Jenn Nuttall | Product Marketing Manager
More About This Author >
Jenn Nuttall | Product Marketing Manager
More About This Author >
It is no surprise that the United Nations declared 2025 as the International Year of Quantum Science and Technology (IYQ). Not only does it mark the 100-year point since quantum physics were discovered, but for those who have been following, the race to make a quantum computer has skyrocketed over recent years, driving the cybersecurity industry en masse to begin preparations.
Industry experts who understand the complexities and challenges behind such a transformation recognize this year marks a turning point. Last year NIST announced the finalists for the Post-Quantum Cryptography algorithms (PQC), prompting many vendors to begin PQC migration plans, if they hadn’t already. While organizations are still evaluating the upcoming impact, 2025 is the ideal time to assess the next steps. Every organization needs to define their journey, and tailor it to their existing infrastructure and requirements. With Harvest Now, Decrypt Later attacks already putting long life data at risk, it’s vital to be proactive.
A good first step could be to set up a working group, consisting of various IT personnel along with an executive sponsor, in alignment with the 2025 International Year of Quantum, with a goal of educating your team about PQC as much as possible. Take the lessons learned and build out a draft migration to PQC plan and budget that is specific to your organization. Be sure to set up regular intervals to keep the project moving.
If your organization has already started its PQC journey, it is critical to stay on top of this ever-evolving topic, which continues to advance constantly as the entire industry navigates this new territory.
Wherever you are in the world, you have a variety of resources at your disposal. While there are no compliance regulations specific to PQC just yet, CNSA 2.0 in the North American region, was the first to present its timelines for compliance, with differing dates based on industry. In the UK, the government recently released its guidelines on protecting technical systems from quantum computers. In Asia Pacific, several regulatory bodies such as the Monetary Authority of Singapore (MAS) or the Australian Prudential Regulation Authority (APRA) are all calling for organizations, especially those in the financial industry, to begin their preparations for quantum readiness as soon as possible.
For those who work in areas of Code Signing or Public Key Infrastructure, be sure to check out the many resources from the recently held PKI Consortium Post-Quantum Cryptography conference in Austin, TX. Not only have the conference organizers put together a list of Key Takeaways, but they posted all the information sessions on their website, including sessions by some of Thales’ own such as with Eric Amador, Product Market Manager on the Hardware Security Module (HSM) panel, or the breakout session by Blair Canavan, Alliances Director, PQC Portfolio entitled “2025 is here – how to get your PQC Readiness Plan Underway”.
Drawing on Thales' deep expertise and customer-driven insights in PQC, our specialists offer guidance to prepare for the impact of IYQ. To facilitate this transition, Thales provides PQC starter kits for hardware security modules and network encryption.
There are many other industry events happening throughout the year. If you don’t usually attend, this year would be an essential year to visit either in-person or even virtual events.
To get you started, here are a few resources from Thales:
1) Upcoming Webinars with Thales and its PQC Partner Ecosystem: Search - BrightTALK
2) PQC e-Book: Post-Quantum Cryptography Insights - eBook
3) Risk Assessment Tool: Post-Quantum Crypto Agility Risk Assessment
4) Solutions Web page: Post-Quantum Crypto Agility
5) Begin preparing now with our PQC Starter Kits