< ciso
brief />
Tag Banner

All news with #post quantum cryptography tag

118 articles

Cloudflare on ML‑DSA and the PQ signature landscape

🔒 Cloudflare explains why ML‑DSA, the NIST‑standardized post‑quantum signature, must be used for the initial migration even though better schemes may arrive later. The post‑quantum transition is underway: most traffic already uses ML‑KEM encryption, and Cloudflare targets full post‑quantum protection by 2029. The post outlines tradeoffs among candidate signature families — size, speed, and implementation risks — and highlights why specialization and generalist schemes will both be needed.
read more →

CISO Playbook for Post‑Quantum Mandates and Migration

🔒 This guide explains regulatory timelines and a strategic playbook for CISOs and senior leaders to manage post-quantum cryptography (PQC) migrations across large organizations. It outlines the practical split between short‑lived protocol upgrades (like TLS) and long‑lived embedded devices, recommends centralized governance via a cryptography center of excellence, and emphasizes board-level framing, vendor engagement, and phased execution to meet compliance deadlines.
read more →

France ends certification of non-quantum encryption

🔒 France’s cybersecurity agency ANSSI announced it will stop certifying security products that lack quantum-resistant encryption beginning in 2027, accelerating a national shift to post-quantum cryptography. ANSSI’s decision effectively forces French government bodies and critical operators to adopt quantum-safe solutions, as its approval is required for official use. The agency advised businesses to purchase only quantum-safe products by 2030 to ensure compliance and future-proofing.
read more →

Microsoft Accelerates Move to Post‑Quantum Cryptography

🔒 Microsoft announced an acceleration of its Quantum Safe Program to transition critical products and services to post‑quantum cryptography by 2029. The company plans to integrate PQC requirements into its Secure Future Initiative and emphasize crypto‑agility, TLS 1.3 adoption, and protection of trust chains such as code signing and certificates. Microsoft urged organizations to begin migration now due to advances in quantum research and rising risk of 'harvest now, decrypt later.'
read more →

Microsoft Expedites Transition to Post‑Quantum Cryptography

🔒 Microsoft says it is accelerating its move to post-quantum cryptography, citing advances in quantum R&D and a shifting "risk horizon." CTO Mark Russinovich announced a goal to migrate critical products and services to PQC by 2029, and linked the work to its Microsoft Quantum Safe Program and Secure Future Initiative. The company outlined three pillars—upgrading network cryptography to TLS 1.3, building crypto-agility for data at rest, and modernizing crypto trust chains—and provided practical steps for organizations to begin their PQC transition.
read more →

Microsoft accelerates quantum-safe transition to 2029

🔒 Microsoft has accelerated its quantum-safe roadmap, saying advances in quantum computing bring the need to replace current encryption sooner than expected. The company plans to transition critical products and services to post-quantum cryptography (PQC) by 2029 under its Quantum Safe Program and integrate quantum-safe requirements into its Secure Future Initiative. Microsoft emphasizes modernizing infrastructure, enabling crypto-agility, and updating trust chains to ease future migrations.
read more →

Microsoft accelerates quantum-safe security timeline

🔐 Microsoft is advancing its quantum-safe timeline, now targeting transition of critical products and services to post-quantum cryptography by 2029. The company is embedding PQC requirements into its Secure Future Initiative to ensure clear ownership, measurable milestones, and platform readiness. Priorities include modernizing network cryptography, enabling crypto-agility, and securing chains of trust across keys, certificates, and signing. Microsoft urges organizations to begin discovery and modernization now to reduce long-term risk.
read more →

Start Post‑Quantum Cryptography with Credentials

🔐 Today’s public-key cryptography faces a future threat from quantum computers that can render intercepted ciphertext and stored credentials decryptable. Agencies like the NSA and standards bodies such as NIST have set Q-day deadlines between 2027 and 2035 to phase in quantum-resistant algorithms, while enterprises face multi-year migrations. A practical approach is credentials-first: inventory secrets, prioritize long-lived, high-impact credentials, adopt hybrid cryptography, and design for crypto-agility to reduce Harvest Now, Decrypt Later risks.
read more →

Executive Order Accelerates Post‑Quantum Readiness

🔒 The White House Executive Order signed June 22, 2026 mandates migration of federal systems to NIST‑approved post‑quantum cryptography, setting milestones for key establishment by 2030 and digital signatures by 2031. It extends urgency to critical infrastructure, federal contractors, and procurement, highlights "harvest now, decrypt later" risk, and calls for cryptographic bill of materials guidance to drive visibility and operational readiness.
read more →

US issues post-quantum crypto deadlines, launches quantum push

🔒 The White House signed two executive orders to accelerate federal migration to post-quantum cryptography and expand investment in quantum technologies. The crypto order sets firm deadlines for replacing vulnerable algorithms, requires cryptographic inventories and a CBOM, and signals future procurement rules for contractors. The companion order creates a coordinated federal quantum initiative to drive research, commercialization, workforce development, and defenses for sensitive research.
read more →

