As organizations move forward with quantum migration, it’s essential that they build crypto-agility into their systems. “You need to be able to swap out algorithms without having to rewrite the whole system,” Dr. Jones, CISA explains in our latest episode of Shielded. This ability to switch between different quantum-safe algorithms will allow systems to adapt as new quantum computing capabilities emerge.
Yet, even as organizations make these technical upgrades, Dr. Jones highlights a critical reality: many companies still struggle with buy-in for the quantum transition. That’s where the “Harvest Now, Decrypt Later” model comes in. Dr. Jones is clear: Encrypted data sent today could be harvested by adversaries and decrypted later, once quantum computers become powerful enough.
“If a quantum computer comes out five years from now and you used some kind of elliptic curve-based key exchange to set up your secure connection, I can go back and decrypt all that data,” Dr. Jones says. “You need to plan for the long-term security of the data you’re sending today.”
That urgency is compounded by hardware timelines. Many organizations still rely on devices that are built to last for decades, such as embedded chips, IoT devices, and smart meters. These hardware pieces are often difficult or impossible to update once deployed, making them vulnerable to quantum threats for years to come. “That’s a tough one,” Dr. Jones admits. “And I am very, very worried about the small cryptographic hardware pieces.”
The solution, Dr. Jones suggests, is to start planning for the entire system lifecycle now, not later. That includes coordinating with vendors, budgeting for hardware upgrades, and identifying where critical updates need to occur in the next few years.
Throughout the episode, Dr. Jones repeatedly emphasizes one key theme: consistency. The organizations that will navigate the quantum transition successfully are the ones that stop treating cryptography as a development task and start treating it as an enterprise-wide responsibility. “You want your developers to understand cryptography in sort of a black-box way,” he says. “You can say, okay, call this function for your signatures. We’ll always make sure we have a high-security, efficient implementation in there.”
Quantum readiness isn’t about predicting the future or overhauling your entire infrastructure. Instead, it’s about making incremental, strategic changes today that will ensure you’re ready for whatever quantum throws your way. As Dr. Jones puts it, “You need to get started now to make your systems more secure in the quantum era.”
It’s not enough to wait for quantum computing to be a fully realized threat. If you’re serious about securing your organization, quantum readiness needs to be a pressing concern. It’s a journey that starts today before the clock runs out.
About CISA
The Cybersecurity and Infrastructure Security Agency (CISA) plays a critical role in ensuring the cybersecurity and resilience of national and global infrastructure. Through collaborative efforts between government agencies, businesses, and organizations, CISA is driving the protection of sensitive data against emerging threats like quantum computing. By helping shape the future of cybersecurity, CISA is preparing the world for a quantum-enabled future.
You can hear the full conversation with Dr. Garfield Jones on Shielded: The Last Line of Cyber Defense, available now on Apple Podcasts, Spotify, and YouTube Podcasts. Subscribe blelow:
🎤Apple Podcasts
🎤Spotify
🎤YouTube Podcasts