There’s a ticking clock in the world of cybersecurity and it’s counting down to what experts call Q Day — the day when quantum computers will theoretically become powerful enough to break some of today’s cryptographic methods, and render many existing encryption methods obsolete.
Or at least that’s the theory. In truth, nobody can predict with absolute accuracy when, or even if, quantum computers will reach the level of sophistication and practicality to manifest this threat. But that doesn’t mean businesses shouldn’t be thinking about it.
While some are hearing the tick of the Q Day clock, others remain unaware. So, what is Q Day, is it a big deal, and what do businesses need to know to prepare?
Do businesses need to be aware of Q Day?
The short answer is yes. The potential threat that quantum computers could pose to current cybersecurity methods cannot be understated. What was once academic theory, akin to technology you’d see in a science fiction novel, is making strides towards reality.
Big companies like IBM and Google, as well as governments and startups, are racing to build more powerful quantum machines. These computers are still in the early stages, but they’ve already grown from handling a few quantum bits (or “qubits”) to managing hundreds, and they’re getting better at solving complex, specific problems.
While quantum computers can’t yet break the encryption software and protocols that protects the internet, experts seem to be reaching a consensus that the day that this could be a reality is about 10-15 years away. This is the so-called Q Day.
Aside from the obvious threat that breaking current encryption poses, businesses also need to be aware that the rise in quantum technology is being taken seriously by governments and regulators alike.
Agencies like the National Institute of Standards and Technology (NIST) have standardized post-quantum cryptographic (PQC) algorithms, while Europe’s ENISA is focused on standardizing the implementation and certification of PQC through schemes such as EUCC, all in preparation for Q Day.
When is Q Day?
Unfortunately, as with all things quantum, answering when Q Day will be is not simple, because no one knows for sure. It’s all dependent on when (and if) the technology reaches a specific level of capability and practicality. And it’s not only about the number of qubits.
However, the speed at which quantum computing is moving forward has prompted agencies like the UK National Cyber Security Centre (NCSC) to put timelines in place.
The NCSC’s timeline for migrating to a quantum safe method of encryption has three phases: discovery and planning by 2028, early migration by 2031, and full migration by 2035.
That gives businesses a maximum of six years to plan and prepare to migrate their critical assets. But again, this timeline is not set in stone — Q Day could come sooner than 2035, later, or it could never come.
It’s difficult because we are talking about technology that hasn’t realized its theoretical potential yet, and no-one has a crystal ball. Quantum computers don’t follow Moore’s Law; they scale non-linearly, and quality matters more than quantity when it comes to qubits.
What do businesses need to do to prepare?
Staying calm should be step number one. Quantum technologies can sometimes be subject to scaremongering, pushing people to make premature or misinformed decisions. And I hate this FUD; it doesn’t lead to the best security outcomes.
Of course the threat is theoretically coming, but it isn’t imminent. Even if quantum computing does eventually break common encryption methods, it’s unlikely that everything will change in the blink of an eye — there will be time to prepare.
However, the time to prepare is now, not when the first quantum-powered breach makes headlines. And that starts with getting your basic digital hygiene sorted.
Organizations should begin by auditing their IT estate with two aims: the first being to identify what IT assets they have, because you can’t update or protect what you don’t know you have. The second is to identify which of those assets are most at risk, especially those dependent on public-key encryption or requiring long-term data confidentiality.
This is great security practice anyway – building a decent asset inventory will bring you gains beyond just post-quantum migration planning.
The next step is to prepare the inventory; decide what needs to be end-of-lifed, and prioritize what you have to migrate. It’s a short sentence to write, but a very long exercise. Good luck. Annex A of this ETSI standard has a very helpful set of questions to help.
If you want to follow the latest standards, here’s a quick update on where we are. NIST has published 3 PQC standards: FIPS 203, 204 and 205, with two more on the way: FIPS 206 in draft and a new fifth algorithm recently announced.
The mathematics is there, but we’re lacking the integration into protocols and widely used technologies. Instead of tracking NIST now, I’d recommend the best group to follow is ETSI’s Quantum Safe Cryptography Working Group focuses on the practical implementation of quantum safe primitives, and the IETF’s PQUIP group, which summarizes all the post-quantum efforts in internet standardization today.
When should businesses prepare for Q Day?
The NCSC timelines are very clear: prepare and plan by 2028, so that you can migrate by 2031. But the uncertainty on when/if Q Day will arrive complicates this slightly.
Prepare too early and you risk adopting immature technologies and standards, potentially increasing vulnerabilities. Wait too long and you may leave critical systems exposed.
The key is finding the timing that’s just right — it’s what I call the Goldilocks Theory and again, it comes down to preparedness: making a good asset inventory, while staying on top of the latest post-quantum standards.
Q Day may be uncertain, but your preparation shouldn’t be. Start planning now — not out of fear, but out of foresight.
We list the best software asset management (SAM) tool.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
This articles is written by : Nermeen Nabil Khear Abdelmalak
All rights reserved to : USAGOLDMIES . www.usagoldmines.com
You can Enjoy surfing our website categories and read more content in many fields you may like .
Why USAGoldMines ?
USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.