Networking

For State and Local Governments, What Does Post-Quantum Readiness Look Like?

Safeguarding government operations in a world where today’s public key cryptography can be broken forces a new approach to security, starting with the self-defending network.

Nick Edwards

Nick Edwards is vice president of product management for Cisco Networking.

Modern network architecture has undergone a dramatic transformation. No longer defined by clear perimeters and centralized control, today’s networks now span sprawling offices, hybrid WANs and multicloud environments. This evolution has brought agility and growth to both operations and staff, but it has also expanded the attack surface, challenging the foundations of traditional security approaches.

One of the most critical and evolving areas within this expanded threat landscape is the software supply chain. Organizations increasingly rely on software from third-party vendors, and while all reputable vendors use code signing to confirm the authenticity and origin of their software, attackers are developing sophisticated methods to compromise supply chains. These threats include attacks that target update mechanisms, insert malicious code before signing or exploit weaknesses in the signing process itself.

Even as IT leaders strive to secure this new distributed environment, across domains they own and ones they don’t, a profound disruption is looming: quantum computing. While quantum technology is poised to help solve some of society’s most complex challenges, it also poses a direct threat to today's cryptographic algorithms that safeguard everything from classified communications to citizen data.

For IT pros tasked with ensuring the safety of state and local government workflows and operations, the quantum threat is forcing a new approach to network security.

Click the banner below to consider how strategic partners boost network security.

x-cyberresillience1-static-2024-na-desktop

x-cyberresillience1-static-2024-na-mobile

What Is the Quantum Threat to Government Operations?

The biggest threat that quantum technology poses is its ability to break today’s most commonly used public key cryptographic algorithms (RSA and ECC). In today’s network communications, these algorithms protect a wide range of digital interactions — including encrypted web traffic (HTTPS), VPN connections, secure email exchanges, digital signatures and certificate-based authentication — that verify the identities of users, devices and services.

When quantum computers become sufficiently advanced, they will be able to quickly solve the complex mathematical problems that make these encryption methods secure, allowing attackers to decrypt sensitive network traffic, impersonate legitimate entities and compromise authentication mechanisms across applications and infrastructure.

This threat is particularly serious because adversaries can capture and store encrypted data now, with the intention of decrypting it once quantum capabilities become available, a strategy known as “harvest now, decrypt later.” As a result, communications and transactions that rely on today’s encryption — including government records, financial transactions, healthcare data exchanges and confidential business operations — could be exposed retroactively, undermining the confidentiality, trust and integrity of critical digital systems.

What Does Post-Quantum Readiness Look Like?

Post-quantum security solutions address the risk that quantum computers pose to today’s secure network communications by introducing new cryptographic algorithms that are resistant to quantum attacks. While current encryption methods such as RSA and ECC can be broken by sufficiently powerful quantum computers, post-quantum cryptography is built on mathematical problems that remain difficult even for quantum technology.

From hardware to data flows and application access, these new post-quantum cryptography (PQC) solutions have to be embedded into every layer of the network to ensure protection.

State and local governments require security infused at every layer of the network:

At the device level, secure boot processes and hardware-based integrity checks across the network infrastructure, starting with switches and routers, must employ quantum-resistant algorithms to ensure that only verified, trusted software runs on network devices — even if attackers attempt to introduce compromised firmware. Similarly, network access controls need to evolve beyond traditional credentials, enforcing identity, device posture and context-driven policies that adapt as risks change.
Data in motion that’s constantly traversing local offices, state data centers and cloud platforms must be protected by quantum-resistant cryptography. Consider a public health network spanning county clinics and state labs, where medical and epidemiological data is shared to coordinate emergency response. Integrating PQC into the network core prevents attackers from capturing and later exposing confidential health information, regardless of where the data travels.
Application access presents another crucial area for post-quantum defense. As government employees and contractors access everything from cloud-based permitting systems to case management software, continuous risk assessment and PQC encryption should become the standard to ensure that only authorized users can reach sensitive resources and confidential sessions, such as those connecting city emergency managers across distributed offices.

DIVE DEEPER: Network security can thwart AI-enhanced ransomware.

How Can Government Agencies Prepare for Quantum Threats?

While quantum-resistant cryptography has been under active research and development for many years, the convergence of standards is now accelerating. Standards bodies such as the National Institute of Standards and Technology are in the process of formalizing post-quantum cryptographic algorithms, marking a pivotal moment for large-scale adoption.

For state and local agencies, post-quantum readiness is quickly becoming a requirement. And as regulatory bodies work toward a smooth transition, and new standards mature and become more widely accepted, organizations are already outlining roadmaps for quantum-safe cryptography adoption.

Safeguarding a post-quantum future is everyone’s responsibility, not just that of IT leaders or government agencies. Forward–looking security starts at the infrastructure level, and in this new reality, the strongest defense is a network that is inherently self-defending: one where post-quantum security is not an afterthought but a fundamental design principle across every layer of the network.

Vertigo3d/Getty Images