Preparing for the Quantum Leap: NCSC's Strategy for Post-Quantum Cryptography Migration

The National Cyber Security Centre, (NCSC), the national technical agency for cyber security, has set out a timeline and three-step plan for key sectors and organisations, deemed CNI, or (Critical National Infrastructure), to migrate to quantum-resistant encryption methods, provisionally by 2035, 10 years from now.

The Digital Paradigm

In March 2025, The National Cyber Security Centre, (NCSC) published new guidance for service providers and CNI, (Critical National Infrastructure), urging service providers, critical sectors (including health) to start to think about migrating to Post-Quantum Cryptography, (PQC), also known as quantum safe, or quantum resistant cryptographic methods in order to avert future threats posed to encryption from the inception of quantum computers, and immediate threats to security of information posed today from potential Store Now, Decrypt Later attacks, in the US these particular types of attack are known as 'Harvest Now, Decrypt Later'.

Ollie Whitehouse, Chief Technical Officer, at the National Cyber Security Centre, (NCSC), has urged industry, and CIO's to be mindful of the fact that Migration to PQC is a major, national technology change programme, that will require significant investment, planning, and could take as much as 10 years to be successfully implemented seamlessly, across a large critical enterprise, pointing out that:

“As quantum technology advances, upgrading our collective security is not just important - it’s essential.”

Quantum Computers use the laws of quantum mechanics, and take advantage of quantum properties like Superposition, one of the fundamental principles of quantum mechanics which explains how a quantum system can be in multiple states simultaneously, and Entanglement, a quantum phenomenon governing the connection of sub-atomic particles, which explains how they can become 'entangled', or adopt the same state, even when separated by vast distances. It's believed that entanglement will become a new key mechanism for secure transfer of quantum data, or of data and information in the new quantum era, or likely some sort of hybrid approach involving this, namely entanglement combined with some form of mathematical cryptographic approach. Ollie Whitehouse, Chief Technical Officer at The National Cyber Security Centre, (NCSC) then went on to say:

Quantum computing is set to revolutionise technology, but it also poses significant risks to current encryption methods,” 

While a date for the arrival of a Cryptographically Relevant Quantum Computer (CRQC), that is a (quantum) computer capable of breaking current encryption algorithms, can't be predicted with accuracy,

A migration to PQC methods now, is seen as judicious both to mitigate any gaps in cyber defences as quantum computers become accessible, and in time widely available.

Microsoft introduced its quantum processor, Majorana 1 in February 2025, which it claimed is a major advancement in bringing the development of the first Cryptographically Relevant Quantum Computer, (CRQC) closer to reality.  

Also due to the time required to seamlessly migrate a large enterprise, especially one of critical national importance. History has shown that such migrations at scale, can take (a CNI) or large enterprise more than 10 years to complete, as Ray Harishankar, Lead for IBM Quantum Safe was keen to point out, warning CNI that:

"Unless people start thinking and planning today, they cannot complete the work in seven to 10 years."

So the scale of the task shouldn't be underestimated.

The Risk of 'Store Now, Decrypt Later' Attacks

However, the prospect of cryptographically relevant quantum computers does make hospitals particularly, extremely vulnerable today from 'Store Now, Decrypt Later' attacks. These are attacks whereby attackers harvest encrypted data now, and store with the intent to decrypt it later as and when quantum computers become available. Hospitals, are at particular risk from these sorts of attacks, and its important for Health CIO's to be aware that they could already have fallen prey to this particular type of attack, from actors wanting to harvest and store their encrypted information today, which is reason enough as to why Health CIO's should be aiming to move forwards with planning their migrations sooner rather than later.

What are some of the implications of this migration, at high-level. In some cases, migrating to PQC -compliant methods may require new software, and or even new hardware in some cases, as its likely that not all of your legacy systems and solutions will be able to support the larger cryptographic libraries and encryption keys of Post-Quantum Cryptographic, (PQC) compliant solutions. Also workforce training. as well as all of the testing, and validation activity your team will need to do, to install, onboard, and support the new cryptographic solutions.

