate with CISA and OMB, and educate your internal workforce on the transition.

Even with a structured roadmap, the quantum threat is a new territory for most – the migration process poses several significant challenges for agencies:

• Performance overhead of PQC algorithms
  • Some server architectures might struggle to run PQC algorithms
• Interoperability issues
• Lack of "crypto-agility" or compatibility in legacy systems
• The sheer scale of assets they need to inventory
• Securing adequate budget and resources
• A skills gap in their workforce
• Vendor readiness delays

What’s Next?

To stay ahead of the quantum threat and meet the federal requirements and compliance standards, organizations need to act now. Whether you are developing your roadmap or starting your implementation journey, Four Points Technology is here to assist you in making this migration process as painless and successful as possible. Please reach out to our team to learn more.