Insider Brief
- NIST’s National Cybersecurity Center of Excellence has released a preliminary draft guide warning that migration to post-quantum cryptography will take years and must begin now.
- The draft outlines risks from quantum computers to widely used algorithms such as RSA and ECDH, and recommends concrete steps including cryptographic inventories, discovery tools, and risk-based migration playbooks.
- NIST and industry collaborators will test interoperability and performance of new quantum-resistant algorithms in protocols and hardware, with lessons to inform future standards and practice guides.
A U.S. government program is warning that the cryptographic systems protecting global commerce, finance, and communications could one day be vulnerable to the power of quantum computers — and that organizations need to start preparing now.
The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence ((NCCoE) has released a preliminary practice guide that makes a blunt case: waiting until quantum machines arrive is not an option. Migration to post-quantum cryptography will take years, and the clock is already ticking.
According to the center’s preliminary draft guide, many of the algorithms that form the backbone of secure digital communications — including RSA, Elliptic Curve Diffie-Hellman (ECDH), and Elliptic Curve Digital Signature Algorithm (ECDSA) — will be vulnerable once large-scale quantum computers are built.
Most information technology systems were never designed to support rapid cryptographic replacement. Past migrations, such as the move away from the SHA-1 hash function, took years and in some cases more than a decade to complete. The challenge now is larger and more urgent: quantum computers threaten the very foundation of public-key cryptography, meaning that both governments and businesses must begin preparing for an overhaul of the systems that safeguard everything from financial transactions to healthcare records.
“Organizations should start planning now to migrate to PQC, also known as quantum-resistant cryptography, to protect their high value, long-lived sensitive data,” the officials write in a release on the white paper. “Historically, it has taken a long time from the moment that a new algorithm is standardized until it is fully integrated into information systems. No one knows how long it will take to build a cryptographically relevant quantum computer. Predictions vary widely, but some people think it may be possible in less than 10 years.”
Algorithms at Risk
In its executive summary, NIST describes the scope of the threat in stark terms. Public-key algorithms — the mathematical tools that enable encrypted communications, secure digital signatures, and protected data exchange — were not built to withstand the parallel processing power of quantum systems. A quantum machine large enough to run Shor’s algorithm could effectively render RSA and elliptic curve cryptography obsolete.
This would not just break web browsers and email servers. It would compromise the certificates that establish trust online, the hardware security modules that anchor identity in enterprises, and the encrypted data that businesses and governments have long assumed would remain private.
Compounding the problem, NIST officials write, many organizations lack visibility into where and how cryptography is embedded in their systems. Applications, network protocols such as TLS and SSH, digital certificates, hardware modules, and third-party services all rely on cryptographic algorithms. Without a comprehensive inventory, businesses cannot know what is at risk or how to prioritize migration.
And because data encrypted today may still be sensitive years from now, organizations face what experts call the “harvest now, decrypt later” problem: adversaries can capture encrypted traffic now and wait for quantum machines to decrypt it in the future.
The Migration Playbook
To address these challenges, the center has released a preliminary draft practice guide. The project aims to provide organizations with concrete steps for beginning the migration, along with discovery tools, sample implementations, and risk-based roadmaps.
As the NIST officials explain in the executive summary, the goal is not just to raise awareness but to provide a practical framework that organizations can use today. The guide emphasizes that migration will require coordination among people, processes, and technology.
Future volumes will provide more technical detail, including architecture and risk analysis for program managers, as well as how-to guides for IT professionals who will need to install, configure, and integrate new algorithms into existing systems.
Concrete Steps for Organizations
While NIST stops short of prescribing a one-size-fits-all approach, the draft guide outlines a series of general practical actions that every organization can take now. For business leaders and IT managers, these steps provide a roadmap to begin planning.
According to NIST, organizations should:
- Take Inventory of Cryptography. Identify where public-key algorithms are used in applications, protocols like TLS and SSH, digital certificates, hardware security modules, and vendor services.
