🎙️ Betweenplays — Featured Article • Not Financial Advice
Inside the Mandatory $10B Cryptography Reset That Will Reshape Global Security Quantum Reality.
Start at The end: The Encryption Endgame
Every generation of technology comes with its own mythology: The cloud. Mobility. AI.
Neural networks. However, beneath the noise, and beneath the glossy keynote stages
and trillion-dollar valuations, something far more consequential is happening—quietly,
globally, and with no option to ignore it.
A clock is ticking, and there is a mathematical problem that cannot be ignored. When
the bomb goes off on “Q-Day” the change will be irreversible. This is not triggered by
any political or fiscal clock.
The encryption that secures the global digital economy—from banking to border
defense—is being outpaced by physics itself. Quantum computers, once theoretical, are
approaching a threshold that will break RSA and ECC, the cryptographic bedrock of
modern civilization. This will affect every device, every platform, and every institution
(including governments).
When that happens, everything encrypted becomes readable.
And I mean everything. There is no more privacy.
This is why governments worldwide—quietly, urgently—are mandating the largest
cryptographic retrofit in human history.
This will be a reckoning.
THE LARGEST MANDATORY UPGRADE IN CYBERSECURITY HISTORY
Current Encryption Is Already Compromised—Just Not Decrypted Yet
Threat actors, including state intelligence agencies, are already collecting encrypted
data they cannot decrypt today but will decrypt later when capable quantum machines
arrive.
This strategy has a name inside intelligence circles:
Harvest Now, Decrypt Later (HNDL).
The danger is not speculative. It is guaranteed. HNDL means that you can collect data
today with the intention to wait until the technology is upon you and then decrypt it at
that point. The crazy thing in all this is that no one knows when those encryption keys
will be decryptable, yet.
Even with the inevitability of PQC (Post Quantum Cryptography), the path ahead is
complex. Firstly Q-Day is the purported day in the future at the exact moment a
quantum machine breaks RSA/ECC. The world’s underpinning encryption protocols.
The challenge we have is that we do not know when that will be, 5 years from now? 10
years from now? Next month? Even tomorrow is not an absurd thought.
The other challenge is what is known as crypto agility, this means that we use
standards that have been developed around PQC to move things forward with a either a
hybrid approach, (mixing legacy crypto with new PQC methods), or a single forward
looking approach based on standards that are still being developed.
This leads to larger cryptographic keys and heavier computations, which will of course,
require accelerated silicon and elevated power usage. If you think the compute
requirements of today’s AI are large, wait until we have Quantum AI (however that’s
another forward looking article for another day)
Managing a business supply chain will also need to be fortressed. A single non-
compliant vendor can stall an entire organization’s migration or day to day operations.
Simply put:
If the encryption fails, the global internet fails.
If the global internet fails, the global economy follows.
Sounds dystopian, and it’s not. This is the truth facing every government, every
institution and every person today.
This is why the coming post-quantum transition is not a “security enhancement.”
It is a survival requirement.
So let’s look at what the world is going through.
U.S. PQC MANDATE: FORCE, DEADLINES & INFRASTRUCTURE RESET
The U.S., through NIST and multiple Executive Orders, has taken the clearest formal
position: The entire federal government and its entire supply chain must be PQC-
compliant to the NIST standards.
After an eight-year competition involving global academia, industry, and cryptographic
talent, NIST finalized three post-quantum cryptographic standards in 2024:
- ML-KEM — Key Encapsulation Mechanism
- ML-DSA — Digital Signature Algorithm
- SLH-DSA — Stateless Hash-Based Digital Signature Algorithm
These standards will form the new backbone of federal encryption.
The Timeline Acceleration
Originally projected for the mid-2030s, recent executive directives have accelerated this
dramatically:
● Agencies must inventory vulnerable systems now
● Migration planning is mandatory by 2027
● Full PQC compliance is required by 2030
Any contractor serving U.S. federal agencies—from cloud providers to defense primes
to telecom networks—must comply. This is federal law and it unlocks a massive, non-
optional spend across cloud infrastructure, hardware, devices, and certificates.
