Get access to our live events, papers and training
Join the Tuesday 3pm CET peer reviews
Request our membership pack
Join the Tuesday 3pm CET peer reviews
PROFESSIONAL NETWORK
Join the World's Largest Community of Quantum Security Professionals
QSECDEF brings together the practitioners, policymakers, and vendors actively shaping the post-quantum transition. Members share early intelligence on tooling, procurement developments, and regulatory shifts before that information reaches the public domain. This is the professional network the field converges on.
More than 1,200 members from 40+ countries, including Five Eyes governments, NATO member institutions, and the leading quantum vendors are already part of the community.
EVENT INVITATIONS
Get Early Invitations to Quantum Security Events and Webinars
QSECDEF hosts closed briefings, practitioner webinars, and in-person events attended by defence agencies, central banks, and critical infrastructure teams. Members receive invitations before public registration opens. Several events are members-only and never open to the public.
600+ organisations across 40+ countries are represented in our member community, including defence ministries, NATO institutions, and Five Eyes government agencies.
THREAT INTELLIGENCE
The Briefing That Closes Your Quantum Threat Picture
Most organisations have a PQC roadmap. Fewer have a reliable signal on where the actual threat timeline sits, which vendors' claims hold up under scrutiny, and what peer organisations at your maturity level are doing. QSECDEF membership exists to close that gap. One briefing cycle has changed procurement decisions at organisations you would recognise.
Members include CISOs, heads of cryptography, and national security advisors from 40+ countries. The Five Eyes and NATO institutions read what we publish.
1,200+MEMBERS
40+COUNTRIES
600+ORGANISATIONS
Check your email and junk email for information and add us to your safe senders list.
Agentic Artificial intelligence is used in the construction of our daily research notes. They serve as a daily directional briefing for our team discussions. We are working to improve citing mechanisms and linking to articles.
The 2025 milestone dates in the CNSA 2.0 transition timeline are not future planning items. For any defence supplier with an active national security system programme contract, those dates are now in the past. Suppliers reading this in mid-2026 who have not yet started on their applicable product categories are behind the NSA's published schedule.
Financial institutions face a more complex PQC readiness problem than most sectors. The combination of live regulatory obligations, unusually long data retention requirements, and high adversarial interest in financial records produces a risk profile where the standard enterprise migration timeline is insufficient. The pillar framework below gives CISO, CTO, and CRO audiences a structured tool for assessing programme status and communicating it to boards.
CISOs are asked to justify PQC migration investment against uncertain timelines, crowded security budgets, and a board that wants to understand the risk without understanding lattice cryptography. The Mosca inequality is the most concise argument that exists for starting now. Three variables. One calculation. If the sum of two exceeds the third, the organisation is already behind.
CMMC has been a moving target for years. The final rule (32 CFR Part 170) was published in October 2024 and became effective December 2024. Most contractors are still focused on getting to 110 practices compliant under NIST SP 800-171 Rev 3 at Level 2. Post-quantum cryptography is not on most CMMC compliance roadmaps. That is a defensible near-term prioritisation. But PQC migration is a long-lead-time programme, and the compliance window is narrowing.
The CNSA 2.0 preferred dates for software and firmware signing (2025) and network equipment (2026) have either passed or are current. This article covers the implementation problem: how to deploy ML-KEM-1024 and ML-DSA-87 correctly across the range of protocol contexts in an NSS-connected system, where FIPS 140-3 validation requirements gate deployment, and what sequencing gets organisations to compliance without rework.
Selecting ML-KEM or SLH-DSA as your post-quantum algorithm is the easy part. This article maps which C and Rust libraries implement the final FIPS 203 and 205 specifications, their FIPS 140-3 validation status, and how to apply a five-criterion selection framework for your deployment context.
Most organisations that have reached the CISO’s desk on PQC have the same problem: they have a list of exposures and no structure for acting on it. This article provides the programme architecture: the five-phase model, dependency structure, governance outputs, and what the board needs to see.
The distinctive concern for CNI operators is not data confidentiality alone. It is operational continuity. A compromised authentication channel in an energy SCADA system does not produce a data breach notification; it produces a substation failure. This roadmap addresses the sector-specific constraints, regulatory frameworks, and migration sequencing that apply to CNI operators across energy, transport, water, and financial market infrastructure.
