Free Demo

Trending

Report: Global Cybersecurity Report 2025          Report: Europe Threat Landscape Report 2025          Report: APAC Cyber Threat Landscape Report 2025          Report: North America Cyber Threat Landscape Report 2025          Report: META Threat Landscape Report 2025          Recognition: Cyble Recognized in the Gartner® Hype Cycle™ for Cyber-Risk Management, 2025          Recognition: Cyble Named a Sample Vendor in Gartner® Hype Cycle™ for Managed IT Services 2025         
Report: Global Cybersecurity Report 2025          Report: Europe Threat Landscape Report 2025          Report: APAC Cyber Threat Landscape Report 2025          Report: North America Cyber Threat Landscape Report 2025          Report: META Threat Landscape Report 2025          Recognition: Cyble Recognized in the Gartner® Hype Cycle™ for Cyber-Risk Management, 2025          Recognition: Cyble Named a Sample Vendor in Gartner® Hype Cycle™ for Managed IT Services 2025         
HomeBlog
Australia Urges Immediate Action on Post-Quantum Cryptography as CRQC Threat Looms 
CRQC

Australia Urges Immediate Action on Post-Quantum Cryptography as CRQC Threat Looms 

ACSC urges early action as CRQC threatens current encryption. Organizations must adopt post-quantum cryptography by 2030 to protect critical data.

The Australian Cyber Security Centre (ACSC), a division of the Australian Signals Directorate (ASD), has issued a comprehensive call to action for organizations to begin preparing their cybersecurity infrastructure for the advent of cryptographically relevant quantum computers (CRQC).  

The guidance outlines the urgency of adopting post-quantum cryptography (PQC) and provides a detailed roadmap to complete the transition by the end of 2030. 

CRQC: A Future Threat with Present-Day Implications 

While fully operational CRQCs do not yet exist, ASD warns that their emergence would render current asymmetric cryptographic algorithms, including RSA, ECDSA, and Diffie-Hellman, ineffective. This could undermine the confidentiality and integrity of encrypted communications, authentication mechanisms, and critical infrastructure. 

The threat is particularly acute due to the potential for “harvest now, decrypt later” attacks. Adversaries may already be intercepting and storing encrypted data, intending to decrypt it once CRQC capabilities become available. 

“Early action is critical,” the ACSC notes, highlighting three key reasons for urgency: 

  • Transitioning to post-quantum cryptography is complex and time-consuming. 
  • The development timeline for CRQC is uncertain due to ongoing research in quantum computing. 
  • Sensitive data encrypted today using classical methods may be compromised in the future. 

Transition Timeline: Milestones Through 2030 

To address the rising CRQC risk, the ASD’s Information Security Manual (ISM) provides a phased approach with concrete milestones: 

report-ad-banner
  • By the end of 2026: Organizations should have a detailed transition plan that reflects their security priorities, data sensitivity, and system complexity. 
  • By the end of 2028: the Implementation of PQC algorithms should begin with the most critical and sensitive systems. 
  • By the end of 2030: Full transition to post-quantum cryptography should be completed. 
  • Post-2030: Ongoing monitoring, validation, and adaptation of PQC implementations will be necessary to maintain resilience. 

The ISM also recommends using ASD-approved post-quantum cryptographic algorithms and advises against using traditional asymmetric encryption methods beyond 2030. 

The LATICE Framework for PQC Transition 

ASD encourages organizations to adopt the LATICE framework, which outlines five high-level phases for a successful PQC transition: 

  1. Locate all uses of traditional asymmetric cryptography. 
  1. Assess the sensitivity and value of affected systems and data. 
  1. Triage systems are based on criticality and transition difficulty. 
  1. Implement PQC algorithms using standardized libraries and vendor guidance. 
  1. Communicate and educate stakeholders to ensure sustained awareness and compliance. 

A crucial component of the “Locate” phase involves building a Cryptographic Bill of Materials (CBOM), an inventory of cryptographic dependencies similar in function to a software bill of materials. This allows organizations to track all encryption-related implementations, including protocols, algorithms, and configurations. 

Quantum Key Distribution and Hybrid Schemes 

Although quantum key distribution (QKD) is often presented as a secure method for quantum-era communication, ASD currently does not endorse QKD due to its reliance on specialised hardware and its practical limitations, particularly around authentication. 

In cases where legacy systems require compatibility, ASD allows, but does not recommend, post-quantum/traditional (PQ/T) hybrid schemes. These offer interim interoperability but are ultimately considered vulnerable, as the traditional components will become obsolete once CRQC is achieved. 

International Context and Supporting Standards 

The ACSC acknowledges that various international bodies are also preparing for the quantum shift. These include: 

  • NIST (U.S.) – Leading the standardization of PQC algorithms. 
  • CISA (U.S.) – Offering critical infrastructure-specific guidance. 
  • UK NCSC, Canadian CCCS, and New Zealand NCSC – Providing national roadmaps and technical advisories. 
  • IETF – Updating cryptographic standards such as TLS for PQC readiness. 
  • ETSI – Developing frameworks for quantum-safe migration. 
  • Post-Quantum Cryptography Coalition – Supporting industry collaboration and tooling. 

While these organizations may provide different timelines or approaches, they share a common emphasis on the urgency of preparing for CRQC. 

References 

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.
why cyble

Get Threat Assessment Report

Identify External Threats Targeting Your Business​
Get My Report
Free
Cyble Vision

Threat Landscape Reports 2025

Global cybersecurity report
Europe cyber landscape
APAC Cyber Threat Landscape
North America Cyber Threat Landscape Report
META Threat Landscape
Australia New Zealand threat report

Upcoming Webinars

global-webinar-banner
Stay-Ahead-of-Cyber-Threats
CISO's Guide to Threat Intelligence 2024

CISO’s Guide to Threat Intelligence 2024: Best Practices

Stay Ahead of Cyber Threats with Expert Insights and Strategies. Download Free E-Book Now

Cyble | Amazon Music
Azure-MP-logo
google-ad-cyble
Share the Post:

Related Posts

Scroll to Top

Discover more from Cyble

Subscribe now to keep reading and get access to the full archive.

Continue reading