India is taking decisive steps to prepare for the cybersecurity threats posed by quantum computing, according to a new whitepaper by CERT-In in collaboration with SISA. The report, “Enhancing Cyber Security in India: Transitioning to Quantum Cyber Readiness,” outlines the risks posed by quantum systems to existing cryptographic standards and presents a phased strategy to mitigate them.
Quantum threat is now, not next
Quantum computers are advancing rapidly, with companies like IBM, Google, and Microsoft already achieving significant milestones. These developments pose a direct risk to encryption systems that protect financial records, healthcare data, digital signatures, and government communications. The report warns that threat actors may already be engaging in “Harvest Now, Decrypt Later” (HNDL) tactics—collecting encrypted data today with plans to decrypt it using quantum systems in the near future.
With cryptographically relevant quantum computers (CRQCs) predicted to become viable by 2028–2030, organizations storing sensitive data with a 5–10 year shelf life face urgent risks.
A four-phase strategy for quantum readiness
The CERT-In roadmap includes four key phases: foundational assessment, technology readiness, organizational rollout, and continuous resilience. Organizations are advised to begin by mapping cryptographic assets and conducting risk assessments using Mosca’s Theorem (X + Y > Z). This evaluates whether the time needed to migrate and the lifespan of sensitive data exceeds the arrival of quantum threats.
Other recommendations include creating a Quantum Bill of Materials (QBOM), forming cross-functional task forces, adopting hybrid cryptographic models combining classical and PQC algorithms, and investing in AI-enhanced cryptographic discovery tools.
Sector-specific implementation and national standards
The report offers tailored guidance for government, banking, healthcare, telecom, and critical infrastructure. It also advocates for early adoption of Quantum Key Distribution (QKD) and QRNG (Quantum Random Number Generation) technologies for ultra-high-security environments. A timeline is proposed for national transition, starting in 2025 and culminating in full deployment by 2030, with PQC integrated into all systems, processes, and vendor engagements.
The whitepaper positions India to not only withstand the quantum threat but also lead in shaping secure digital futures through algorithm diversification, policy alignment, and infrastructure overhaul.
