All Post-Quantum, PQC Posts
-
Quantum Policies
NIS2, DORA, and the EU Post-Quantum Roadmap
If you are a CISO under NIS2 or DORA, you are already expected to run a risk-management system that tracks material, evolving threats - and to implement “state‑of‑the‑art” controls appropriate to the risk. The EU’s PQC roadmap is effectively saying: quantum is now one of those evolving threats you must govern. The most important conceptual shift for leadership teams is this: the EU is not (yet)…
Read More » -
Post-Quantum, PQC, Quantum Security
Telecom Quantum Readiness: Why the Urgency and Where to Start
An increasing number of telecom leaders have been pinging me lately about quantum readiness. And frankly, that’s exactly what they should be doing. New regulations and mandates are emerging left and right (in various jurisdictions and across the industry) requiring critical infrastructure to become quantum-safe in the coming years. As someone who used to run global telecom cybersecurity practices - and served as interim CISO…
Read More » -
Post-Quantum, PQC, Quantum Security
Quantum Key Distribution (QKD): Why Countries Differ on Its Future
Quantum Key Distribution (QKD) - a method of securing communications using quantum physics - has become a flashpoint of debate worldwide. Recent news (like Google’s announcement favoring post-quantum algorithms over QKD) highlights how divided opinions are. Some nations are investing heavily in QKD networks as the next frontier of secure communications, while others remain skeptical and prioritize post-quantum cryptography (PQC). United States and Allies: Emphasizing…
Read More » -
Q-Day
Q-Day Knowledge Center & Q-Day Framework and Estimator
Q-Day Knowledge Center - Your complete guide to understanding, forecasting, and preparing for quantum decryption risk.
Read More » -
Post-Quantum, PQC, Quantum Security
Rethinking CBOM
The simplest way to explain CBOM is still the best. If SBOM is the ingredients list for software, CBOM is the ingredients list for the security assumptions that software depends on. Where SBOM tracks components and dependencies, CBOM tracks cryptographic assets - algorithms, protocols, certificates, keys, and related material - and the relationships that turn "implemented somewhere" into "actually used here." This is not happening…
Read More » -
Post-Quantum, PQC, Quantum Security
Why We Need a Quantum Security ISAC
Quantum computing promises revolutionary capabilities, but it also poses unprecedented threats to cybersecurity. Experts warn of a looming “Quantum Apocalypse” scenario - the day when a sufficiently advanced quantum computer can crack encryption like RSA or ECC, exposing sensitive data that was once considered secure. And of course, there's the already present "harvest now, decrypt later." The potential impact of cryptography-breaking quantum computers is global…
Read More » -
Post-Quantum, PQC, Quantum Security
Securing Quantum Computers – Threat at the Quantum-Classical Interface
A global race is on to build cryptographically relevant quantum computers (CRQCs) - machines powerful enough to break current encryption. Governments and industry are pouring billions into quantum R&D, and intelligence analysts scrutinize whether a geopolitical rival might secretly be ahead. Yet amid this focus on who builds a quantum codebreaker first, an alternative threat vector is often overlooked: an adversary might not need to…
Read More » -
Post-Quantum, PQC, Quantum Security
Q-Day Isn’t an Outage – It’s a Confidence Crisis
Cybersecurity lore often paints Q-Day (the moment a quantum computer cracks RSA/ECC encryption) as an instant "Quantum Apocalypse" where every system gets hacked immediately. Planes falling from the sky, banks drained in seconds, an overnight digital Armageddon - if that nightmare doesn’t happen, some assume Q-Day wasn’t so bad after all. But this view misses a crucial point. The real catastrophe of Q-Day isn’t that…
Read More »
