Continue your mission
Y2Q preparation addresses the projected date quantum computers break current encryption, requiring organizations to begin migration now given harvest-now-decrypt-later threats.
Y2Q, or Quantum Day, refers to the projected date when a cryptographically relevant quantum computer (CRQC) becomes capable of breaking current public-key cryptographic systems. Preparing for Y2Q encompasses the strategic planning, technical assessment, and migration activities organizations must undertake to protect their data and systems before this capability emerges.
Y2Q preparation follows a structured framework. Risk assessment evaluates the organization's exposure by analyzing data sensitivity lifetimes against projected quantum timelines -- if data must remain confidential for 20 years and quantum capability may arrive in 10, the migration deadline is today. Cryptographic discovery maps every algorithm, key, certificate, and protocol across infrastructure. Prioritization ranks systems by risk exposure, focusing first on long-lived secrets, harvest-now-decrypt-later vulnerability, and regulatory requirements. Migration planning selects appropriate PQC algorithms for each use case, tests performance and compatibility, and defines phased rollout schedules. Hybrid deployment runs classical and PQC algorithms simultaneously during transition, maintaining backward compatibility while adding quantum resistance.
Timeline estimates for CRQC capability range from 2030 to 2040, but uncertainty is high. The harvest-now-decrypt-later threat means the effective deadline for protecting long-lived secrets has already passed. Federal mandates require agencies to inventory cryptographic systems and begin migration. Supply chain implications mean even organizations not directly regulated must prepare as partners and vendors impose quantum-readiness requirements. The organizations that start now will have orderly transitions while those that delay will face compressed timelines and elevated risk.
CDA treats Y2Q preparation as an immediate Risk Governance and Assurance priority, not a future concern. Our missions deliver practical quantum readiness assessments, helping organizations calculate their specific migration deadlines, prioritize system transitions, and build the organizational capability for sustained cryptographic evolution.
CDA Theater missions that address topics covered in this article.
Evidence collection and chain of custody ensure digital evidence maintains integrity and legal admissibility through forensically sound gathering techniques, cryptographic verification, and documented handling records.
Incident response plan development creates a structured, documented approach for handling cybersecurity incidents, defining roles, procedures, and communication protocols to enable rapid, coordinated response.
Written by CDA Editorial
Found an issue? Help improve this article.