An organisation's post-quantum cryptography migration plan is only as strong as its most cryptographically exposed supplier. When your own TLS endpoints are protected but your cloud ERP vendor still terminates connections with RSA-2048 key exchange, the harvest-now-decrypt-later risk for data in transit through that vendor is not mitigated by your own migration. This guide provides a structured five-question framework for evaluating vendor quantum readiness.
NIS2 does not specify algorithms. What it does require, under Article 21(2)(h), is that entities implement the use of cryptography and, where appropriate, encryption as part of their cybersecurity risk management measures. The gap most compliance programmes have is treating that requirement as satisfied by existing TLS and VPN deployments, without assessing whether those deployments remain adequate against a cryptographically relevant quantum computer.
The Digital Operational Resilience Act entered into application on 17 January 2025. Unlike GDPR, there was no two-year run-up between publication and enforcement. The obligations became live on a single date, and they apply directly across all EU member states without national transposition. This guide maps the five implementation steps CTOs and CISOs at EU financial entities need to work through, with specific article references and cryptographic resilience obligations included.
Most post-quantum cryptography literature describes ML-KEM as "the NIST post-quantum key exchange." That framing is close enough for a headline, and wrong enough to cause real implementation errors. ML-KEM is not a key exchange protocol in the sense that ECDH is. It is a key encapsulation mechanism, a formal cryptographic primitive with a different API, a different security model, and different composition properties.
Post-quantum TLS migration changes two things: the key exchange algorithm and, eventually, the certificate signature algorithm. The record layer, the handshake state machine, session resumption, and OCSP stapling are structurally unchanged. An engineer who understands what is not changing is in a much better position to sequence the migration.
The common problem in defence contractor CNSA 2.0 planning is not a lack of awareness that the requirement exists. It is the gap between knowing it exists and knowing which specific programmes it applies to, which milestones are immediately operative, and how CNSA 2.0 interacts with CMMC certification.
Every encryption decision is made against the threat model that exists at that moment. The data it protects may need to remain confidential for a decade beyond that point. This article applies the Mosca inequality to classify existing encryption decisions as immediate, deferred, or irreversible, with worked examples across NHS records, ICS firmware, and enterprise email archives.
The 2026 KMS deadline in NSA's CNSA 2.0 roadmap requires all new key management and PKI systems to support ML-KEM-1024 and ML-DSA-87 natively. This article covers the KMIP 2.2 requirement, FIPS 140-3 HSM certification timelines, and the key wrapping vulnerabilities that remain quantum-exposed even after the algorithm swap.
Quantum risk briefings are now common at board level. Governance is not. This article sets out a five-element framework using NIST CSF 2.0 as the governance architecture, covering named accountability, CBOM as the Map deliverable, board-level metrics, escalation protocols, and regulatory obligations under NIS2, ISO 27001, and SEC 17 CFR 229.106.
Financial services institutions hold the data categories with the longest regulatory retention periods, are documented targets of nation-state cyber operations, and already operate under ICT risk management frameworks carrying technology-currency obligations on cryptography. The interaction of these three factors means HNDL is not a future consideration for this sector.
The NSA's preferred schedule had 2025 as the target year for software and firmware signing. That date has passed. This article works through each CNSA 2.0 requirement as a compliance guide: what the mandate actually requires, where contractors stand in 2026, and how to sequence the work from cryptographic inventory through to RMF documentation.
NIST IR 8547 is not a threat assessment document. It is a schedule. This article provides the specific dates, specific algorithm names, and specific policy implications practitioners need for compliance programmes, procurement specifications, and vendor questionnaires.
Harvest-now-decrypt-later exposure is calculable, not qualitative. An organisation that knows its network topology, data retention requirements, and current key exchange algorithms can produce a scored HNDL exposure assessment for any system in its estate. This article explains the I x L x A calculation methodology, works through three concrete examples, and shows how the score drives migration priority sequencing.
Post-quantum cryptography readiness has a specific structure. Six areas must all advance for a migration to succeed: cryptographic discovery, algorithm selection, programme management, hybrid deployment, governance, and supply chain coverage. This 16-item checklist provides the self-assessment instrument every CISO needs before the 2028 Phase 1 deadline.
