Skip to Main Content Subscribe

War Department Details Post-Quantum Cryptography Roadmap

Share

The Pentagon is accelerating PQC adoption across military networks, weapons systems and the defense industrial base under a new strategy.

4m read
Written by:
Pentagon CIO Kirsten Davies
Speaking at the GovCIO Media & Research Federal Tech Leaders Summit on June 12, 2026, War Department CIO Kirsten Davies outlined efforts to reduce technology debt, embrace skills-based hiring and accelerate delivery of capabilities to warfighters. Photo Credit: Invision Events

The War Department’s first enterprise-wide strategy to transition military systems to post-quantum cryptography (PQC) sets firm deadlines to secure high-impact national security systems by 2030 and the broader force by 2031 as quantum computing threatens today’s encryption.

The strategy outlined how the department will deploy quantum-resistant cryptography across military networks, command-and-control systems and weapons platforms. It followed one day after President Donald Trump’s June 22 executive orders on quantum innovation and national security.

“Empowering the warfighter is the relentless objective that drives every program,” Pentagon CIO Kirsten Davies said in the strategy’s accompanying fact sheet. “To deliver on Secretary [Pete] Hegseth’s vision of the most lethal and dominant military force in the world, our networks must be impenetrable.”

While practical quantum computers remain years away, officials warn adversaries could already be collecting encrypted military communications with plans to decrypt them once the technology matures — a threat commonly known as “harvest now, decrypt later.” The strategy aims to replace today’s vulnerable public-key encryption with quantum-resistant algorithms before that happens.

Experts say national security systems must begin the transition now because migrating cryptographic infrastructure across the Defense Department will take years.

“If there are other nations that get ahead of us as far as post-quantum cryptography is concerned, they have a head start in terms of security,” Prathibha Rama, computer engineer at Johns Hopkins University Applied Physics Laboratory, said during CyberScape: The Federal Cybersecurity Summit in April. “They won’t have to worry about it in five to 10 years down the line when quantum computers are around. We’ll be behind.”

DOW’s Enterprise Migration Strategy

The plan establishes five priorities for the department’s transition:

  • Centralized governance to standardize implementation across military services.
  • Department-wide inventories of existing cryptographic systems.
  • Accelerated testing and development of quantum-resistant technologies.
  • Expanded partnerships with industry and standards organizations.
  • Deployment of PQC capabilities across land, sea, air, space and cyber operations.

The strategy calls quantum computing an “existential threat” to military operations.

“Cryptography is a foundational mission enabler across nearly all DOW systems,” the strategy states. “From the authorization and deployment of nuclear weapons to the execution of coordinated maneuvers with mission partners, insecure communications pose an existential threat to DOW missions.”

Implementation Will Be Complex

Defense Information Systems Agency leaders told GovCIO Media & Research that transitioning to PQC will require years of testing, engineering and modernization.

At TechNet Cyber 2026, DISA DODNet Chief Engineer Mike Butler said early prototyping has already shown the department will need to adjust requirements as migration efforts progress.

“You may learn [prototyping is] going to change what the end state is and ultimately may need to be,” Butler said. “It may introduce new requirements that we didn’t think about from a defensive cyber operations perspective or from a quantum encrypting perspective.”

DISA PAE Cyber Brian Hermann said the transition begins with modernizing the department’s public key infrastructure (PKI), which underpins digital identities across War Department networks.

“The one thing that I think is on our mind, especially is the drive to accelerate PQC adoption. Step one of that is the basis for identity, which are [PKI],” Hermann said.

Hermann said many organizations across the department have yet to realize they’ll play a role in the migration.

“There’s probably a bunch of people that haven’t heard that they have a role to play in PQC,” Hermann said. “We’ll begin to test across the department, but it’s a pretty challenging space.”

The strategy also calls for developing a new generation of High Assurance End Cryptographic Units and embedded tactical encryption modules to secure battlefield communications, satellite networks and other operational technology.

“Every piece of [operational technology-connected] hardware, every software application that we buy, we need to make sure that it’s compliant with those standards for PQC,” Hermann said. “That’s a big challenge, not unlike zero trust adoption across the department.”

Driving Industry Adoption

Beyond modernizing DOW’s systems, the strategy aims to reshape how the department acquires cybersecurity technologies.

Davies said centralized governance will help the department streamline procurement, reduce duplicative spending and accelerate adoption.

“We are answering the president’s call by establishing centralized governance — ensuring we leverage our buying power, eliminate waste, and secure the best possible value for every taxpayer dollar while moving at speed of innovation,” Davies said in the fact sheet.

The strategy directs the department to review acquisition policies, streamline testing and deployment processes, and use its purchasing power to encourage broader adoption of quantum-resistant technologies across the commercial cybersecurity market.

Defense contractors will also be expected to prepare for future Federal Acquisition Regulation requirements related to post-quantum cryptography. The strategy directs military components to inventory cryptographic capabilities across both national security systems and Defense Industrial Base networks while identifying vulnerabilities and opportunities to automate the transition where appropriate.

As implementation begins, combatant commands are starting cryptographic inventories while DISA continues working with vendors to refine technical requirements.

“We understand what their requirements are, we understand what that’s going to look like,” DISA acting DODNet Deputy Program Manager Kelli Garczynski told GovCIO Media & Research, adding that quantum-resilient protections must provide the “same or better” performance than current capabilities.

Hermann said the department is already accelerating its timeline.

“You’ll see us trying to move a little faster than we had thought of a few years ago and that’s pretty challenging,” Hermann said. “I’ve been extremely proud of our team.”

With the strategy now in place, Davies said the department has a roadmap to protect military communications before quantum computing becomes capable of breaking today’s encryption.

“With deliberate and careful planning, guided by this strategy, I am confident the DOW will meet this challenge and provide confidence to our warfighters that the systems they trust with their lives will be secure and available when it counts,” she wrote.

Related Content