U.S. Executive Order Accelerates PQC Adoption

🔒 On June 22, 2026, President Trump signed Executive Order 14409, setting federal deadlines to adopt post-quantum cryptography: key establishment by December 31, 2030, and authentication by December 31, 2031, with contractors required to comply by 2030. Cloudflare supports the EO, noting federal procurement has historically driven industry adoption and highlighting that post-quantum encryption deployment is already widespread across its services while authentication work continues. The EO focuses on NIST-standardized PQC, excludes National Security Systems, and directs OMB and agencies to plan and report migration progress.
read more →

U.S. Sets 2030–2031 Deadlines for PQC Migration

🔐 President Trump signed an executive order on June 22 directing federal agencies to migrate high-value assets to post-quantum cryptography with key establishment required by December 31, 2030 and digital signatures by December 31, 2031. The EO accelerates the federal timeline by four to five years and aligns agency schedules with NIST's 2024 FIPS for ML-KEM and ML-DSA/SLH-DSA. Agencies must name migration leads, inventory cryptographic assets, and submit plans; OMB, NIST, CISA and FAR will issue guidance to enforce timelines and contractor requirements.
read more →

US Executive Order Accelerates PQC Migration by 2031

🔐 The US has issued Executive Order 14409 requiring federal agencies to migrate to post-quantum cryptography (PQC) for key establishment by December 31, 2030 and for digital signatures by December 31, 2031. The EO mandates a Commerce-led PQC pilot to finish by December 31, 2027 and directs OMB and the National Cyber Director to accelerate a nationwide transition while coordinating with other agencies and international partners. It also tasks agencies to find cost efficiencies and ensures contractors meet federal cybersecurity standards by 2030.
read more →

Preparing for quantum-era threats to current encryption

🔒 The article explains the growing reality of “harvest now, decrypt later” attacks, where adversaries steal encrypted data today to decrypt later with quantum computers. It summarizes industry and government perspectives, noting that most organizations underprioritize the risk despite emerging standards like NIST’s 2024 post-quantum algorithms and EU transition roadmaps. The piece reviews mitigation options — PQC, QKD, and the need for cryptoagility — and highlights examples from Spain and financial institutions planning phased transitions.
read more →

Raise security procurement and prepare for quantum

🔐 At Infosecurity Europe, Forescout's Rik Ferguson urged organisations to accelerate transition plans to post-quantum cryptography (PQC), warning that only 8% of SSH servers support PQC. He cited NSA warnings about harvest-now-decrypt-later (HNDL) attacks and evidence from surveillance programs indicating encrypted data is already being hoovered for future decryption. Ferguson recommended urgent inventorying of encrypted assets, embedding quantum readiness into procurement, and building crypto-agility such as adopting TLS 1.3.
read more →

Swiss team claims certifiable perfect randomness

🔬 Researchers at ETH Zurich report creating a device that generates provably perfect random numbers using two superconducting qubits, a 30-meter microwave guide, and specialized software. The setup leverages quantum entanglement and an amplification algorithm to remove bias common in classical and many quantum sources. The team says the output can be certified and could serve cryptographic key generation or public randomness services.
read more →

GCHQ warns businesses: urgent cyber action on AI

⚠️ Anne Keast-Butler, director of GCHQ, urged UK businesses to treat cybersecurity as national defence during the agency's first annual lecture at Bletchley Park on May 27. She warned that rapid AI development narrows the window to stay ahead of threats and called on boardrooms to act now. GCHQ plans a machine-speed national cyber defence using agentic AI within five years while urging adoption of basic controls and quantum-resistant cryptography.
read more →

Automating PQC Readiness for AWS TLS Endpoints with Config

🔒 The PQC Readiness Scanner automates inventory and continuous monitoring of AWS-terminated TLS endpoints — Application Load Balancer (ALB), Network Load Balancer (NLB), and Amazon API Gateway — to evaluate TLS policies for Post-Quantum Cryptography (PQC) readiness. It classifies endpoints into a three-tier framework (Tier 1: PQ-ready, Tier 2: PQ-ready with backward compatibility, Tier 3: not PQ-ready) and returns COMPLIANT/NON_COMPLIANT results with policy recommendations. Built as an AWS Config conformance pack with custom rules and Lambda functions, it supports organization-wide deployment via CloudFormation StackSets and S3-hosted artifacts. The scanner reduces manual review, tracks migration progress across accounts, and helps prioritize upgrades to TLS 1.3 with PQC key exchange.
read more →

April 2026 AWS Security Digest: Features and Alerts

🔒 The April 2026 AWS Security monthly digest highlights new features, hands-on samples, and security bulletins across identity, AI security, data protection, and detection. Notable posts include IAM Identity Center session tags for ABAC, guidance for securing agentic AI via the Model Context Protocol, and practical steps to adopt hybrid post‑quantum TLS for Secrets Manager. The edition also summarizes April CVEs and ships 16 runnable code samples and workshops to validate recommended controls.
read more →

Cloudflare Enables Post-Quantum IPsec with ML-KEM Standard

🔒 Cloudflare has made post-quantum encryption generally available for Cloudflare IPsec using hybrid ML‑KEM (FIPS 203), implementing draft-ietf-ipsecme-ikev2-mlkem. The rollout enables site-to-site WAN tunnels protected against harvest-now-decrypt-later attacks and has been tested interoperably with Cisco and Fortinet branch connectors. This brings post-quantum IPsec closer to Internet-scale deployment and supports Cloudflare’s goal of full post-quantum security by 2029.
read more →