On 20 March 2025 the NCSC published its first dedicated PQC migration timeline, setting milestones at 2028, 2031, and 2035. For operators of essential services under the UK NIS Regulations 2018, those dates define the technical baseline competent authorities will use. This article explains what each phase requires, how it connects to UK legal obligations, and why 2028 is the milestone that demands attention now.
DORA's ICT risk management obligations are live. This article maps the specific Articles 6 and 9 obligations and their RTS implementations to post-quantum cryptography requirements, and provides a five-component programme linking each deliverable to the DORA Article it satisfies.
For organisations operating in the EU, ETSI standards are not an alternative to NIST — they are the regulatory translation layer. This article maps the three primary ETSI quantum-safe cryptography documents, explains where each fits in the European regulatory structure, and addresses the naming problem that continues to cause confusion.
The board case for PQC investment changed materially in August 2024 when NIST published final standards and opened the deprecation clock. This article gives CISOs the framing, the financial exposure proxies, and the specific investment ask needed to move quantum security from the risk register to the project list.
Not all data needs migrating at the same urgency. This article applies the Mosca inequality to specific data categories with specific confidentiality lifetimes and migration complexity estimates, so organisations can tell their board which data is exposed, why, and in what order to act.
The EU Cyber Resilience Act's main conformity obligations apply from December 2027. For manufacturers whose products use quantum-vulnerable cryptography, that date is closer than it sounds. This article maps the essential requirements, which product categories are most exposed, and what to do before the conformity deadline.
The obligation to protect personal data with measures 'appropriate to the risk' under UK GDPR Article 32 includes the current threat model. That model now includes harvest-now-decrypt-later attacks. The compliance exposure attaches today, not at Q-Day. This article explains what DPOs and CISOs need to do.
The most common reason PQC migration programmes stall at planning is the absence of a reliable answer to one question: what cryptographic assets do we actually have? A Cryptographic Bill of Materials (CBOM) solves that. This article describes how to build one, from discovery through to maintained programme tracking.
A cryptographic library is not a commodity procurement. Choose a library without ML-KEM support today and you face a choice between deferring migration or replacing the library mid-programme. This article gives security architects the evaluation framework for library and HSM vendor selection.
Multi-framework PQC compliance is the problem most organisations face in 2026. NIST IR 8547, CNSA 2.0, DORA, and NIS2 share a technical foundation but differ in scope, parameter requirements, and timeline. A structured gap analysis methodology for organisations operating across multiple frameworks simultaneously.
The Harvest Now, Decrypt Later attack is not a theoretical concern for 2033. The interception is happening now. A five-component operational framework for assessing HNDL risk against your data estate, producing a prioritised migration register, transmission exposure map, and remediation roadmap.
The PQC migration problem in operational technology environments is harder than in IT. Hardware cycles of ten to twenty years, compute-constrained endpoints, and HNDL exposure on critical operational data. A four-stage passive assessment framework for OT security practitioners.
Getting quantum risk onto the board agenda is not the hard part. Most boards will hear "governments are retiring current encryption standards by 2030" and accept that it warrants attention. The hard part is giving the board something they can actually govern. A risk statement without a measurement, a cost without a migration plan, a compliance obligation without a timeframe — none of these produces a decision.
FIPS 203 defines three parameter sets for ML-KEM. The choice between them carries real implications for performance, security margin, and integration architecture. This article works through what each set provides, where the actual performance cost sits (not where architects typically assume it sits), and which set belongs in which deployment context.
Most NIS2 implementation programmes treat cryptography as a checklist item: TLS version current, certificates valid, data encrypted at rest, multi-factor authentication deployed. That checklist addresses your present state. It says nothing about whether the cryptographic controls protecting your most sensitive data will still be adequate in 2033, when the threat environment changes in a fundamental way.
The EU AI Act's August 2026 enforcement threshold arrives for high-risk AI systems in critical infrastructure. What Article 15's state-of-the-art cybersecurity standard means for quantum security posture, and four steps operators must take before the deadline.
PKI migration is the longest-lead item in most enterprise PQC programmes. Root CA sequencing, ML-DSA algorithm selection, HSM readiness, OCSP infrastructure, and a four-phase migration plan for PKI teams.
