American Binary Experts Warn Quantum Security Timelines Are Tightening Faster Than Expected

By: American Binary
06/16/2026

1. You'll be on the panel discussing "Q-Day's Shortening Deadline: Immediate Solutions" at Quantum.Tech Boston this June. What makes this conversation especially timely right now?

a. Bruce: It's not urgent for any technical reasons -- we're not suddenly closer to a working quantum computer of any useful scale -- but it is bubbling up in the policy world. Both NIST and the NSA have adopted post-quantum encryption standards, which means that companies are starting to pay attention to them. But this is good; we want the move to post-quantum encryption to happen when it's not an emergency. We're more likely to get it right that way.

2. From your vantage point, what makes the advances of quantum computing impossible to ignore from a cybersecurity perspective?

a. Whit: NIST and NSA are very worried about this and if you look at the next question you'll find out that others in industry are very worried to. And if this comes through, the results will become very disastrous. You will get pundits from each side claiming it's near or it's far, and we can't really know which is true but if it turns out it's near then our opponents will be right on it and our opponents are some of the strongest in quantum computing.

3. Very recently we saw independent papers that caused Google and Cloudflare to shorten their timeline estimates for transition to PQC by 2029, what's your take on the recent paper by Google discussing better quantum circuits for factoring and Oratomic's uses for neutral atoms?
a. Andrew: Both of these papers, from highly respectable institutions, created a further tightening of the timelines which increases the probability of a near-term quantum threat.

4. NSA is requiring all new acquisitions for National Security Systems to be fully quantum-resistant by 2027, what factors do you think are driving it?

a. Brian: I believe there are multiple factors driving the 2027 PQC requirement for new acquisitions for NSS. The first is that every acquisition going forward that is not PQC-enabled creates additional legacy that will have to be remediated later, so best to stop buying those systems now, if possible, with NSS being the highest priority. Second, NSA (and the US Government generally) are being more active in promoting the transition to PQC because they were not very active during the transition to elliptic curve cryptography (ECC, our last major algorithm transition), and they saw industry take a very long time to roll out ECC support (and it's still lacking in some places). Third, I think the government activity on PQC is also related to Whit's answer earlier about the probabilities of a quantum threat; while we don't know the probability of a near-term threat, we do know that the consequences would be catastrophic. Given the extreme downside risk if it comes to pass, the overall timelines are pragmatic. Remember, too, that the NSS timeline applies to both encryption and digital signature scenarios, and the risks of forged identities may be greater in some scenarios than disclosure of captured confidential information.

5. The US Government recently took equity stakes in quantum computing companies, and an Executive Order focused on PQC adoption is expected soon. Do you see these as related? Why?

a. Brian: Yes. As we've seen repeatedly over the last year and a half, the current administration likes to shape industrial policy via targeted investments in relevant companies in exchange for equity stakes, and they prefer to act (where they can) via Executive Orders over developing legislation with Congress. Both targeted equity investments and EOs can be implemented quickly when desired. If there is a new Executive Order forthcoming on PQC adoption, it would be in line with how this administration works and directs Executive Branch agencies. Note that we saw an EO from the prior administration near the end of their term directing agencies to adopt post-quantum cryptography, and that EO was modified by the current administration last year. So EOs in the PQC space are not extraordinary.

6. Are we approaching a point where organizations who don't start preparing for quantum risk being left behind? What does being left behind look like?

a. Whit: In particular, for the industries that are building, the people earliest affected will be the comm-sec people, such as COTS-for-classified will face these requirements immediately and customers won't buy. Over time, people who provide services for government will face the same requirements and consequences as well. Banking has a reason to be concerned at present, and they need to think about anything analogous to the Chinese break-in to the OMB that would later be used against some of their customers. For banks who don't adapt, they may become incompatible with IRS systems and more.

7. What progress are you seeing in standards organizations such as the IETF? How about others?

a. Andrew: The most important protocols on the internet are in transition with varying degrees of progress. Looking at TLS for example, the most common and most impactful, there are a lot of efforts on both encryption and authentication. But there is a long tail of IETF standards where working groups don't even exist anymore. Our cellular providers are similarly making progress, GSMA just held their 8th PQ seminar. For the audience, if you are dependent on a particular standard without a large user base they need to start asking questions about how the standard migrates to PQC. Who's leading that work?

8. What are the challenges associated with building a working quantum computer? Are they working in our favor?
a. Bruce: The challenges are many, and real. I like to say that the engineering challenges to building a useful quantum computer are hard. And by "hard," we don't know if it's "land a person on the surface of the moon" hard, or "land a person on the surface of the sun" hard. Those are two very different definitions of hard. This is sad news for everyone who wants to use a quantum computer for physical simulations and complex optimizations -- and possibly even for AI -- but good news for those worried about quantum computers breaking public-key encryption.