A federal IT exec makes the case, post quantum cryptography isn't optional homework for later

Started by Amber Tiger, Jul 17, 2026, 11:15 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Topic: A federal IT exec makes the case, post quantum cryptography isn't optional homework for later   Views(Read 69 times)
Active members in this topic:
Amber Tiger(1) PlanckLimit81(1)

Amber Tiger

In a commentary for Federal News Network, Electrosoft Services COO Jamie Holcombe argues that by the time an organization recognizes quantum computing as an immediate threat, it's usually already behind. His core point, today's public key cryptographic systems, RSA and elliptic curve cryptography, protect financial transactions, intellectual property, classified communications and supply chains precisely because they rely on math problems classical computers can't efficiently solve, and sufficiently powerful quantum systems running algorithms like Shor's would eventually defeat exactly those protections

Holcombe's real emphasis, though, isn't on the distant hardware milestone itself, it's on the fact that adversaries are already collecting encrypted data today specifically to decrypt it later once quantum capability matures. That reframes the entire timeline, information stolen right now may still hold real strategic value decades from now, meaning organizations can't afford to wait for an actual Q-Day before acting, since by then the data in question may already be thoroughly compromised

His broader argument is that post quantum cryptography shouldn't be treated as a standalone project bolted onto existing systems later, it needs to be built directly into modernization efforts already underway, cloud adoption, zero trust architecture, and AI integration all depend on the same underlying cryptographic trust that quantum computing eventually threatens. AI systems are only as trustworthy as the data feeding them, and zero trust architecture depends entirely on strong, resilient cryptography to verify users, devices and behavior continuously, meaning PQC functions as a foundational layer sitting underneath both of those other initiatives rather than a competing priority

The piece pushes back specifically against framing this purely around a single dramatic future event. The bigger risk, Holcombe argues, isn't the sudden arrival of quantum capability itself, it's institutional inflexibility, organizations weighed down by technical debt and rigid legacy architecture that simply can't adapt fast enough once cryptographic standards actually change. His prescription is cryptographic agility, designing systems now so cryptographic components can be swapped or upgraded without tearing apart entire operational environments, arguing that disciplined, incremental modernization beats both panic and complacency, and that the organizations who adapt fastest, not necessarily the ones with the biggest budgets, will be the ones that come out ahead

PlanckLimit81

Framing institutional inflexibility as the real danger rather than the sudden arrival of quantum hardware itself is a genuinely useful reframe, most coverage fixates purely on the hardware timeline and misses this angle entirely

Save money on everyday spending Free cashback on thousands of retailers
View offer