- Deploy Discovery Tools. Use scanning tools to detect quantum-vulnerable algorithms in systems, software, and development pipelines. Make these scans a routine part of CI/CD practices.
- Develop a Risk-Based Playbook. Prioritize migration for systems that protect high-value or long-lived data, especially information that could be harvested now and decrypted later.
- Plan for Interoperability Challenges. Test hybrid approaches, such as dual-use certificates that combine classical and PQC algorithms, to ensure continuity during the transition.
- Engage Vendors Early. Ask hardware, software, and cloud providers about their PQC migration plans and incorporate their readiness into procurement and risk management decisions.
- Participate in Standards and Feedback. Review NIST’s preliminary guides, comment on draft practices, and share lessons learned with industry peers to accelerate collective readiness.
NIST officials write that these steps are not just technical tasks but strategic actions that will require coordination across entire organizations. Chief information security officers, program managers, and frontline IT professionals each have roles to play.
What’s Coming: Testing and Demonstrations
Beyond awareness, the NIST project is launching hands-on testing. Initial workstreams will stress-test the first post-quantum algorithms against widely used protocols including TLS, SSH, QUIC, and X.509 digital certificates. Performance and interoperability evaluations will also extend to hardware security modules (HSMs), which play a central role in protecting keys and identities across enterprise systems.
These early tests are critical because post-quantum algorithms differ from their classical predecessors in key size, signature size, error handling and execution steps. As the NIST draft notes, the new cryptography will not be “drop-in replacements.” Organizations should expect different performance characteristics, higher computational costs, and new operational complexities. To bridge the gap, NIST anticipates that interim hybrid implementations — combining classical and PQC algorithms — will be necessary to maintain compatibility during the transition.
Lessons learned from these demonstrations will be published in additional practice guide volumes and technical reports. They will also be shared with standards development bodies, which will need to update protocols and specifications to support quantum-safe algorithms.
Broad Industry Backing
The scope of the project is reflected in the roster of collaborators. Major technology companies and institutions are participating, including Amazon Web Services, Cisco, JPMorgan Chase, Microsoft, IBM, Dell, Thales, DigiCert, VMware, SandboxAQ, PQShield, and the National Security Agency. Smaller firms specializing in cryptography, such as CryptoNext Security, wolfSSL, and ISARA, are also involved.
According to NIST, these collaborators are not just observers but active contributors. They are testing products, demonstrating use cases, and helping identify gaps between quantum-resistant algorithms and real-world systems. Their involvement underscores the breadth of the challenge: from cloud computing and financial services to hardware manufacturing and national security, every sector has a stake in a smooth transition.
Why It Matters Now
The draft makes clear that preparation is urgent. Deploying algorithms across global infrastructure will take years, the team writes. If organizations wait until standards are complete to begin planning, they will risk falling behind — and potentially exposing critical systems to both quantum and classical attacks.
Past migrations offer cautionary tales. The deprecation of the aforementioned SHA-1, for example, was announced years before it became unsafe, yet many organizations struggled to fully transition in time. The migration to post-quantum cryptography is expected to be even more complex, touching more protocols, systems and dependencies than any previous cryptographic shift.
NIST’s draft highlights the compliance dimension of the plan. Regulators and industry bodies are likely to mandate quantum-safe practices once standards are in place. Organizations that have not prepared will face both security risks and regulatory penalties.
NIST recommends organizations begin conducting cryptographic inventories, piloting discovery tools and developing risk-based playbooks. Vendors and service providers must be pressed for their own roadmaps, and industry groups should coordinate to share best practices.
As NIST officials write, “Maintaining connectivity and interoperability among organizations and organizational elements during the transition from quantum-vulnerable algorithms to quantum-resistant algorithms will require careful planning.”
The institute is inviting feedback on its draft guide, encouraging businesses to share lessons learned and contribute to a smoother migration. It’s also creating a Community of Interest for the project.
Learn more here.
