Announcements
This ISC2 Community will be decommissioned as of May 29, 2026. Please join your peers and connect with your chapter at https://isc2chapters.isc2.org.
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎03-11-2026 07:44 PM
‎03-11-2026 07:44 PM

PQC: This is a Crane Crash

HI All

 

Yes, its Post Quantum Cryptography - look at the attachment and digest the current state of the world.

 

This is a global shift in cryptography with no coordination, no shared timeline, and no agreement on what “done” even looks like.

Different countries are moving at completely different speeds under different mandates, with no mechanism to reconcile any of it.

Some are enforcing 2025–2026 deadlines. Others are pushing into the 2030s. Many haven’t even started.

And yet the systems we run, the data we move, and the vendors we depend on operate across all of them at the same time.

The cryptography protecting global data flows is about to be governed by timelines that are years apart.

In some cases, more than a decade.

And it’s not just timing.

There is no consistent view of what PQC actually is.
1️⃣ Definitions vary by country
2️⃣ Interpretations vary by regulator
3️⃣ Implementations vary by vendor
4️⃣ Validation approaches are not aligned

This is incompatibility built into the system.
At the same time, quantum-washing is accelerating.
5️⃣ Vendors are relabeling existing capabilities
6️⃣ Claims are getting ahead of standards
7️⃣ “Quantum-safe” is being used without consistency

THIS IS OUR OPINION
This is a shambles.
8️⃣ No one is controlling the global picture
9️⃣ No one is accountable across borders
🔟 No one is resolving this operationally
1️⃣1️⃣ No one is forcing convergence

So the outcome is not hard to see.
1️⃣2️⃣ Fast jurisdictions inherit slower ones
1️⃣3️⃣ Third-party risk becomes your exposure
1️⃣4️⃣ Cross-region requirements conflict
1️⃣5️⃣ Waiting for alignment puts you behind

This doesn’t fail cleanly.
1️⃣6️⃣ Controls stop being recognised
1️⃣7️⃣ Vendors fail requirements overnight
1️⃣8️⃣ Assessments vary by jurisdiction

And you cannot rely on market claims.

That is the failure mode.
Nothing is coming to fix it in time.

If your strategy assumes alignment or a clean rollout, it is already out of step with reality.

Thanks to Brian C

https://www.linkedin.com/posts/bcouzens_pqc-data-caveat-activity-7434157806317920257-rK8i?utm_source...

 

Read, Digest and Understand the current status.

 

Regards

 

Caute_Cautim

Preview file
105 KB
Reply
7 Replies
Early_Adopter
Community Champion
‎03-11-2026 10:38 PM
‎03-11-2026 10:38 PM

Well, at least there is a nice infographic.

 

This kind of flips things back to a lot of countries waiting for a compelling event.

 

Until then - likely Vendors will do what they do - when, why and how TBC. I suspect that Chrome will be the lead horse here.

Reply
Caute_cautim
Community Champion
‎03-11-2026 11:51 PM
‎03-11-2026 11:51 PM

@Early_Adopter 

 

This goes back to Quantum Washing - fibbing/marketing if you like.  Browsers will cover PQC TLS 1.3 but going down the line of hybrid or under bonnet using RSA or ECC will be using a hybrid approach.

 

Even CloudFlare made announcements but actually they were fibbing too.

 

The Chinese have created their algorithms, perhaps they want to remain private rather than interoperate.

 

This is rather like COVID for cryptography, some take the regular injections and other suffer.

 

Regards

 

Caute_Cautim

 

 

 

 

Reply
0 Kudos
Early_Adopter
Community Champion
‎03-11-2026 11:55 PM
‎03-11-2026 11:55 PM

I mean that’s marketing for you, some of the markitecture will be breathtaking…

Security by obscurity isn’t great, but you increase work rates and one think that’s always bothered me is really who has the quickest and best cryptanalysts? Pretty sure they’re not on Reddit etc..
Reply
0 Kudos
Caute_cautim
Community Champion
‎03-11-2026 11:57 PM
‎03-11-2026 11:57 PM

@Early_Adopter 

 

A lot of harm will be caused, quantum washing is the best term of effectively putting in place hybrid approach using traditional PKI algorithms.

 

Regards

 

Caute_Cautim

Reply
0 Kudos
Early_Adopter
Community Champion
‎03-12-2026 12:02 AM
‎03-12-2026 12:02 AM

Yeah, I don’t disagree.

However I think your infographic proves the point. And illustrates the problem, few will act until they see the impact, and but then it’s often too late.
Reply
0 Kudos
Caute_cautim
Community Champion
‎03-12-2026 04:13 PM
‎03-12-2026 04:13 PM

@Early_Adopter 

 

The problem being there is no universal or overarching approach or universal standard that all countries have to adopt in order to work or collaborate with each other.  This could cause major issues in the coming years unless an overall governing body rules over the top - imagine the effect on Financial Markets if one cannot trade due to interoperability issues or having to go through translation gateways.

 

Regards

 

Caute_Cautim

Reply
Early_Adopter
Community Champion
‎03-14-2026 10:20 AM
‎03-14-2026 10:20 AM

"But for a ha'peth of tar the roof was ruined."

 

*Sigh*

 

The standards bodies need to work better, faster and more co-operatively. Though I feel minds and attentions are focused elsewhere at the moment...

Reply