CANADA ENTERS THE RACE: QUIET, STRATEGIC, AND URGENT
Often overlooked in global coverage, Canada is one of the most crypto-sensitive nations
in the West due to its concentration of financial, telecom, and public-sector digital
infrastructure.
Communications Security Establishment (CSE): Canada’s PQC Playbook
Canada’s top intelligence and cybersecurity authority, CSE, has issued clear guidance:
Canadian federal departments must adopt quantum-safe cryptography in alignment with
NIST standards.
Key actions underway:
● Government of Canada Cryptographic Modernization Program (GC CMP)
already underway
● Shared Services Canada (SSC) identifying PQC-vulnerable federal systems
● Mandatory PQC transition planning for:
○ CBSA
○ CRA
○ Health Canada
○ Provincial health networks
○ National defence and intelligence infrastructure
Why PQC is a National Priority for Canada
- Canada’s banking concentration
The Big Six Banks carry disproportionate economic weight; PQC failures could
destabilize the national economy almost instantly. - Critical telecom backbone
Networks from Bell, Rogers, Telus, Vidéotron, and satellite networks depend on
encryption for:
○ 911 systems
○ Inter-carrier signaling
○ 5G control plane traffic - Energy & natural resources
Canada’s grid, pipelines, and mining networks rely heavily on encrypted
telemetry—making them quantum-vulnerable targets.
Canada does not want to be caught in a cryptographic cold snap that may be
impossible to recover from. Due to it’s proximity to the U.S. it’s aligning its future with
NIST and the U.S. while ensuring provincial sovereignty and sector-specific
requirements.
EUROPE, CHINA & ASIA-PACIFIC: A GEOPOLITICAL ARMS RACE FOR
CRYPTOGRAPHIC SURVIVAL
Quantum security is a national defense race and every major region is moving—fast.
Europe: Regulation as a Weapon
Europe views PQC as a matter of continental resilience.
● NIS Cooperation Group: PQC migration for all high-risk sectors by 2030
● Cyber Resilience Act: Software vendors must demonstrate crypto-agility
● EU-wide harmonized standards aligned largely with NIST
Europe sees PQC as a shield for infrastructure, banking, identity systems, and cross-
border digital trade.
China: Quantum Independence & QKD Dominance
China is pursuing a dual strategy:
- China Developed PQC Standards
Avoiding dependence on Western cryptographic design. - Quantum Key Distribution (QKD) Leadership
Building terrestrial and satellite-based quantum-secure communication networks.
China is moving towards cryptographic sovereignty, and away from any cryptographic
reliance on the west.
Asia-Pacific: Aggressive, Coordinated Timelines
The region is rapidly mobilizing:
● Australia (ASD): PQC transition guidance targeting completion by 2030
● South Korea: Developing alternative PQC algorithms, causing global complexity
● Japan, Singapore, New Zealand: Financial and public-sector PQC modernization
underway
PQC is becoming a regulated requirement in the regions.
FOLLOW THE MONEY
Of course, with such a major transformation of the world’s cryptography comes the
wealth and riches associated with doing all the work. This will be a one time event when
the largest companies in the world will balloon, and continue to grow.
Three categories of companies will capture the majority of PQC spending. Leaving the
smaller pieces to the smaller consultancies.
Category 1 — Cloud & Platform Pioneers (Full-Stack Quantum-Safe Ecosystems)
These players both enable quantum computing breakthroughs and sell the defence
tools against them.
IBM — The Algorithm & Enterprise Modernization Engine
IBM helped design the NIST standards and now sells:
● Quantum-Safe Transformation Services
● PQC firmware in z16 Mainframes
● Consulting for the largest regulated industries
IBM stands at the intersection of cryptography, hardware, and transformation.
Google — The Web’s PQC Gatekeeper
Google’s browser and cloud dominance make it a systemic PQC enforcer.
