TL:DR - Not quite, but they are positive step forward.
Why the Panic?
Let’s get one thing straight between us: cryptography is everywhere. It’s the digital lockbox guarding your bank account, your doctor’s records, military secrets, and even the national power grid.
It’s the quiet bodyguard you never think about - until it gets knocked out.
Knowing there is a risk to our current cryptographic security the guys at ECCG, have provided the following advisory paper on what we should do when it comes to SHORing up (see what I did there) our current cryptographic infrastructure.
Europe’s cybersecurity brainiacs the ECCG - have dropped a 50-page well thought out guide of new cryptographic guidance.
Cryptographic infrastructure in widespread use today has evolved over decades, with many core components dating back between 20 years, and up to 50 years in some core legacy environments.
Faster computation has resulted in consistent upgrades and rethinking over the years, but when you speak to the teams behind the standards all agree that we are entering into an age where the disruption posed is about to become a very different animal, the characteristics of which are still being debated. The culprit - Quantum Computation which is poised to break through out current cryptography like a knife through butter at some point in the future.
This isn’t a “might be nice to follow” memo.
TL;DR? You’re Not Safe - You’re Just Not Broken Yet
This ECCG guidance isn’t a full solution, well ok, its a well considered stop gap solution.
It’s a carefully-worded shrug from the experts.
Picture a grizzled plumber pointing at your century-old boiler:
“Well… it hasn’t exploded. Yet. We can patch it until it does or until we can get a replacement”
That’s where we are with cryptography, and to be fair its the best position available to us at this time.
We know its at risk from Quantum computation, nobody is quite sure when its at risk of being unbuttoned - sometime between 2027 and 2035 is current best guess.
However the window of opportunity to fix up all of our current cryptography even by 2035 is closing and probably impossible to meet given all of the considerations, change, upgrades and related complexities.
What’s Really Going On?
Let’s unpack this with real-world terms:
Post-Quantum Cryptography (PQC): These are new mathematical locks meant to resist quantum hacking. Clever, hopeful, not bulletproof - they aim to bridge the gap between today and the surefire risk of Quantum computation breaking our cryptography at some point in the future.
Hybrid Crypto: A kludgy mix of old and new crypto, it is like wearing both a parachute and a seatbelt at once.
Crypto Agility: The ability to swap encryption fast. Essential, but right now, harder than getting my twelve year old to do the dishes. A nice idea and a slick position but in practice somewhat detached from current reality.
Ownership: No one in most organisations really owns cryptography, most companies do not have a head of cryptography - it sort of sits in a magical Narnia located between the CISO’s ownership and the CEO’s risk.
This is the biggest risk of all.
Oh — and everyone quietly agrees: we’re guessing as best we can.
Causal Analysis Of Post Quantum Cryptography Business Continuity and Risk - Updated April 2025.
🗝 Two Types of Crypto: One to Keep, One to Bin
ECCG has split algorithms into two camps:
Recommended Algorithms: Today’s best - ready (ish) for tomorrow’s quantum attacks.
Legacy Algorithms: Still in use but toast as soon as a quantum computer finds its feet and is able to scale cryptographically in its factoring of numbers and its ability to break cryptography.
Using legacy crypto is like locking your safe with a 90s bike lock.
Against quantum threats, it’s basically a wet paper towel.
Cybersecurity Training - Understanding Post Quantum Cryptographic Risk
How Cryptography Actually Works
Imagine a sandwich:
Primitives = The ingredients (like AES, SHA-3) - these are the core locks
Constructions = The recipe (secure emails, digital signatures).
Protocols = The instructions (TLS, SSH) for how you eat the sandwich securely.
Use expired mayo (legacy algorithms), and you risk a very bad day.
🚀 Post-Quantum Isn’t Sci-Fi Anymore
Quantum computing is here now, today and is already being used in Quantum Sensing, Quantum Secure Communications and even at its nascent stage in computation.
This is about mathematical algorithms designed to resist quantum computers. Think:
- Kyber (lattice-based)
- SPHINCS+ (hash-based)
- Classic McEliece (code-based)
They’re chosen not because they’re perfect, but because they’re the least likely to implode first.
Hybrid Crypto: Temporary Fix, Not Forever
Hybrid crypto combines old and new - you can think of it as a crypto mullet.
It works for now but adds complexity, cost, and weight.
It’s a hedge, not a solution.
Eventually, we’ll need a proper system, probably one based on Quantum Cryptography to be completely secure.
But for now? This is the best we’ve got.
The Conversation We Are Not Having
Many legacy systems lack the memory and compute to support PQC algorithms, or have hardcoded or ROM-based cryptographic implementations with no secure or remote update mechanisms, devices are often in inaccessible environments.
