Planning for post-quantum cryptography

The Australian Cyber Security Centre has published an updated version of ist recommendations for the migration to PQC

Reasons to address the threat of a CRQC now:

Organisations should prioritise the protection of their information technology (IT) environment against the threat of a CRQC now, even though a CRQC may not exist for some time. Early action is crucial because:

• deploying protections against a CRQC may take longer than expected
• estimating the timeline to achieve a CRQC is uncertain as quantum computing is an active area of research
• storing highly sensitive or classified data using classical encryption methods may be vulnerable to ‘harvest now, decrypt later’ attacks.

Some service providers and vendors have begun their transition to PQC, with some offering PQC-only solutions and products. The shift to PQC will happen at different speeds and will depend on factors such as cost, dependent technology updates and legacy interoperability. This further highlights the need for organisations to start planning for their PQC transition right away.

The recommendations’ update is available also as PDF here: https://www.cyber.gov.au/sites/default/files/2025-09/Planning%20for%20post-quantum%20cryptography%20%28September%202025%29.pdf

More information: https://www.cyber.gov.au/business-government/secure-design/planning-for-post-quantum-cryptography

Origin of text: https://www.cyber.gov.au/business-government/secure-design/planning-for-post-quantum-cryptography
Foto von Ondrej Machart auf Unsplash