-500x198.png){kind=logo}
DARPA’s quantum-age playbook: Engineering cyber resilience with formal methods
- Cory Simpson
- Aug 4
- 4 min read
Photo Credit: Adobe Stock Images
This OpEd was originally published in S.C. Media:
July 28, 2025
Author: Cory Simpson, CEO, ICIT
The “quantum-age” refers to a near-future moment when quantum computers begin to reshape fields, from drug discovery and logistics to national defense and cryptography.
Unlike classical computers, which solve problems step by step—like trying every key on a lock one at a time—quantum systems can evaluate many possibilities simultaneously. This breakthrough opens the door to transformative progress, but it also presents serious risks to encrypted data, including information secured by today’s strongest algorithms. To get ready, organizations need to first identify what needs protection. That’s why the federal government is starting with a prioritized inventory of its cryptographic systems.
Once that foundation is set, design becomes decisive. In August 2024, NIST released the first three post-quantum cryptographic standards, ushering in a new era of cybersecurity in the quantum-age.
These algorithms lay the groundwork for quantum-secure encryption. But resilience demands more than stronger math. Critical systems must perform under pressure, maintain integrity in complex environments, and recover with speed. That level of assurance requires deliberate engineering—software that is verified, validated, and engineered for trust at every layer.
DARPA’s collaboration with the U.S. Air Force illustrates this approach in practice. Their work, which applies formal methods—a discipline that utilizes mathematical proofs to verify software behavior—demonstrates how post-quantum resilience can be achieved through provable trust, operational rigor, and intentional design.
DARPA: A legacy of innovation
For more than sixty years, DARPA has translated mission urgency into national capability—developing GPS, stealth systems, and the internet, all of which shape modern defense and civilian infrastructure.
Today, DARPA continues to invest in tools that strengthen assurance across complex, interconnected systems. Its programs accelerate innovation with clear operational value, bridging breakthrough research and real-world deployment.
Through its formal methods portfolio, the agency advances mathematically grounded tools for building software with verifiable integrity. Particularly, DARPA advocates widespread adoption of formal methods to secure aging DOD systems. Portfolios such as SafeDocs—a secure parser verification framework—retrofit legacy platforms (such as the MQ‑9 Reaper) with provably secure code. The initiative includes industry co‑funding, best‑practice guides, and acceleration toward deployment.
DARPA’s collaboration with the U.S. Air Force reflects this approach in action—engineering trust into systems designed to perform at scale.
Quantum risk, system urgency
Quantum computing accelerates computation at a scale that transforms modern encryption. Encryption algorithms like RSA and ECC rely on problems that are too complex for classical computers to solve efficiently. Quantum systems close that gap—shrinking protection windows and exposing sensitive data to future compromise.
This shift has triggered global investment in quantum-resistant encryption. In the United States, the first post-quantum standards released by NIST in 2024 marked a turning point in securing digital infrastructure.
But resilience needs more than just stronger algorithms. Communications, financial systems, and defense platforms must operate reliably in rapidly evolving threat environments. This requires software that is verified, trusted, and designed to be recoverable—at every level of complexity.
Formal methods in the field: DARPA and the Air Force in action
A recent partnership between DARPA and the U.S. Air Force shows how cyber resilience can be built directly into mission systems.
The initiative applies formal methods to the MQ-9 Reaper, a widely deployed aircraft that supports global operations in contested environments. Formal methods use mathematical logic to ensure software behaves exactly as intended. Engineers define key security and performance properties, then apply proof-based tools to verify that those properties hold throughout the system’s lifecycle.
This approach strengthens mission-critical code before deployment. The Reaper’s integrated command, control, and sensor systems make it a strong testbed for applying verified software at scale. The program shows how engineering assurance can be aligned with operational demands in real-world conditions.
This initiative is part of DARPA’s Resilient Software Systems Accelerator program, which encourages industry and academia to adopt formal methods to improve DOD systems. This effort follows a colloquium attended by over 300 defense, academic, and industry leaders. The initiative aims to upgrade legacy platforms and strengthen security across DOD infrastructure.
DARPA’s investment in formal methods accelerates this capability, enabling quicker validation, reducing attack surfaces, and enhancing confidence in deployed systems. Their work with the Air Force provides a model for deploying provable resilience across the broader defense ecosystem and beyond.
Cory Simpson is the CEO of Gray Space Strategies, a Washington, D.C.-based consulting and advisory firm, and the Institute for Critical Infrastructure (ICIT), a non-profit organization dedicated to the security and resilience of critical infrastructure that provides for people’s foundational needs. He also serves as a Senior Advisor to the Cyberspace Solarium Commission 2.0. The opinions expressed in this article are his own and do not reflect the views of any employer or affiliated organization.
About ICIT
The Institute for Critical Infrastructure Technology (ICIT) is a nonprofit, nonpartisan, 501(c)3think tank with the mission of modernizing, securing, and making resilient critical infrastructure that provides for people’s foundational needs. ICIT takes no institutional positions on policy matters. Rather than advocate, ICIT is dedicated to being a resource for the organizations and communities that share our mission. By applying a people-centric lens to critical infrastructure research and decision making, our work ensures that modernization and security investments have a lasting, positive impact on society.
Learn more at www.icitech.org/.
ICIT CONTACTS:
Parham Eftekhari
Founder and Chairman
Cory Simpson
Chief Executive Officer