Older HSMs and Trusted Platform Modules (TPMs) are may have an inability to load new cryptographic algorithms, limited support available for changes and updates unless it results in new revenues, and certifications tied to legacy crypto suites (e.g., FIPS 140-2 with RSA/ECC).
Many PKI systems are deeply rooted in legacy crypto for trust anchors (roots of trust), meaning long-lived signatures may be impossible to retroactively secure, Root CAs using RSA/ECC with 10+ year validity are an issue and there is likely to be contractual, legal, and regulatory entrenchment that needs a significant amount of sorting out.
It becomes a little scary when you then consider some of the most mission critical systems in production deployment, certification processes may make software changes prohibitive, some system vendors may no longer exist (or no longer support hardware) and physical access for updates may be challenging or at least impossible.
Quantum Crypto: The Gold Standard… Sort Of
Post-Quantum Crypto (PQC): Uses maths. Easier to deploy. Trusted for now. But could be cracked one day.
Quantum Crypto (QC): Uses physics. Theoretically uncrackable. But very hard to scale and wildly impractical today.
If PQC is a sturdy padlock, Quantum Cryptography is a vault made of physics.
Unfortunately, it’s not really available yet.
A simple, non complicated, non technical overview of Post Quantum Cryptography for executives in about 20 minutes.
The AI and Quantum Wildcard
What if AI invents a new quantum attack tomorrow? That’s why ECCG isn’t just saying “use new crypto.” They’re saying:
“Be ready to replace it. Fast.”
Enter crypto agility.
🔄 Crypto Agility: Easier Said Than Done
It sounds like a quick software update, right?
Nope.
- “Just change the algorithm” → It’s hard-coded in thousands of places.
- “Update the firmware” → Most devices can’t be patched.
- “We know what we use” → Most orgs have zero cryptographic inventory.
- “Our vendors are ready” → Insert nervous laughter here.
Agility means overhauling your entire cryptographic plumbing. Organisations are not ready, systems, software and infrastructure utilises a stack of cryptographic standards, some of which can be changed, many can not.
CEO’s are responsible, personally and financially for the risk of data breaches, but as we stated without ownership its a risk bobbing along on a sea of “not my job” and “above my pay grade” sentiment.
The Hidden Costs
Crypto upgrades = 💰💰💰
- People: Crypto engineers are rare and expensive.
- Tech: You need new tools, new libraries, and infrastructure upgrades.
Business: Small firms are lucky, they can probably just migrate to new infrastructure services for the majority of their risk. Mid-size firms = 6-figure costs from services providers and cyber companies that will do the work for you. Critical infra = 7 to 8-figures. And compliance fines if you miss the mark.
Third-Party Time-bombs
Even if you upgrade, your cloud provider, payment processor, or printer might not. If they stall, you’re sunk. This problem of ensuring third party cryptographic hygiene is a major problem and one that causes your CISO to bury their head in their hands.
Who Actually Owns This?
Usually? No one. Which is the problem.
Crypto is embedded in: Dev tools, Apps, Network stacks, Databases, Vendor APIs, Network infrastructure, Everywhere
No one knows where it all lives. No one tracks it.
The 6-Step Crypto Action Plan
Inventory everything - Know where crypto lives. This is easier said than done - there are currently less than 10 firms I am aware of that have this capability and not one with an end-to-end capability.
A List Of Cryptographic Discovery, Audit and Remediation Vendors for PQC Projects.
Assign ownership - Make someone responsible - unfortunately the last person I know that was gifted with their enterprise crypto obsolesce project resigned within a week when the scope of work became visible.
It is a hell of a project for all of the reasons listed above.
Go modular - Make swapping easy - easier said than done. Try upgrading cryptography on near obsolete or legacy systems or getting vendors to prioritise the patch for zero revenue.
Migrate to hybrid crypto - It’s the best we’ve got.
Demand vendor compliance - No exceptions and monitor your third party risk, requires tools like Venari Security / QryptoCyber currently although other vendors are catching up.
Train your people - Especially your engineers.
Final Thoughts
You’re not secure. You’re just unbroken - for now.
The ECCG isn’t giving you a fix. They’re giving you a flashlight, a map, and saying:
“Best of luck - watch for falling cryptographic rocks.”
If no one owns your crypto, then no one owns your security.
There will be casualties, the organisations that do not fall foul are the ones where the CEO and the CISO are “Risk Aware” have ownership of the issue pinned down and a tight timeline for remediation.
As such the advice has to be for organisations to own it, or one day, someone else will.
Even with the new guidelines organisations face a herculean task in securing their cryptography for the post-Quantum world and those organisations that leave it late will be left exposed and in a state of panic come Q Day.
