Quantum Cybersecurity: The race for unhackable networks in a post-quantum world
As a data and artificial intelligence (AI) strategist, I’ve focused my career on realising the value of data. But now, my priority has shifted to protecting it. We are facing a quiet but serious crisis that threatens the very foundation of our digital world. It's known as the "Harvest Now, Decrypt Later" (HNDL) attack. This attack turns our most valuable long-term data—intellectual property, state secrets, financial records, and personal health information—into ticking time bombs.
Adversaries are intercepting and stockpiling today's encrypted data. They aren't breaking it now; they're waiting for the day when a powerful quantum computer can breach current encryption standards like RSA and ECC in just hours. For data that needs to stay secure for decades, the threat is not in the distant future; it's happening now. This shifts data protection from just a compliance task to an urgent strategic priority.
The global response to this serious threat has been strong. The U.S. National Institute of Standards and Technology (NIST) recently finalised its first set of post-quantum cryptography (PQC) standards after a multi-year global competition. New algorithms like ML-KEM (formerly CRYSTALS-Kyber) and ML-DSA (formerly CRYSTALS-Dilithium) are being developed to establish a quantum-resilient digital infrastructure. This is not just a technical upgrade; it's also a geopolitical race for the future of secure communication, as nations around the world push for adoption in critical infrastructure.
Here is where AI intersects with quantum security, creating a complex situation. On one hand, AI acts as a threat multiplier. Research shows AI can analyse energy usage to extract secret keys from PQC algorithms, demonstrating that even quantum-resistant algorithms are vulnerable to intelligent, AI-driven attacks on poorly implemented systems. Generative AI is already fueling highly realistic phishing and social engineering attacks at an unprecedented scale.
On the other hand, AI is also our most crucial defence tool. The first step towards a solution is conducting a thorough cryptographic inventory—a significant data discovery challenge. An organisation can't protect what it doesn't know it exists. AI-powered tools can automate this discovery process, scanning large IT networks to locate every instance of vulnerable cryptography. Beyond just inventory, AI can audit new PQC implementations for weaknesses, enhance performance, and create flexible, adaptive security measures. Imagine an AI-driven network that watches for threats and automatically switches between different PQC algorithms in real time, an idea known as crypto-agility. This represents the future of defense: confronting technological threats with advanced technology.
The journey to a quantum-safe future requires strategic planning, not just a simple fix. It starts with three immediate steps. First, organisations should form a dedicated team to manage the quantum-readiness roadmap. Second, they need to conduct a comprehensive cryptographic inventory, prioritising assets based on the long-term significance of the data they protect. Finally, they should engage with all technology vendors to understand their PQC transition timelines.
The migration will demand a substantial financial investment from governments and businesses worldwide. To illustrate the scale of this expense, the White House has estimated a cost of $7.1 billion for U.S. federal agencies alone. But this is not just an American issue. In Europe, Germany is mandating the transition for critical infrastructure by mid-2026. In Asia, countries like China and India are mobilizing their tech sectors. For a single large global company, the cost is projected to be between $7M and $12M. These figures are daunting, primarily due to the necessity of replacing old systems with secure cryptography. However, this investment is minor compared to the potential cost of a future quantum-enabled breach.
The time for deliberation has passed. The HNDL threat is live, the standards are set, and we have the tools for defense. We are racing not just to build a quantum computer, but to establish a quantum-safe data infrastructure before our adversaries can exploit one against us. By using AI as a key defensive strategy and following a smart, data-driven migration plan, we can succeed in this race.
Sukanya Mandal
Sukanya Mandal is an AI and cybersecurity strategist and a Senior IEEE Member
Next Article