Quantum risk: harvest now, decrypt later

A quantum computer powerful enough to crack today’s common encryption does not exist yet, but governments and security teams are already treating the data risk as current. (nist.gov) Most secure internet traffic relies on public-key math, which works like a lock anyone can use but only the key holder can open. The worry is that an attacker can copy encrypted traffic now and wait for a future machine that can solve the lock fast enough to read it later. (csrc.nist.gov) (whitehouse.gov) That tactic has a name in security circles: “harvest now, decrypt later.” It matters most for secrets with a long shelf life, including government records, health data, industrial designs, and contracts that still need to stay private a decade from now. (quantum.gov) (bidenwhitehouse.archives.gov) The United States has already moved from warning to deadlines. The National Institute of Standards and Technology finalized its first three post-quantum cryptography standards in August 2024, and its draft transition plan says quantum-vulnerable public-key algorithms will be deprecated after 2030 and removed from standards after 2035. (nist.gov) (csrc.nist.gov) The National Security Agency started pushing national security systems in the same direction earlier. Its Commercial National Security Algorithm Suite 2.0 advisory, released in September 2022, told operators and vendors to plan and budget for quantum-resistant replacements. (nsa.gov) The other side of the story is that quantum work is not only about future codebreaking. India said on April 8, 2026 that its National Quantum Mission had demonstrated a 1,000-kilometer quantum communication network in less than two years, against a mission target of 2,000 kilometers over eight years. (pib.gov.in) Quantum communication tries to secure links by using quantum states of light, where measuring the signal disturbs it, like a tamper seal that breaks when opened. India’s government said the 1,000-kilometer network was built with indigenous technology and reviewed as part of a broader mission update by Science and Technology Minister Jitendra Singh. (pib.gov.in) That does not mean quantum networking replaces the broader migration now underway. For most companies and agencies, the practical near-term job is still swapping out vulnerable public-key systems in software, devices, certificates, and data archives for post-quantum cryptography that runs on ordinary computers. (csrc.nist.gov) (pqcc.org) The clock is driven less by the exact year a cryptographically relevant quantum computer arrives than by how long data must remain secret. If a stolen file from April 2026 still matters in 2036, the risk window is already open. (whitehouse.gov) (bidenwhitehouse.archives.gov)