Migration Planning and Strategic Considerations to Lead in the Post-Quantum World

by Theodore Noah, Post-Quantum Cryptography Transition Architect and Rod Fontecilla, Ph.D., Chief Innovation and AI Officer

Cybersecurity, Post Quantum Cryptography, Post Quantum Encryption, Quantum Computing

This post is part of a series, Preparing for the Post-Quantum Era: Best Practices for Federal Agencies. See Part 1, Part 2, and Part 3.

Successful post quantum cryptography (PQC) migration requires careful orchestration of asset discovery, technical upgrades, operational procedures, and organizational change management. Agencies must develop comprehensive migration strategies that balance security requirements, operational continuity, and resource constraints while maintaining mission-critical capabilities throughout the transition period. As agencies develop their migration plans, the following elements are critical:

Risk-based prioritization allows agencies to consider both quantum vulnerability and operational criticality. Systems protecting the most sensitive data or supporting essential mission functions should typically receive priority, while lower-risk applications may be addressed in later implementation phases.
Testing and validation procedures are critical components of migration planning, requiring comprehensive evaluation of PQC algorithms in operational environments before full deployment.
Change management considerations include user training programs, updated operational procedures, and communication strategies that help stakeholders understand the importance and implications of PQC transitions.
Contingency planning should address potential acceleration scenarios where quantum threats emerge more rapidly than anticipated, requiring compressed migration timelines and emergency response procedures.
Hybrid implementation strategies often provide the most practical approach for large-scale migrations, allowing agencies to gradually transition from classical to PQC cryptography while maintaining operational capabilities.

How to Lead on PQC

The transition to PQC represents one of the most significant cybersecurity challenges facing federal agencies in the coming decade. Federal leadership in PQC preparedness not only protects government operations but also sets important precedents for private sector adoption and international cooperation. Success requires proactive planning, comprehensive preparation, and sustained organizational commitment to implementing new cryptographic standards before quantum threats materialize.

At the U.S. Department of Veterans Affairs (VA), we are actively working to support this transition. Our work in conducting thorough asset inventories, establishing effective vendor communication strategies, and developing accurate cost projections. These foundational contributions are intended to help the VA achieve an orderly, secure, and successful post-quantum transition.

The quantum transition timeline remains uncertain, but the imperative for preparation is clear. Agencies that begin comprehensive planning efforts today will be best positioned to maintain mission-critical capabilities while meeting federal compliance requirements. We can help guide you through that process, with our proven experience and documented framework.