The UK’s National Cyber Security Centre (NCSC) has published new guidelines to help organisations prepare for the security challenges posed by advancements in quantum computing. The guidance outlines a three-phase roadmap to migrate to post-quantum cryptography (PQC) by 2035, a critical step to safeguard sensitive data from future quantum threats.
PQC, a cutting-edge encryption technology, is designed to protect data from the power of quantum computers, which could render today’s widely-used encryption methods obsolete. Current encryption relies on mathematical problems that traditional computers struggle to solve, but quantum computing could tackle these problems swiftly, exposing vulnerabilities in existing systems.
NCSC Chief Technical Officer Ollie Whitehouse highlighted the urgency of this transition, stating, “Quantum computing is set to revolutionise technology, but it also poses significant risks to current encryption methods. Our new guidance provides a clear roadmap for organisations to safeguard their data against these future threats.”
The migration roadmap encourages organisations to act now, emphasising a phased approach:
- 2028: Identify cryptographic services requiring upgrades and develop migration plans.
- 2028–2031: Execute high-priority upgrades and adjust plans as PQC technologies evolve.
- 2031–2035: Complete the transition to quantum-resistant encryption across all systems.
For small and medium-sized businesses, the shift to PQC may be streamlined through routine upgrades provided by service and technology providers. Larger organisations, however, will face more complex challenges, requiring significant planning and investment.
By proactively adopting PQC, the UK aims to ensure its digital infrastructure remains secure and resilient as quantum computing advances. The NCSC’s roadmap serves as a strategic guide to prepare industries and organisations for this technological revolution.
