The Quantum-Cryptography Cliff: From Roadmaps to Reality

Photo Credit: Getty Images

This OpEd was originally published in S.C. Media.

January 20, 2026

Author: Valerie Moon, Executive Director, ICIT

Post-quantum readiness has been an active policy issue inside government for several years, yet the onset of "Q-Day" — the day when quantum computing that breaks our encryption standards becomes widely available — has never quite felt as immediate as it does now.

While I was at the Cybersecurity and Infrastructure Security Agency (CISA), we worked with the National Security Council on post-quantum readiness to prepare National Security Memorandum 10, Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems, published in May 2022.

This past November, the Department of War (DoW) issued an memo outlining steps that need to be taken within the Department to prepare DoW systems to migrate to post-quantum cryptography. And just this month, the G7 Cyber Expert Group released a statement on Advancing a Coordinated Roadmap for the Transition to Post-Quantum Cryptography in the Financial Sector.

The policy direction is clear. What remains uncertain is whether organizations will move quickly enough to match the urgency embodied in those directives.

The race to a cryptographically relevant quantum computer

The global race is heating up to develop a cryptographically relevant quantum computer (CRQC) powerful enough to break the asymmetric cryptographic protocols that underpin internet security, such as the RSA (Rivest-Shamir-Adleman) algorithm and the ECC (Elliptic Curve Cryptography) approach we have relied on for decades.

When today's public-key cryptography algorithms are cracked, the impact will be immediate and systemic. With a cryptographically relevant quantum computer, encrypted communications can be decrypted, digital signatures can be forged, and trusted software updates and identity systems can be undermined.

That is why the risk posed by CRQCs is not just about secrecy. It is about integrity and availability across critical infrastructure. Even today, before a full CRQC breakthrough, adversaries are believed to already be practicing "harvest now, decrypt later" by collecting encrypted network traffic and stealing encrypted sensitive data to be unlocked once quantum capability arrives.

Hardware momentum: Google, Microsoft, and IBM

Many U.S. companies, like Google, Microsoft, and IBM, are leading the efforts in quantum computing. Google's Willow quantum chip, unveiled in December 2024, has 105 qubits and recently claimed its spot as the world's most powerful quantum computer after completing the random circuit sampling (RCS) benchmark, the toughest in the world, in just five minutes. 

Google estimates that the traditionally powered Frontier supercomputer at the Oak Ridge National Laboratory would take 10 septillion years to achieve the same result (although supercomputers and quantum computers excel at different tasks). Willow is not just fast but has the capacity to correct errors it makes along the way. 

Last year, Microsoft announced the Majorana 1, the world's first quantum processor powered by topological qubits and designed to accommodate a million qubits on a single chip. With this chip, Microsoft is on its way to building the world's first fault-tolerant prototype (FTP) based on topological qubits.

That prototype should arrive in a matter of years, not decades, as part of the final phase of the Defense Advanced Research Projects Agency (DARPA) Underexplored Systems for Utility-Scale Quantum Computing (US2QC) program.

In November of last year, IBM debuted Quantum Nighthawk, its most advanced quantum processor yet. Nighthawk offers 120 qubits linked with 218 next-generation tunable couplers — 20% more than in the previous processor, IBM Quantum Heron — to their four nearest neighbors in a square lattice.

This increased qubit connectivity will allow users to execute circuits with 30% more complexity while maintaining low error rates and explore more computationally demanding problems that require up to 5,000 two-qubit gates, the fundamental entangling operations critical for quantum computation.

Not just a U.S. race

The US is not the only country racing towards quantum computing dominance. Last year, a research team from the University of Science and Technology of China (USTC), part of the Chinese Academy of Sciences, made significant progress in random quantum-circuit sampling using Zuchongzhi-3, a superconducting quantum computing prototype equipped with 105 qubits and 182 couplers.

Following the achievement of the strongest "quantum computational advantage" with Zuchongzhi-3, USTC is actively advancing research in quantum error correction, quantum entanglement, quantum simulation, and quantum chemistry. Through its research, USTC has implemented a 2D grid qubit architecture, improving qubit interconnectivity and data transfer rates.

Using this architecture, USTC integrated surface code and is currently developing quantum error correction using a distance-7 surface code, with plans to extend this to distances of 9 and 11. These efforts aim to enable large-scale integration and manipulation of quantum bits.

What happens next

Encryption has been the fundamental building block of electronic data security for the past couple of decades. A CRQC computer will upend that security paradigm in ways that can collapse trust across networks and supply chains.

It is heartening to see how DoW and the G7 understand this tectonic shift and are issuing roadmaps on what must be done to prepare. NSM 10 helped kick off the federal roadmap for implementing PQC-resistant algorithms for the Federal Civilian Executive Branch (FCEB) and DoW, and that work must continue with measurable milestones and accountability.

This is where ICIT and our industry partners can make the difference. We can convene operators, vendors, and policymakers; translate technical guidance into sector-specific playbooks across all critical infrastructure sectors; and bake PQC into procurement, exercises, and shared implementation lessons.

Q-Day has been coming for a long time. But now the warning lights are no longer theoretical. The organizations that inventory their cryptography, prioritize their crown-jewel data, and start migrating now to quantum-ready encryption will be the ones still in control when Q-Day arrives sooner than we realize. The organizations that wait to migrate to post-quantum cryptography will be doing incident response in slow motion, with their data likely already collected if not decrypted.

Val Moon

Val Moon is Executive Director of the Institute for Critical Infrastructure Technology (ICIT), advancing people-centered, secure, and resilient infrastructure. Previously, she served as Chief Strategy Officer at DHS’ Cybersecurity and Infrastructure Agency (CISA) and spent 22 years at the FBI in senior cyber and technology leadership roles, including service on the Cyberspace Solarium Commission.

About ICIT

The Institute for Critical Infrastructure Technology (ICIT) is a nonprofit, nonpartisan, 501(c)3think tank with the mission of modernizing, securing, and making resilient critical infrastructure that provides for people’s foundational needs. ICIT takes no institutional positions on policy matters. Rather than advocate, ICIT is dedicated to being a resource for the organizations and communities that share our mission. By applying a people-centric lens to critical infrastructure research and decision making, our work ensures that modernization and security investments have a lasting, positive impact on society. Learn more at www.icitech.org.