The post‑quantum era isn’t a far‑off scenario. It’s already shaping how governments, tech leaders, and security experts think about protecting data. When NIST finalized its post‑quantum cryptography (PQC) standards a year ago, it felt like a milestone – the “waiting phase” was finally over. But year one has made one thing clear: publishing the standards wasn’t the finish line. It was the starting gun.
In this special episode of Shielded: The Last Line of Cyber Defense, host Johannes Lintzen brings together some of the most influential voices driving PQC adoption, reflecting on what the first 12 months have taught us:
- Dustin Moody of NIST, who led the development of PQC standards.
- Dr. Garfield Jones from DHS, driving government PQC initiatives.
- Bas Westerbaan from Cloudflare, a frontline leader in post‑quantum deployment.
- John Ray of Thales, an authority on crypto agility and hardware security modules.
- Mamta Gupta from Lattice Semiconductor, warning of hardware lifecycles clashing with fast‑evolving threats.
- Cassie Crossley from Schneider Electric, tackling compliance realities for critical infrastructure.
Their combined message was that the migration can’t wait, and the lessons of this first year will shape every move going forward.
Myth Busting: It Was Never Going to Be a “Quick Switch”
When the standards landed, a lot of organizations relaxed. The assumption was that you could swap out one algorithm for another and get on with business. Dustin Moody quickly set that illusion on fire:
“The standards are here. And now maybe some people think, ‘Okay. We’ve got the standards. We’ll just switch over, be a real easy, quick thing. We’ll be done with this, and we can get on with our lives’. But I don’t believe it’s going to end up being just a quick, easy, simple transition. It’s gonna take a lot of preparation and effort and planning, and it will probably be a little bit painful.”
A year on, his words have aged well. Companies that thought PQC migration would be a plug‑and‑play exercise are realizing it’s a system‑wide overhaul that touches everything, from applications and hardware, to the teams that manage them.
“This Migration Shouldn’t Be Optional.”
Dr. Garfield Jones didn’t mince words last year when asked whether compliance is a driver or a roadblock.
“This migration shouldn’t be optional. It’s not something that you should take and be, ‘Eh, I can get it done later.’ As we kick the can down the road more and more, it becomes a bigger and bigger problem because then you’re going to have a lot of privacy and confidentiality issues that you don’t want.”
Year one proved him right. Federal agencies already face mandates, memos, and executive orders to adopt PQC. And for private companies, the pressure will come from procurement and partnerships. If your systems aren’t quantum‑safe, you won’t be able to work with organizations which are.
The First Step: Inventory Everything
Bas Westerbaan of Cloudflare reframed PQC migration not just as a technical challenge, but a lifecycle and change‑management problem.
He explained that most organizations don’t even know all the places where cryptography is used in their infrastructure. The first step, he says, isn’t building a new system – it’s taking inventory of what you already have:
- What cryptographic algorithms are in use?
- Which systems, connections, and vendors rely on them?
- What data needs to remain protected for years (or decades) into the future?
Without that inventory, any migration plan is built on guesswork.
Crypto Agility: The Only Way Forward
The term crypto agility has been floating around for years, but in the past 12 months it’s moved from buzzword to survival strategy. John Ray of Thales put it bluntly:
“We sometimes say HSMs have always been crypto agile because we offer many different algorithms… We don’t want to hard-code in PQC crypto. If we do that, then we’re in the same position we were with RSA and ECC.”
Agility isn’t just about “having options” – it’s designing systems so algorithms can be updated without ripping out the foundation every time. Hard‑coding PQC into hardware or software might feel like progress now but it’s tomorrow’s headache.
The Hardware Gap: Slow Cycles, Fast Threats
Mamta Gupta zeroed in on the mismatch that could haunt this entire migration: hardware lifecycles vs. quantum threats.
“The biggest challenge that I see is the disconnect between the speed of cryptographic evolution, which is very slow because the data is so much that we need to protect… and the life cycle of hardware, that is also very long. And then you have this threat that is evolving very fast.”
Devices built today might be in the field for 10-15 years. If they aren’t designed with crypto agility and upgradeability in mind, they’ll be obsolete and insecure, long before they’re replaced.
Compliance: A Moving Target
Even though NIST’s PQC standards are finalized, the rulebook around them is still being written, and that creates a different kind of uncertainty.
Cassie Crossley pointed out that frameworks like FIPS 140‑3 and other certifications are still evolving, and that has huge implications. The algorithms an organization deploys today might not pass the compliance tests of tomorrow. A product launched this year could find itself failing audits in two years’ time, not because it’s broken, but because the standards have moved on.
For industries like energy, utilities, and critical infrastructure, the stakes are even higher. These sectors don’t just need to ‘check a box’. They have to prove year after year that their systems meet strict security, safety, and regulatory requirements. If your hardware, firmware, or cryptographic stack can’t adapt, you’re not just dealing with a bureaucratic headache, you’re looking at stranded products, costly redesigns, and potentially being shut out of critical markets.
Compliance isn’t static anymore. It’s fluid, shifting, and tied directly to survival.
The Takeaway: Don’t Wait
Across the panel, the message was consistent: the time for planning is over, the time for action is now.
The standards are here. Government action is here. And the ‘Harvest Now, Decrypt Later’ threat (attackers storing encrypted data today to break it when quantum computers mature) is no longer theoretical. It’s already happening.
The companies that started last year are already ahead, shaping their own timelines and budgets. The ones which keep waiting will be forced into rushed, expensive migrations – or worse, they’ll find themselves locked out of contracts, partners, and markets entirely.
🎧 Hear the full roundtable discussion on Shielded: The Last Line of Cyber Defense, featuring insights from NIST, DHS, Cloudflare, Thales, Lattice Semiconductor, and Schneider Electric now available on Apple Podcasts, Spotify, and YouTube.