Title: 7 Anticipated Developments in Quantum Resilience by 2025
Rewritten Article:
Skip Sanzeri serves as the CEO, COO, and board chair of QuSecure, a global leader in post-quantum cybersecurity. As technology progresses and capabilities grow, the global cybersecurity landscape will undoubtedly change. Quantum computing, cryptographic agility, and artificial intelligence (AI) will spearhead a group of advancing technologies that malicious actors may use to steal, seize control, or unfairly influence societal and political outcomes. Here are some forecasts regarding post-quantum cybersecurity and cryptographic agility for 2025 that warrant our attention:
1. AI and quantum merge, fueling a future threat.
Cybercriminals increasingly leverage AI to amplify the sophistication and scope of their attacks. For instance, AI can be used to craft highly convincing phishing emails, causing them to go unnoticed. AI also allows for the automation of complex tasks, resulting in more targeted and efficient cyber threats.
In my previous articles on Our Website, "AI Agents Are The Future, And A Lot Is At Stake" and "The Impact Of AI On Post-Quantum Cybersecurity," I discuss how AI and quantum computing can be combined to accelerate the development of powerful quantum computers and create new attack vectors that will be highly dangerous. 2025 will see both AI and quantum computing advancing and merging, resulting in explosive threats.
2. Quantum computing advances, prompting organizations to prepare.
We now know that quantum computers have the potential to break the encryption protocols used to secure global internet traffic and over 20 billion connected devices. This unprecedented vulnerability could trigger the largest cybersecurity upgrade cycle in history.
Quantum computers are advancing rapidly, with countries like China investing over $15 billion in their quantum program. In 2025, we will see organizations begin implementing quantum-resistant algorithms as a proactive approach to shield against quantum decryption of previously collected data.
3. Crypto agility becomes the norm.
Organizations will need to develop crypto-agile systems that can quickly adapt new cryptographic algorithms to ensure resilience against evolving threats. Automation in cryptographic management is essential for maintaining secure operations amid changing standards.
In the U.S., we anticipate NIST to approve two to three new cryptographic algorithms over the next year and a half. Organizations will need to leverage crypto agility to quickly adapt to new cryptographic standards as threats evolve.
4. Cryptographic management becomes automated.
The adoption of automated tools for managing cryptographic protocols is predicted to rise, facilitating seamless transitions between algorithms and reducing the risk of vulnerabilities during migrations. Using automated cryptographic management will become increasingly important for effectively managing cryptography throughout the enterprise.
5. The U.S. federal government and foreign nations continue to push PQC adoption.
The United States is actively promoting policies to integrate post-quantum cryptography (PQC) into national security frameworks, with significant developments expected in 2025:
•NIST is encouraging federal agencies to migrate to PQC with Internal Report (IR) 8547 detailing strategies for migrating from quantum-vulnerable algorithms to quantum-resistant standards. The public comment period for this draft concluded on January 10, 2025, with the final version expected later in 2025.
•The National Security Agency (NSA) has launched the Commercial National Security Algorithm Suite 2.0, incorporating quantum-resistant algorithms. This suite will be implemented across National Security Systems, with federal agencies required to comply by 2025.
•HR 7535, which was signed into law in December 2022, mandates federal agencies to transition to PQC standards. The Office of Management and Budget (OMB) is expected to issue directives in 2025, setting deadlines for agencies to identify quantum-vulnerable systems and establish migration plans.
6. Organizations prioritize addressing 'harvest now, decrypt later' threats.
Recognizing the potential for adversaries to harvest encrypted data now for future decryption through quantum computers, U.S. policies will likely focus on implementing PQC to safeguard long-term data confidentiality. Nation-states are both monitoring and storing global data traffic with the intent of decrypting it at a later date. Data that requires a long shelf life, such as personal information, government secrets, financial information, and healthcare data all necessitate decades of secrecy.
In 2025, we expect both enterprise and federal agencies to place more emphasis on addressing data exfiltration by implementing PQC standards.
7. The Cryptography Bill of Materials gains significant traction in the 2025 cybersecurity landscape.
A Cryptography Bill of Materials (CBOM) provides a comprehensive inventory of an organization's cryptographic assets and their dependencies within its systems. This transparency is essential for assessing vulnerabilities and ensuring robust digital trust.
Organizations are expected to widely adopt CBOMs to catalog their cryptographic assets, enabling more effective risk assessments and management. By offering a detailed overview of cryptographic implementations, CBOMs can empower organizations to identify and mitigate potential vulnerabilities more efficiently, thereby strengthening their security posture. The adoption of CBOMs is expected to become an essential practice in 2025.
Ensuring Your Organization Remains PQC Vigilant
Transition from PQC strategy to practical deployments.
Organizations should move from planning to actively deploying PQC solutions. 2025 is anticipated to mark a significant shift, with PQC becoming operational across various industries.
Get ahead of regulatory/compliance pressures and standardization efforts.
In 2025, NIST may announce new PQC standards, providing a more diverse framework for widespread adoption. These standards are crucial for ensuring interoperability and security across different platforms. Governments are mandating the integration of quantum-resistant algorithms, compelling organizations to update their cryptographic infrastructures to comply with new regulations.
Increase your awareness and preparedness.
The designation of 2025 as the International Year of Quantum Science and Technology by the United Nations highlights the global focus on quantum advancements and the importance of PQC in securing future technologies. Making sure everyone in your organization is on the same page will be critical.
Concluding Thoughts
2025 is anticipated to be a pivotal year for PQC, with significant strides in standardization, implementation, and global awareness to ensure that cryptographic systems are prepared for the challenges posed by quantum computing. We can expect quantum computing to challenge existing encryption standards, prompting the adoption of quantum-resistant cryptographic solutions and the development of regulatory frameworks to ensure data security in the quantum era.
Our Website Technology Council is an invitation-only community for world-class CIOs, CTOs, and technology executives. Do I qualify?
Skip Sanzeri, as the CEO, COO, and board chair of QuSecure, is actively advocating for the importance of post-quantum cybersecurity and cryptographic agility in the face of advancing technologies like AI and quantum computing. His company, a global leader in this field, is helping organizations prepare for a future where these threats become more prevalent.
Given his role and expertise, Skip Sanzeri could provide valuable insights on how organizations can effectively transition from their current cryptographic strategies to practical deployments of post-quantum cryptography by 2025. His perspective on the importance of staying ahead of regulatory and compliance pressures, as well as increasing awareness and preparedness, would be invaluable for organizations looking to enhance their cybersecurity posture.
