With advancements in quantum computing posing a risk to current encryption methods used to safeguard sensitive data, 50% of federal IT leaders are working on strategies to accelerate the shift to post-quantum cryptography (PQC), according to a new study by General Dynamics Information Technology (GDIT) in collaboration with IBM. The study emphasizes the importance of federal agencies preparing for a future where existing cryptographic standards may no longer offer adequate protection against emerging threats.
The study, Quantum Waves, conducted by GDIT’s Digital Consulting Practice, surveyed 200 experts and decision-makers across defense, civilian, and intelligence agencies. It explores how agencies are addressing the PQC transition and identifying risks, challenges and technologies needed for migration. The findings reveal that while planning for PQC is gaining momentum, significant obstacles remain, including the absence of formal guidance. Key insights from the study include:
- 50% of respondents are actively developing strategies for PQC readiness, while 35% are in the process of defining their plans and budgets.
- 46% have identified key risks associated with current cryptographic practices but have not yet begun formal assessments, and only 8% have fully integrated current PQC standards.
- 44% of respondents cite vulnerability management as a top capability needed to discover, assess, and manage cryptographic assets, prioritize risks and accelerate the PQC transition.
The research further highlights key obstacles federal agencies are currently facing with PQC adoption:
- 37% of respondents cited the lack of formal guidance and strategic frameworks as a major challenge.
- 48% of respondents said modernizing legacy systems remains a significant challenge, while 29% cited the implications for operational technology — the interconnected systems that control physical operations in critical infrastructure.
- 24% reported integrating PQC into the supply chain as an obstacle.
“Quantum computing represents a turning point for cybersecurity, and achieving cryptographic agility is critical to secure our sensitive information against future threats,” said Ben Gianni, GDIT senior vice president and chief technology officer. “With finalized NIST PQC standards, agencies must accelerate their migration efforts. By developing flexible and scalable strategies today, they will be prepared to modernize and build long-term resilience against emerging quantum threats.”
The research findings will be discussed in a public webinar on Oct. 23 with leaders from government, GDIT and IBM.