Tech giants and critical infrastructure operators are moving quickly to adopt post-quantum cryptography (PQC). Even though large-scale quantum computers may still be years off, they could eventually break today’s encryption. This urgency is driven by the “Harvest Now, Decrypt Later” (HNDL) strategy, in which attackers steal encrypted data today and decrypt it later using quantum technology. For the power grid, this means long-term data, secure communications, and control systems are already at risk.
Here are the main reasons for this transition:
- The Harvest Now Decrypt Later Threat.
Nation-state actors are already gathering and storing encrypted data (such as communications, intellectual property, and operational logs) for later decryption.
- Long-lived data: power grid data, including SCADA system logs and infrastructure, often needs to be protected for decades.
- Retroactive risk: Information encrypted today could become vulnerable in the next 10-20 years, so current defenses may not be enough for long-term security.
- Vulnerability of Current Infrastructure.
Current grid security mostly uses RSA and elliptic curve cryptography (ECC). These methods are at risk from quantum algorithms such as Shor’s algorithm, which can factor large numbers much faster than classical computers.
- Hired Control Systems. If attacked, Control Systems could be accessed without permission, leading to the execution of fake commands, power surges, or widespread failures.
- IoT Vulnerabilities: Modern smart grids use thousands of IoT devices and sensors that are hard to update, making them likely targets for future attacks.
- The Long Time Frame For Transition
Switching to PQC is not a quick fix. It is a complex, expensive process that can take years.
- Extensive inventory: Organizations need to identify all locations where cryptography is used in their systems before they can make changes.
- Legacy systems: Many operational technology (OT) systems in the energy sector have lasted 20 years or more, making them difficult to update.
- Crypto agility: Tech companies like Google and Microsoft are focusing on it, meaning building systems that can quickly switch to new PQC algorithms as standards change.
- NIST Regulations and Regulatory Pressure
The US National Institute of Standards and Technology released the first set of PQC standards in 2024 (FIPS 203, 204, and 205), providing companies with a clear roadmap.
- Regulatory deadlines: organizations must meet. New rules that require quantum-safe algorithms by 2030-2035.
- Forward Looking By Measures By Tech Leaders
Major tech companies are already integrating PQC into their services:
- Google: Implemented PQC in Chrome’s test builds and internal VPNs.
- IBM & Microsoft are offering Quantum-Safe plans and testing PQC algorithms in their cloud services, such as Azure and IBM Cloud.
- Industry alliances: The Linux Foundation launched the Post-Quantum Cryptography Alliance (PQCA) to develop open-source software, with members including AWS, Cisco, and NVIDIA.
To summarize, this switch is urgent because the time-critical data that must remain secure overlaps with the expected arrival of quantum machines.
What Is Post-Quantum Cryptography, And Why Is It Necessary?
Post-Quantum Cryptography is a set of cryptographic methods built to resist attacks from quantum computers. These future computers will be able to solve problems that are impossible or extremely difficult for today’s technology.
Many of the cryptographic methods we use now, including RSA, ECC, and DH, are at risk from quantum algorithms such as Shor’s. A powerful enough quantum computer could break these protections in just hours or even minutes.
Quantum computers like these are not widely available yet, but experts within post-quantum cryptography agree they will arrive eventually. Michal Mosca, a well-known quantum cybersecurity researcher, explains that if X is how long your data needs to stay safe and Y is how long it takes to update your systems, you should start before X + Y = the arrival of a quantum computer.
This matters now because of the Harvest Now Decrypt attacks. In these cases, attackers gather encrypted data today, expecting to one day have quantum computers powerful enough to unlock it.
This means that private information, such as healthcare records, intellectual property, and government messages, could be at risk long after you believe it is secure.
We are not alone in facing this challenge. The World Economic Forum predicts that 20 billion digital devices will need PQC upgrades or replacements over the next 10 to 20 years. Still, it is important to act with haste.
Meta Title (60 characters):
Why Tech Giants Are Moving to Post-Quantum Crypto
Meta Description (160 characters):
Tech giants race to adopt post-quantum cryptography to protect grids and data from future quantum attacks and “harvest now, decrypt later” threats.
Source:Why Your Business Needs Post-Quantum Cryptography: Insights from Industry Experts
