A successful post-quantum cryptography migration will take time to plan and conduct, states the quantum-readiness fact sheet jointly issued by CISA, NSA, and NIST.

The Quantum-Readiness: Migration to Post-Quantum Cryptography (PQC) fact sheet includes recommendations for creating a quantum-readiness roadmap, preparing a useful cryptographic inventory, as well as understanding and assessing your supply chain.

The U.S. agencies are urging organizations “to begin preparing now by creating quantum-readiness roadmaps, conducting inventories, applying risk assessments, and engaging vendors.”

“Early planning is necessary as cyber threat actors could be targeting data today that would still require protection in the future (or in other words, has a long secrecy lifetime), using a catch now, break later or harvest now, decrypt later operation,” the fact sheet says.

In other quantum computing news, Google recently announced a quantum-resilient FIDO2 security key implementation, released as part of OpenSK, the organization’s open source security key firmware.

“As progress toward practical quantum computers is accelerating, preparing for their advent is becoming a more pressing issue,” the announcement says. “In particular, standard public key cryptography, which was designed to protect against traditional computers, will not be able to withstand quantum attacks.”