● ML-KEM deployed in Chrome
● ML-DSA embedded in Cloud KMS
● Quantum-safe web protocols at internet scale
Microsoft & AWS — PQC-Born Cloud Services
Azure and AWS are integrating PQC capabilities into:
● Digital Twins
● IoT TwinMaker
● Edge telemetry
● Key management
The hyperscalers will enforce PQC through infrastructure gravity alone.
Category 2 — Hardware & Silicon Accelerators (The CapEx Tsunami)
PQC is computationally heavy and without hardware acceleration, networks will slow to
a crawl. Therefore, the hardware and processing manufacturers will need to put in place
next generation chips to support PQC.
Intel — The CPU-Level Acceleration Layer
Xeon processors now include PQC-optimized instruction sets. Intel is the keystone for
making PQC deployable at internet scale.
NXP — Billions of IoT & Automotive Controllers
NXP embeds PQC directly into:
● Microcontrollers
● Payment terminals
● Automotive ECUs
● Secure elements in billions of devices
This will be without a doubt the largest silicon replacement cycle ever.
Thales — The Global Hardware Trust Anchor
Thales Luna HSMs (Hardware Software Modules) sit at the heart of:
● Banks
● Governments
● Telecom cores
● Payment networks
These must be replaced or upgraded worldwide.
Category 3 — Cybersecurity Specialists (The Trust Fabric Operators)
Palo Alto Networks — Quantum-Safe Network Edge
PQC-optimized firewalls mark the beginning of a multi-year network upgrade cycle.
Entrust — PKI Sovereignty
Entrust, one of the world’s most important certificate authorities, now offers:
● PQC-ready nShield HSMs
● PQC-aware PKI-as-a-Service
They control the identity fabric underlying global secure communications.
A GLOBAL RE-PLATFORMING OF TRUST
The bottom line is that PQC is not a cybersecurity trend, and it’s not optional for any
organization or government or infrastructure or platform provider. This change is
happening now and quickly.
To give you a sense of the sheer size of what this re-alignment of digital trust means,
think of it as the largest forced modernization of the digital world since the creation of
the internet.
This means that it will affect:
Every certificate.
Every device.
Every firmware.
Every cloud service.
Every protocol.
Every telecom backbone.
Every government system.
Every banking transaction.
They will all need to be replaced, rewritten, revalidated, or retired.
For companies positioned at the forefront of this transition, the next decade represents
a historic, non-discretionary, mandated revenue stream—one that will secure not only
balance sheets, but the very continuity of the digital world.
In the end we will all be quantum-safe, however scrutiny of one’s suppliers, their software, their systems, their supply chain will be necessary and on-going. If there is
one break in the chain then that becomes the weak link and you’re vulnerable instantly.
The answer to the problem may be closer than we think, look to our interview with Krown Technologies CEO James Stephens, let us know in the comments what you think.
References
National Institute of Standards and Technology. (n.d.). Post-Quantum Cryptography
Standardization Project. https://csrc.nist.gov/projects/post-quantum-cryptography
National Institute of Standards and Technology. (2024). NIST releases first 3 finalized
post-quantum encryption standards. https://www.nist.gov/news-
events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards
Intel Corporation. (2024). Accelerate Post-Quantum Cryptography with Intel Crypto
Technologies.
https://www.intel.com/content/www/us/en/content-details/866282/accelerate-post-
quantum-cryptography-with-intel-crypto-technologies.html
Google Cloud. (2024). How Google Cloud is helping customers prepare for a quantum-
safe future.
https://cloud.google.com/blog/products/identity-security/how-were-helping-customers-
prepare-for-a-quantum-safe-future
Thales Group. (n.d.). Thales Luna HSM Quantum Ready Solutions.
https://cpl.thalesgroup.com/encryption/hardware-security-modules
European Commission. (2024). EU Coordinated Implementation Roadmap for the
Transition to Post-Quantum Cryptography.
https://digital-strategy.ec.europa.eu/en/library/coordinated-implementation-roadmap-
transition-post-quantum-cryptography
Australian Cyber Security Centre. (2024). PQC Guidance.
https://www.linkedin.com/posts/marinivezic_pqc-quantumreadiness-quantumsecurity-
activity-7376855406004011008-OjX0