A Caveat

Health CIO's should also be aware that in addition, you might also face the complexity, that while some of your legacy solutions may be able to accommodate the new larger PQC encryption algorithms, they might not be crypto-agile, which could mean you may be faced with further major disruption in the future if, as NIST, (The National Institute of Standards and Technology) predict, and as shouldn't be ruled out, the algorithm(s) you initially select, are subsequently defeated by hackers and need to be quickly replaced, and or substituted by PQC -alternatives. For this reason its important for the Health CIO to assess, and also verify that any legacy solutions that can be migrated, or that can adopt the initial PQC algorithms, are also 'Crypto-agile', and that the Health CIO weigh the risks of retaining any solutions that don't support crypto-agility, post this initial migration, in order to ensure they aren't faced with vulnerabilities and potential fines, and a subsequent raft of additional change or replacement projects for any non-compliant solutions that then need to be replaced, further down the line.

What Should A PQC-Migration Entail in the Immediate-to Short Term?

Migrating to Post-Quantum Cryptography will require engagement, as well as mobilisation of some of your internal Trust teams and departments initially around discussions for phasing out, and or replacements for any non-compliant solutions within the time (of this 7-10 year window mandated by NCSC), together with all of the implications also for finding and earmarking of additional budget which the Health CIO, should start to flag in their internal budgetary discussions, and build into their immediate financial projections and plans. Also workforce training, as well as all of the testing, and validation activity your team will need to do, to onboard, and support the new cryptographic libraries.

What Should the Health CIO Consider?

So what are some of the immediate things the Health CIO should consider, in starting to formulate his strategy for this migration, and moreover what can they start to do as of today, around planning towards their Post-Quantum Cryptographic, (PQC) Migration? To start to mitigate and get ahead of this risk? In terms of what the Health CIO should consider as they begin to think about their approach to this migration, they should firstly remember to keep in their minds:

Adopt a Crypto-Agile Mindset and Strategy

The Health CIO should start by identifying those systems impacted Some things the Health CIO should ideally do, to ensure a successful migration to PQC, is firstly to adopt a 'cryptography-by -design' mindset, or crypto-agile approach. The issue is that current IT systems, and applications lack, or weren't originally designed with any form of “crypto-agility” in mind. This hasn't been a problem to date, as there wasn't previously a need to ever change the cryptographic algorithms of systems/ applications.

However, Post-Quantum Cryptography is still evolving as a technology, so cryptographic technological developments could necessitate the need for further future migrations. also. That's in addition to key compromise, which NIST, in the US are already warning is a likely scenario for post- quantum threats,

especially at the inception of quantum computers, make the adoption of crypto-agility an absolute necessity.

Time & Investment: However, this approach will yield significant dividends to them and their IT teams in terms of sheer efficiencies, resulting in significant time and cost savings to the Health CIO, not only to operational IT teams in maintaining and supporting the new cryptographic algorithms, but also, as we mentioned earlier, should their hospitals, or health organisations encounter a situation whereby their initial PQC algorithms of choice are defeated by hackers, and need to be swiftly replaced.

Without this flexibility (of Crypto-agility), any requirement to switch to an alternative PQC algorithm potentially becomes a major change project, potentially requiring a complete solution overhaul, as opposed to just a modular update, as would be the case for a crypto-agile solution.

This is an example of an instance where a little bit of extra work to address this issue upfront, will save the Health CIO, and their IT team immensely later on.

To this end, the NCSC were keen to stress, that organisations, or

Health CIO's should remember that migrating to Post-Quantum Cryptography, (PQC) is a major change project, 

And as such will require significant time and investment to implement successfully across a large IT estate. Hence they prescribed a 7-10 year window for seamless completion, recommending that large institutions start planning their migrations now, or as soon as possible. Added to which the arrival of Cryptographically Relevant Quantum Computers, (CRQC) 'could' arrive earlier than anticipated, that is within the 10 year window.

Operational Burden

Its likely that migrating to PQC, as when was announced by NCSC back in March 2025 might well not have been within the Health CIO's initial Departmental budget projections for the financial year. In some cases, migrating will require in some cases, don't forget migrating may require:

• New software, possibly also new hardware, in some cases; and in the fullness of time will also require:

• Workforce training for staff, not only to work with the replacement solutions, as well as for IT Teams, to onboard, and support them; but also for IT Teams to

• Onboard, test and validate the new cryptographic solutions, and their associated libraries.