IR 8547 answers the question the FIPS standards do not: when must the old algorithms stop. A CISO and security architect guide to the deprecation and disallowance schedule, who is bound by it, and what must happen by when.
Not all encrypted data is equally exposed to Harvest Now, Decrypt Later attacks. A retail transaction from last Tuesday carries effectively no HNDL risk. A genomic database record from the same day may carry HNDL risk for the lifetime of the person it describes. This article provides a structured framework for identifying which data categories in your organisation warrant immediate action.
The audit companion to the sub-tier supplier guide. Where that article answers what you must do, this one answers whether you have done it. A 7-domain terminal audit framework for compliance officers, quality managers, and legal counsel preparing for CMMC Level 2 assessment.
The waiting period is over. NIST finalised FIPS 203, 204, and 205 on 13 August 2024. The NCSC published its phased UK migration timeline in March 2025. This article works through what must happen in each phase from 2025 through 2033, identifies the dependencies that make sequencing non-trivial, and closes with a framework for deciding which systems to migrate first.
Prime contractors are working through their own CMMC Level 2 assessments. Sub-tier enablement gets deprioritised. The absence of a formal notification from your prime does not suspend your obligation. This guide covers what a sub-tier supplier must do independently.
DORA has been live since January 2025. Its ICT risk management framework explicitly names quantum advancements as a cryptanalytic threat category. This article maps the regulatory hooks, the three highest-pressure points for ICT risk managers, and where UK institutions sit.
Knowing what each NIST post-quantum standard requires is the first problem. Sequencing them correctly is the second. This article provides the decision logic for which standard to implement first and how to avoid the dependency traps that stall most PQC migration programmes.
NSA's CNSA 2.0 replaces CNSA 1.0's public-key algorithms entirely. Defence suppliers who cannot demonstrate CNSA 2.0 algorithm support will not compete for NSS contracts from 2027. This article maps what changed, the compliance hierarchy, and the implementation steps required.
Common questions from prospective QSECDEF expert members: which category applies, what the application process looks like, what happens at each tier outcome, how personal data is handled, and what membership signals.
QSECDEF runs a structured vetting process before listing any organisation in its directory. This post explains the categories, the question sets, the tier outcomes, and what being listed does and does not mean.
RSA relies on integer factoring. ECC relies on elliptic curve discrete logarithms. Shor's algorithm solves both efficiently. Here is why, and what to do about it.
Most enterprises that have engaged with quantum risk planning have encountered 2030. It appears in NIST's deprecation schedule. It appears in NSA CNSA 2.0. It appears in BSI and ANSSI guidance. From a distance it reads as: do this by 2030. But that is not what it says.
The term 'crypto agility' appears in procurement documents, vendor briefings, and RFP responses with a frequency that has outpaced its precision. In most vendor usage, it means 'our product supports multiple algorithms.' That is not what NIST means by the term.
NIST finalised its first post-quantum algorithm standards on 13 August 2024 — FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA). The algorithm selection phase of the post-quantum transition is, for practical purposes, settled.
Most CISOs can tell you they have a quantum problem. Very few can tell you which of their systems are most exposed, which assets need to move first, and whether their current migration timeline is realistic given their data longevity requirements.
The question 'will quantum computers break encryption?' has an answer: yes, with a sufficiently large cryptographically relevant quantum computer, the public-key algorithms that protect most sensitive data will fail. The more pressing question is how long your specific organisation has.
Understanding the Harvest Now, Decrypt Later threat is not the same as knowing which of your data is already at risk. Most organisations that have absorbed the HNDL concept have not taken the next step: mapping their specific data categories against sensitivity, longevity, and current encryption strength.
PQC migration cannot happen across all systems simultaneously, resources are finite, and the wrong migration order leaves your highest-risk assets exposed for longest while consuming budget on lower-priority work. The Cryptographic Asset Prioritisation Matrix solves the sequencing problem.
Algorithm deprecation is not a future risk — it is a current compliance requirement with documented timelines published by NIST, NSA, and ETSI. The challenge is that they are distributed across multiple standards documents, written for different audiences, and updated on different schedules.
