The Signal Has Changed: From Research to Execution

The release of FIPS 203, 204, and 205 in 2024 is not just another standards update. It represents the end of an eight-year global effort to define quantum-resistant cryptography. These standards introduce ML-KEM for key exchange and ML-DSA and SLH-DSA for digital signatures, directly replacing the cryptographic primitives that underpin today’s internet security. :contentReference[oaicite:1]{index=1}

This matters because standards remove uncertainty. Vendors no longer need to guess which algorithms will win. Cloud providers, infrastructure platforms, and security vendors now have a clear direction for implementation. We are already seeing validated implementations begin to appear, forming the foundation for real-world adoption. :contentReference[oaicite:2]{index=2}

At the same time, guidance has matured. The NCSC is explicit that preparation should begin now, not when quantum capability arrives. The expectation is not immediate migration, but immediate planning. :contentReference[oaicite:3]{index=3}

There is also a timeline emerging. Current guidance and industry alignment point toward deprecating vulnerable algorithms such as RSA and elliptic curve cryptography around 2030, with full transition expected by approximately 2035. :contentReference[oaicite:4]{index=4}

That timeline creates a false sense of distance. In practice, large-scale cryptographic change takes years to design and deploy. Systems are interconnected, dependencies are hidden, and upgrades are rarely isolated. What looks like a decade is, operationally, a narrow window for structured transition.

This is the shift. The question is no longer whether organisations should prepare. It is whether they can do so in time without disruption.

The Real Risk: “Harvest Now, Decrypt Later”

The urgency is not driven by the exact arrival date of a cryptographically relevant quantum computer. It is driven by what is happening to data today.

The “harvest now, decrypt later” model changes the threat landscape fundamentally. Adversaries can collect encrypted data now and store it indefinitely, waiting until quantum capabilities make decryption feasible. :contentReference[oaicite:5]{index=5}

This is not speculative. It is already a recognised strategy, particularly for high-value targets. :contentReference[oaicite:6]{index=6}

The implication is simple but uncomfortable. The security of data is no longer determined by how strong encryption is today, but by whether it will remain secure in the future.

This matters most for information with long lifetimes. Intellectual property, financial records, personal data, and strategic communications often need to remain confidential for years or decades. If that data is intercepted now, it may still be exposed later, regardless of how secure it appears today.

This reframes quantum risk entirely. It is not a future breach scenario. It is a present-day data exposure decision.

The NCSC reflects this long-term perspective in its guidance, focusing on protecting information “in years to come,” not just in current operational windows. :contentReference[oaicite:7]{index=7}

For organisations, this means the migration clock has already started. The longer preparation is delayed, the larger the exposure window becomes.

The Hard Part: Inventory, Not Algorithms

There is a persistent misconception that quantum-safe migration is primarily about replacing algorithms. In reality, the algorithms are already defined. The challenge lies elsewhere.

The difficulty is understanding where cryptography exists across your organisation.

Modern systems are deeply dependent on cryptographic primitives. Encryption is embedded in TLS connections, authentication systems, APIs, cloud services, firmware updates, mobile applications, and third-party platforms. It is not centralised. It is distributed, often invisibly.

This is why both NCSC guidance and industry frameworks consistently emphasise discovery as the first step. Before migration can begin, organisations must identify where cryptography is used, what algorithms are in place, and what systems depend on them.

This is not trivial. Cryptographic dependencies are rarely documented in one place. They span development teams, infrastructure layers, vendors, and legacy systems. In many cases, organisations do not have a complete picture of their own cryptographic footprint.

Without that visibility, migration becomes guesswork. With it, migration becomes structured and controllable.

This is also where timelines become constrained. The inventory phase alone can take significant time, especially in complex environments. It requires coordination across teams, validation of assumptions, and often the discovery of undocumented dependencies.

The conclusion is consistent across guidance and real-world experience. The hard part is not implementing new algorithms. It is building an accurate, actionable understanding of the current state.

Migration Reality: Constraints, Trade-offs, and Hybrid States

Even with standards defined, migration is not straightforward. Post-quantum algorithms introduce different performance characteristics, larger key sizes, and changes to protocol behaviour. These are not always drop-in replacements for existing systems. :contentReference[oaicite:8]{index=8}

In practice, organisations will move through hybrid states. Classical and post-quantum algorithms will coexist, often combined within the same protocols to balance security and compatibility.

This introduces additional complexity. Systems must support multiple cryptographic modes, vendors must update products, and interoperability must be maintained across environments that are migrating at different speeds.

There are also operational considerations. Early implementations show measurable overhead in some contexts, particularly in network-heavy environments, where latency and bandwidth are affected by larger cryptographic operations.

This does not block migration, but it reinforces a key point. Transition must be staged, tested, and aligned with real system constraints.

It also highlights the importance of crypto-agility. Systems designed to adapt to changing cryptographic standards will transition far more smoothly than those with hardcoded assumptions.

Prioritisation and a Staged Migration Approach

Once visibility exists, migration becomes a prioritisation problem.

Not all systems carry the same risk, and not all data requires the same level of long-term protection. The highest priority areas are those where compromise would have lasting impact. Certificate infrastructures, firmware signing systems, and long-lived sensitive data are consistently identified as early targets.

From there, migration becomes phased. Some systems will adopt hybrid cryptography early. Others will follow as vendor support matures and dependencies are resolved.

The NCSC frames this as a structured journey, beginning with discovery, moving through planning and early adoption, and progressing toward full transition over time. :contentReference[oaicite:9]{index=9}

This staged approach is critical. Attempting to replace everything simultaneously increases risk and complexity. A controlled rollout allows organisations to manage change while maintaining operational stability.

At WAi Forward, this is how we approach any system-wide transformation. Not as a single project, but as a coordinated evolution of interconnected components.

Conclusion: Planning Time Is Now

The defining change is simple. The standards exist. The guidance exists. The timelines exist.

What remains is execution.

Quantum-safe migration is not urgent because quantum computers will arrive tomorrow. It is urgent because the preparation required cannot be done tomorrow.

The organisations that begin now will move deliberately, with control and clarity. Those that delay will be forced into reactive change, under time pressure and with incomplete visibility.

The hard part is not selecting the right algorithm. It is understanding your systems well enough to replace it safely.

And that is why “later” is no longer a viable plan.