Companies can’t afford to disregard the quantum risk to their IoT infrastructure, business leaders warned in IoT Insider’s first-ever stay webinar, held on Tuesday 3 March.
Whereas a commercially viable quantum pc able to breaking right this moment’s encryption will not be but right here, the time to arrange is now.
“I think it’s closer than it’s ever been. You know, it’s sort of my view. We definitely see quantum accelerators on the roadmap… it’s closer than that. I wouldn’t be surprised if we saw hardware options in the not too distant future,” stated Scott Shaffer, VP & Chief Technologist, Compute at HPE.
“The threat, in my mind, isn’t just decrypting data streams — it’s protecting the infrastructure. If someone can compromise the firmware in your devices, then they don’t need to decrypt the data; they’re already on the device, and they can mess with it. That’s the real concern.”
The warning underscores the rising urgency for companies to arrange for the period of commercially viable quantum computer systems, which specialists imagine will ultimately render typical encryption, together with RSA and ECC, weak. Shaffer emphasised that early mitigation is important. “It’s not easy to do this in firmware in the very beginning. Putting in place robust authentication today is critical, because if the base layer of your device is compromised, it doesn’t matter whether your OS is secure.”
Ben Packman, Chief Technique Officer at PQShield, highlighted that preparation is a race towards time. “We are ahead of the threat right now, but the time to act is today. You need to build crypto agility into your platforms and ensure your IoT devices are PQC-ready. That’s not about panic — it’s about being proactive so that in 2030 or 2035, you’re not forced to replace everything.”
Packman pointed to high-value targets like prescription drugs and vitality infrastructure. “Harvest now, decrypt later is a very real strategy. If someone steals data today and waits until a quantum computer is capable of breaking it, that information could become incredibly valuable. But more critical still is the risk to infrastructure itself — once attackers compromise firmware, they control the device and the data it handles.”
Thorsten Stremlau, Techniques Principal Architect at Nvidia and Advertising and marketing Group Chair for the Trusted Computing Group, careworn the function of requirements and provide chain engagement. “Start with an assessment. Identify what’s critical and what isn’t. Work with device manufacturers, integrators, and your own teams. It’s a partnership. You can’t do this in a vacuum. And for long-lived IoT devices, a plan today is crucial to ensure security over a 10- to 15-year lifecycle.”
Requirements are evolving quickly, with NIST, the Trusted Computing Group, and nationwide our bodies offering steerage on post-quantum cryptography (PQC). Stremlau defined: “The NIST algorithms are the reference point. Cloud providers are beginning to implement post-quantum TLS and other protections. From 2027, make devices PQC-ready; from 2030, implement PQC. By 2035, governments expect compliance. Don’t wait to get started.”
The panel additionally highlighted that implementation, not simply algorithms, is the place safety is most weak. Packman famous, “Algorithms are fine. Implementation is where holes appear. That’s why collaboration across the industry is so important. You want multiple experts globally reviewing solutions. You don’t write your own cryptography in isolation.”
Testing quantum resilience right this moment stays difficult. Shaffer cautioned: “You can’t run Shor’s algorithm on a simulator in any meaningful timeframe. What you can do is survey your devices, understand the cryptography they use, and know which parts are at risk. That’s your starting point.”
For companies fearful about value, the panel was clear that proactive measures can align with regular refresh cycles. Stremlau stated, “This doesn’t have to be a massive, expensive programme. Integrate PQC into your ongoing updates and infrastructure refreshes. It’s about small, incremental changes — build security in rather than bolt it on later.”
Workers schooling was one other precedence. Stremlau really useful accessible assets: “Quantum computing isn’t one plus one. Educate your teams. Start building awareness now so that your organisation and supply chain are ready.”
The dialogue concluded with a reminder that quantum threats are common, however threat is contextual. Shaffer reiterated, “Not every data stream is high value, but every device can be a target. Protect the firmware and the infrastructure first. That’s the real quantum threat.”
The session, that includes insights from Shaffer, Packman, and Stremlau, is now accessible to observe on demand through the hyperlink beneath.