PQC migration is not a bounded project with a clear entry point — it is a programme that cuts across every layer of infrastructure, with interdependencies that mean the wrong starting point generates rework, scope conflicts, and wasted budget. The PQC Migration Decision Tree gives you a structured recommendation.
Readiness in the context of PQC migration means something more specific than awareness of the quantum threat. Most organisations that consider themselves PQC-aware have not assessed whether their organisation is actually equipped to migrate — whether the cryptographic inventory is complete, whether vendors have defined upgrade paths.
Most quantum security tools ask how ready your organisation is to migrate to post-quantum cryptography. This tool asks a different question: across the specific ways a quantum-capable adversary would target your organisation, how exposed are you right now, on each one?
NIST finalised three post-quantum cryptographic standards in August 2024: FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA). For a security architect implementing PQC migration, the question is not which standard is best — it is which algorithm is appropriate for this specific use case.
The conversation about OT quantum security migration tends to start in the same place: an asset with no upgrade path. The OT Cryptographic Asset Prioritisation Matrix is built for this reality — it prioritises the assets that can migrate, flags the assets that cannot, and gives you the constraint data needed to plan replacement procurement for the rest.
Most quantum security discussions in operational technology focus on the systems. The scanner works at a lower layer: the communication protocols themselves. Industrial protocols like Modbus and DNP3 were designed decades before quantum computing was a practical concern, and many carry no native cryptographic protection.
Every blockchain operator knows migration to quantum-resistant cryptography is coming. What most do not know is how complex their specific migration will be. The effort varies by orders of magnitude depending on chain type, consensus mechanism, application layer count, and key migration scope.
There are two ways to assess blockchain quantum exposure. The technical approach scans at the protocol layer. The strategic approach asks: how dependent is your organisation on quantum-vulnerable blockchain infrastructure, and do you have any influence over the PQC migration timeline of the chains you depend on?
The Blockchain Quantum Exposure Scanner operates at the technical layer: it identifies which specific signature schemes, wallet address types, and protocol constructs in a blockchain environment carry quantum vulnerability. This is the tool for a security engineer or blockchain developer who needs protocol-level visibility.
Quantum security is an emerging solution category with a large but unevenly distributed market. A pre-sales team without a structured qualification approach wastes discovery time on organisations that are 18 months from a budget decision, while missing organisations that have a compliance mandate, a funded programme, and no vendor relationship.
An organisation considering quantum key distribution has already moved past asking whether quantum security matters. They are asking: is QKD the right solution for our specific requirements, and does our infrastructure actually support it? QKD is not the right answer for every organisation or every use case.
NSA CNSA 2.0 sets specific cryptographic transition requirements for national security systems, including satellite command and control. Most space programme security teams know the standard exists. What the assessor provides is a structured way to evaluate current cryptographic posture against those requirements.
Q-Day is the threshold at which public-key cryptography ceases to provide security against a quantum adversary. Most enterprises are not preparing. Here is what security teams need to understand now.
NIST published FIPS 203, 204, and 205 in August 2024. The algorithm selection phase is over. What security architects need to understand is which standard applies to which workload and what each one actually requires.
HNDL is not a theoretical risk. The NSA said in 2021 that adversaries are collecting encrypted data today. Here is what the evidence shows, what it means for your data, and what you can do about it.
NIST published four post-quantum standards in August 2024. This is the reference a CISO or architect needs to understand what each standard does, which compliance framework applies, and how migration actually works.
Most board quantum security briefings produce awareness, not decisions. The CISO's challenge is translation. This is a practical guide to structuring a briefing that produces a budget approval and a mandate.
Most PQC migration programmes treat the perimeter of the problem as the perimeter of the organisation. It is not. Every supplier that exchanges encrypted data with your organisation is a cryptographic dependency you do not control.
QKD is a key exchange protocol with genuine information-theoretic security properties. It is also a specialised technology with fundamental limitations most enterprise assessments do not address honestly. Here is the full picture.
Every PQC migration programme has a first step. Most organisations get it wrong. Without a complete cryptographic inventory, there is no way to know what you are migrating, in what order, or when you are done.
A score without interpretation is noise. This guide explains the five factors behind the QSECDEF Post-Quantum Risk Assessment, what drives each factor score, and how to translate the output into a migration programme starting point.