The federal deadline is not the decision point. The procurement cycle you are entering today is.
The Problem is Operational, Not Theoretical
Let’s fast forward to 2031. A regional power utility is running a quantum-readiness audit when the inventory tool flags a Schweitzer SEL-351 protective relay (a device that automatically trips a circuit breaker to isolate a fault before a blackout). It was installed in 2009. It is still executing RSA-2048 for SCADA authentication, running its original firmware, and cannot be physically accessed without a scheduled outage requiring 90-day regulatory notice. The device has eleven years of remaining life. The vendor stopped issuing updates in 2024. Replacement lead time is fourteen months.
In isolation, it’s just legacy infrastructure. In aggregate, it’s something else: a predictable, long-lived trust anchor built on aging, deployed, and un-patchable cryptography. An attacker doesn’t need to break in; they can wait. The target is stable, the constraints are known, and the adversary is patient. Once RSA-2048 is no longer a barrier, authentication becomes impersonation, and a device designed to protect the grid becomes a path to disrupt it. Nobody forged a firmware signature that day. Nobody needed to. The window was already open.
An even more immediate concern is that five years of authentication traffic may already be in an adversary's collection, waiting for a quantum computer. This relay is not an edge case. It is the landscape across energy, water, transportation, and industrial manufacturing. The Operational Technology (OT) installed base reflects purpose-built hardware deployed for decades, certified under frameworks that treat firmware changes as safety events, and maintained by vendors whose roadmaps predate PQC as a procurement consideration.
The 2026 White House Cyber Strategy correctly calls for modernization. Yet, for a significant fraction of OT, migration is not a configuration change or library upgrade. It requires capital expenditure, regulatory filings, vendor negotiation, and outage windows. For some devices, full PQC compliance will not be possible before a cryptographically relevant quantum computer (CRQC). That reality needs a plan.
What the Strategy Establishes and What It Doesn’t
The 2026 strategy avoids prescribing implementation architecture. That is the right call. No federal document can enumerate the constraints between a municipal water utility’s SCADA network and a DoD mission system running on legacy-certified HSMs. What it does provide is procurement latitude: agencies and Critical Infrastructure operators can move faster on PQC adoption without waiting for additional guidance cycles.
NIST has finalized the algorithms, but crypto-agility is the real finish line. Engineers still must determine parameters, hybrid versus pure-PQC approaches, and migration sequencing across heterogeneous environments. And this will not be the last cryptographic transition. The 2026 strategy reflects that reality, accelerating access to private sector capabilities. Sustained partnerships with industry and domain experts will be essential to maintain readiness as requirements evolve.
Where the Math Stops Working
The SEL-351 scenario has a hardware-level equivalent: an RTU deployed in 2014 running an ARM Cortex-M3 with 128KB of flash. It has no path to running a post-quantum key exchange. The silicon cannot support it. Hardware replacement is the only option, and Industrial Control Systems procurement cycles span five to seven years from specification to commissioning. That’s 2032.
This is where the strategy offers realism. OT systems are expected to be the last platforms to achieve PQC compliance due to patching constraints, hardware timelines, and governance. PQC in OT will be a sustained challenge. This is where innovation can help.
Key size illustrates the issue. ECDH over P-256 fits into ~64 bytes. ML-KEM-768 requires a 1,184-byte public key and a 1,088-byte ciphertext. For a PLC running tight scan cycles over low-bandwidth serial links, such as RS-485 at 9,600 baud, that delta is not an optimization problem; it is an architectural incompatibility. While not universal, these constraints still exist in the field and they are the ones that matter most because they cannot be easily changed.
OT cryptographic constraints are not performance inconveniences; in many cases, they are hard physical limits. Acknowledging that is not defeatism. It is the starting point for a realistic plan. Fortunately, the OT asymmetric attack surface is narrow: VPN gateways, firmware signing, secure boot chains, and industrial protocol authentication. That scope is small enough to address systematically. This begins with cryptographic inventory and prioritization. Automated Cryptography Discovery & Inventory tools such as Arqit’s Encryption Intelligence provide the sophistication to catalogue and quantify cryptography and associated risks.
An adversary who can forge firmware signatures using a CRQC can compromise entire fleets in a single operation. CNSA 2.0 prioritizes this attack surface. NIST SP 800-208 already approves stateful hash-based signatures for firmware signing, and viable implementations exist today. More and more, near-term approaches include deploying PQC wrappers to protect existing systems.
In OT environments, cryptographic implementations are owned by the vendors of PLC, SCADA, and relay manufacturers. Procurement must require migration paths to NIST FIPS 203/204/205-compliant firmware and support for algorithm and key replacement over device lifetimes, with no hardcoded cryptography. Where migration is not feasible, compensating controls such as segmentation, unidirectional gateways, out-of-band authentication, and even air gaps, are necessary. That is not failure; it is engineering.
PQC innovations such as Arqit’s NetworkSecure leverage lightweight symmetric keys for quantum-safe protection, reducing dependence on public-key infrastructure while enabling rapid rotation, forward secrecy, and dynamic control. This provides a near-term, cost-effective path to quantum-safe security.
The implication is straightforward: post-quantum readiness is not a single migration event; it is an architectural posture. The systems that will matter most in a CRQC scenario are those that cannot move quickly due to operational constraints and embedded cryptography. That shifts the focus from algorithm selection to control over key distribution, rotation, and trust boundaries. This is where solutions such as Arqit’s symmetric key infrastructure become relevant, not as a replacement for standards-based PQC, but as a complement delivering immediate quantum-safe protection as the ecosystem transitions.
The strategy, the constraints, and the timelines all point to the same conclusion: resilience will come from crypto-agility implemented through procurement, partnerships, and architectures that assume this will not be the last cryptographic transition.
To find out how Arqit can help your organization prepare for PQC migration and remain compliant in the post-quantum world, get in touch.
31 March 2026
Arqit