Uncertain quantum future presents ‘existential threat’ to US military missions, DOD warns

The Pentagon’s new Post-Quantum Cryptography Strategy frames the emergence and full realization of quantum supercomputing as an existential threat to U.S. national security and global military dominance. 

Released on Tuesday, the new 25-page plan directs Defense Department personnel to harden critical communications networks and information systems by fully implementing quantum-resistant algorithms — and sets deadlines and milestones for the hefty, quantum-safe transition. 

“Nearly every deployed military asset will be affected in some way, adversaries will continue to probe for weaknesses, and costs will be incurred,” DOD Chief Information Officer Kirsten Davies wrote in the strategy’s introduction.

Quantum information science and related technologies apply complex phenomena happening at atomic and subatomic levels to store, transmit, manipulate, process, and measure data and information. 

Once they can be exploited at-scale in the not-so-distant future, quantum capabilities are anticipated to spark revolutionary advancements, like encryption-breaking algorithms and unhackable communication networks.

President Donald Trump signed the National Quantum Initiative Act into law in late 2018, during his first presidential term. 

On Monday, the White House unveiled two new executive orders from the president that are intended to speed up and streamline the federal government’s pivot to post-quantum encryption, and reprioritize investments and financing to support the domestic quantum computing industry. 

The commercial quantum EO also directs the Pentagon to identify at least three next-generation quantum-enabled sensor projects to prioritize in order to field such sensors by Sept. 30, 2028.

DOD’s new PQC Strategy, published the day after Trump’s quantum directives, outlines the department’s overarching plan to safeguard its critical systems, and ultimately prepare “for a future battle space enabled by Cryptographically Relevant Quantum Computers (CRQC).”

The strategy notably instructs the department to ensure all of its systems support PQC, or are phased out, by Dec. 31, 2030. 

Further, every DOD system must use PQC, unless otherwise specified, no later than Dec. 31, 2031.

Officials wrote that “from the authorization and deployment of nuclear weapons to the execution of coordinated maneuvers with mission partners,” insecure communications associated with the rise of quantum capabilities “pose an existential threat” to the DOD’s operations.

They further state that the potential for U.S. adversaries to use computers that can break present-day asymmetric cryptography “presents a substantial threat” to the department and its military systems that are protected merely by modern cryptographic algorithms.

Some of the risks presented include America’s enemies applying a CRQC to collect and decrypt classified information transmitted over terrestrial, space, radio frequency, and other network infrastructure; take control of and weaponize DOD’s systems; or install unpredictable malware into weapons platforms and access command-and-control systems in theater, which could lead to integrity failures and loss of U.S. information dominance.

The strategy lists five major lines of effort and eight associated strategic goals for the Pentagon to pursue. 

Some of those activities aim to “fully understand the most consequential challenges and vulnerabilities of legacy cryptographic systems on mission relevant timelines and their scope of use,” and to “prepare and implement adaptive and autonomous defense-in-depth mitigation and response strategies, including cryptographic agility, for an unpredictable quantum future state, to include new processes for testing, distributing, and installing critical cryptographic updates and patches.”

The department’s planners and systems owners are also told to identify all cryptography in use in both National Security Systems (or those dealing with intelligence, cryptology, military command, or weapons systems) and non-NSS assets (used for routine federal and commercial business), then determine which are quantum-vulnerable and assess the organizations’ exposure to potential CRQC threats. 

“This strategy outlines deliberate and actionable objectives we must achieve to migrate our war fighting capability (and supporting systems) to ensure continued mission readiness,” Davies wrote. “This includes increasing our capacity to leverage industry capabilities by introducing processes for swift commercial solution vetting and streamlining testing and evaluation.”

In response to questions from DefenseScoop, Accenture Federal Services’ Cyber Lead, Amanda Satterwhite, said Thursday that the administration’s new directives mark “a decisive signal that cybersecurity must advance with AI and quantum capabilities.”

AFS operates as a systems integrator and modernization enabler for the DOD. 

The firm is evolving its AI safeguards and cryptographic systems to maintain a strategic advantage, according to Satterwhite, who said AFS works with partners like SandboxAQ to ensure America’s critical infrastructure will outpace future technological threats.

“The emergence of highly capable, cyber-focused AI models demands that we bridge the gap between commercial innovation and federal mission needs, evaluating these technologies before deployment to protect our nation’s most sensitive environments,” she noted.