‘Harvest Now, Decrypt Later’ Attacks Push Federal Shift to PQC

The federal cybersecurity community is confronting a new class of threat known as “harvest now, decrypt later.” In this scenario, adversaries capture encrypted communications and store them, waiting for quantum computers to become powerful enough to break RSA and elliptic‑curve algorithms. While quantum machines capable of such decryption are still experimental, the trajectory of research suggests they could be operational within the next decade, turning today’s seemingly secure data into a future liability. This risk has pushed policymakers to treat post‑quantum cryptography (PQC) as an urgent priority rather than a distant concern.

In response, the White House issued an executive order in June 2025 that sets a firm deadline—January 2 2030—for all federal agencies to adopt PQC standards. The directive splits responsibilities between the National Security Agency for national‑security systems and the Office of Management and Budget for non‑NSS environments, ensuring a coordinated rollout. Agencies are urged to begin with a comprehensive inventory of where cryptography is used, classify data based on sensitivity and lifecycle, and map out which systems demand immediate replacement. This systematic approach helps prioritize high‑integrity assets, such as critical infrastructure controls, while providing a roadmap for less sensitive workloads.

Practical migration hinges on vendor readiness. Federal procurement officials must verify that suppliers have PQC‑compatible products or a clear upgrade path, as a weak supply chain could undermine the entire effort. Starting with smaller, non‑mission‑critical components allows agencies to test integration, train staff, and resolve compatibility issues before tackling larger, legacy systems. As the quantum horizon approaches, the federal sector’s proactive stance signals to the broader technology market that PQC will soon be a baseline security requirement, accelerating industry‑wide innovation and standardization.