-500x198.png){kind=logo}
Q Day Preparedness: White Paper & Recommendations
- ICIT Research
- 33 minutes ago
- 2 min read
May 2026
By Brett Freedman, Hugo Holopainen, Cory Simpson, Javier Nater
The RSA (Rivest–Shamir–Adleman) and Diffie-Hellman cryptographic algorithms have underpinned modern cryptography since the 1980s, securing financial transactions and sensitive & secret data. However, these systems rely on mathematical problems that a Cryptographically Relevant Quantum Computer (CRQC) could break. As quantum computing advances, the federal government and critical infrastructure operators must begin transitioning to Post-Quantum Cryptography (PQC).
This shift will be complex. PQC is not a simple replacement for current public-key systems; it requires greater computational resources and long lead times. Recognizing this, the Institute for Critical Infrastructure Technology (ICIT) recently consulted with a key group of federal agencies and industry stakeholders to evaluate U.S. readiness and define priorities.
Key findings include:
Timeline pressure: Industry is targeting 2030; migration must be phased and prioritized.
Execution gaps: Agencies lack clear ownership, visibility into cryptographic systems, and coordinated plans.
Resource constraints: New funding is unlikely; progress must come from reprioritizing existing budgets.
Risk reality: “Harvest now, decrypt later” threats endanger long-lived sensitive data.
Messaging challenge: PQC is seen as an abstract threat off in the future, requiring clear guidance.
These discussions directly informed the final report. As emphasized in President Trump’s Cyber Strategy for America, the transition to PQC must begin immediately. While extensive federal guidance exists, urgent action from Congress and executive agencies is needed to allocate the necessary resources, improve preparedness, and drive adoption across critical infrastructure. The report’s recommendations provide a framework for achieving national PQC resilience.
About ICIT
The Institute for Critical Infrastructure Technology (ICIT) is a nonprofit, nonpartisan, 501(c)3think tank with the mission of modernizing, securing, and making resilient critical infrastructure that provides for people’s foundational needs. ICIT takes no institutional positions on policy matters. Rather than advocate, ICIT is dedicated to being a resource for the organizations and communities that share our mission. By applying a people-centric lens to critical infrastructure research and decision making, our work ensures that modernization and security investments have a lasting, positive impact on society. Learn more at www.icitech.org.
