Will Quantum Computing Weaken or Strengthen Cybersecurity of Federal Systems?
By Duncan Jones, Head of Cybersecurity at Quantinuum
The latest quantum computing advances announced by U.S. tech giants and China accelerate both the potential threat and potential promise of this emerging technology. Now is a good time to make the distinction between the term “securing federal systems from quantum computing” and “securing federal systems using quantum computing.” Many of the federal requirements established to date have focused on the former.
As an example, the “Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity,” issued in January 2025 built on the requirements from National Security Memo-10 (NSM-10) which mandated the use of post-quantum cryptography (PQC) algorithms to protect government systems from the looming quantum threat. The Order mandated a timeline, among other things, for agencies to require cybersecurity products that support PQC in all of its contract solicitations.
But the Order also suggested that the “use of emerging technologies for cybersecurity across executive departments and agencies (agencies) and with the private sector” will be especially “critical to improvement of the Nation’s cybersecurity.” While actually migrating critical cryptographic systems to PQC may seem far off, quantum-enabled cybersecurity solutions are available today and also advancing rapidly.
In other words, quantum computing has both a sword and shield impact. Let’s not overlook how current quantum cybersecurity solutions can and are already shielding agency systems as we prepare for the impact of the coming quantum sword.
Potential to Weaken
Many popular encryption schemes rely on the fact that computers can easily multiply large prime numbers but cannot do the reverse – splitting large numbers into their prime factors. However, this assumption only applies to today’s classical computers. Future generations of quantum computers will be able to solve this problem easily, via a process called prime factorization.
According to a recent Deloitte report, “The security of our digital society relies strongly on cryptographic methods. Confidentiality, integrity, and authenticity of data are preserved by various cryptographic algorithms. The security of these algorithms is continually challenged by the evolution of computing power and new attack methods.”
As an example, if not protected, a quantum cyberattack on the Federal Reserve could have grave impacts to its Fedwire network, which facilitates bank-to-bank transactions. According to one report, a hack executed by a quantum computer on macroeconomic financial institutions could render an indirect GDP loss between $2 trillion and $3.3 trillion. Another report estimated $3 trillion in direct and indirect losses.
Due to the potential risks to critical federal systems, and subsequently to U.S. economic and national security, the federal government mandated in 2022 that all agencies prepare to migrate their existing cryptographic systems to quantum cryptography by 2035. Problem solved? Not likely, but a good start.
Potential to Strengthen
While the threat quantum computing poses to existing encryption methods might be the biggest challenge security leaders will ever face, leveraging quantum-based cybersecurity technologies offers significant potential to mitigate risk.
As agencies and vendor partners prepare for the transition to PQC, quantum random number generators (QRNGs) are emerging as a practical and readily deployable solution for hardening existing infrastructure. Unlike their classical counterparts, QRNGs provide truly random numbers – a crucial ingredient for robust encryption – and can be integrated into existing systems today to enhance cryptographic strength.
Quantum key distribution (QKD) remains a technology with substantial potential, though its practical application at scale is still under development. While further research and engineering are needed, monitoring its progress and understanding its potential role alongside PQC and QRNG are crucial factors.
By adopting QRNGs alongside PQC now and continuing to develop and monitor QKD, agencies can construct the strongest possible defense against evolving quantum threats.
The Role of Randomness
According to Deloitte, “Randomness is crucial in cryptography as it is used to create a wide range of security parameters as for instance, cryptographic keys. Without unpredictable randomness, an attacker could guess or predict the values of these parameters, which could compromise the security of data and communications. In other words, using a strong cryptography algorithm with a poor random number source could be the equivalent of using a strong safe but leaving the key hanging at the door.”
The generation of random numbers forms the foundation for nearly all current cryptographic processes, although the formulation of true randomness is impossible using classical hardware. Consequently, experts have linked many malign cyber intrusions and hacks to insufficiently random cryptographic keys.
QRNGs solve this problem by generating truly random numbers for encrypting messages and other cryptographic keys, using inherent quantum-physical randomness.
The Path to Quantum Safety – a Holistic Approach
Some PQC and cybersecurity companies are already introducing QRNGs to their security catalogs. In fact, top-tier network security vendors such as Palo Alto Networks have recently recognized the importance of quantum randomness by releasing an Open API framework for QRNGs, highlighting the role of randomness in an organization’s security stack today and in the quantum future.
While PQC algorithms are essential, federal agencies will benefit from a holistic approach. Just as traditional security employs defense-in-depth, quantum safety can be strengthened through complementary technologies that ensure cryptographic foundations are as strong as possible through provable randomness.
The path to quantum safety requires thoughtful implementation of available technologies while maintaining readiness for emerging solutions. Each element plays a unique role in building a resilient security posture against quantum threats.