The issue for healthcare is that budgets are often tight and IT departments are already stretched thin. In a nutshell, what is clear is that the migration will require every hospital, and health organisation allocate resources, including money, people, and time. Moreover, due to the more demanding hardware requirements of PQC, the migration may not be limited to a software update only. You may not know what you may find once you really start to look into your IT Estate, it could require a much more fundamental change to your IT Enterprise or estate which could require a greater time than you may initially project, or assess to address.

Adopt a 3 Step Approach to Mitigate the Quantum Threat

Employ a logical 3-step approach, to start to think about/ mitigate the quantum threat, namely

Step 1: Assess Your Post-Quantum Compliance Status

Start to review all of their relevant systems and applications to clearly identify their 'Post-Quantum Compliance' status, which should ideally commence immediately with the hospital, or health organisation carrying out a quantum risk assessment,

Do A Quantum Risk Assessment

Integrating this assessment as soon as is possible into their overall risk management procedures. This might be a good time to revisit and update your current cryptographic policies and procedures also, amending them to reflect the changing regulatory requirements. This will start to provide the Health CIO with additional insight as to the gaps (between the present and PQC target state), which will provide further nuance for their plans, enriching the quality of their migration; and aid them in avoiding major errors, consequent additional costs, and unnecessary risks, as and when they come to execute the plan. However, their doing a quantum risk assessment will also provide them with useful insight about the urgency of the migration, or when the commencement of their migration should ideally be timed.

Create an Inventory of Cryptographically Relevant Assets

From there, the Health CIO might want to go on to create an inventory, documenting a list of all of the cryptographically relevant assets, or all of the solutions and systems that provide encryption currently within their legacy IT-estate.

The Health CIO should be careful not forget to include all of the cryptographic primitives, and protocols that are currently deployed within their hospital, or health organisation, together with all of the data, and communication flows they are deployed to encrypt, or protect.

This will help them to gain a firm view of the actual scope, and depth of the overall migration. Furthermore, cryptographic asset management will also come to form the basis for the Trust, or Hospital's post- PQC incident response procedure, that will be essential for the timely and efficient management of future cyber threats in the post quantum world.

Create an Inventory of Your Data Assets

Also, an inventory, or list of data assets handled by your Hospital will help you make good decisions. Its not necessary to be exhaustive in listing all your data, just a review of each, against its itemised data type should suffice for purposes of your planning, along the following lines, (as a minimum): identify its location, its kind, (or status, namely data at rest, data in transit or data in use); its classification or type, its value (that is whether its confidential, or available), will suffice to enable you to do a high-level risk assessment for each asset.

Step 2: PQC Migration Roadmap & Plan

In starting now to build the roadmap for the PQC Migration, the Health CIO should review the current cyber security status of the hospital, or health organisation. The aim being to gather the necessary information, and understanding of the dependencies to enable the Health CIO to determine which solutions should be migrated first. There's no hard and fast rule as to how this step should be approached, the Health CIO could begin by just doing a high-level review of the high-risk elements of the organisation initially. In this preliminary phase the Health CIO should be aligning all of the necessary requirements and budgets needed to Execute the plan also in this phase accordingly; and finally

Step 3: Execute.

In executing their migration plan, the Health CIO will need to determine How quickly the PQC migration will need to take place to ensure safety of data and systems by the NCSC's prescribed timeline, and move forward accordingly.

The Health CIO's Migration Strategy

The key pillars of the Health CIO's PQC Migration strategy, should ideally include the following as a minimum.

• Select a PQC algorithm. NIST has three PQC algorithms ready for use and was at the time of this writing in process of finalizing the draft standards for two others. It has recommended that organizations choose a primary algorithm -- such as Federal Information Processing Standard (FIPS) 203 for general encryption, and also one for digital signatures. NIST has also designated some alternative algorithms as backups in case the primary algorithms become vulnerable, hence the necessity of the 'crypto-agile' approach.

  
  

• Commence the Assessment of the PQC-Compatibility of Their Legacy Systems

  
  

  The Health CIO should commence an assessment of compatibility of their legacy systems, including their infrastructures, networks, firewalls, and IT applications for compatibility to crypto-agile PQC standards, documenting an inventory of all cryptographic dependencies; and remember also not only to assess their 'upstream' operational systems, but also their 'downstream' systems and solutions also

  
  

The issues is that many current healthcare systems may use outdated or proprietary hardware or software that may not be able to support modern cryptographic updates.

This includes many embedded systems and even medical devices, eg: pacemakers or even imaging or monitoring equipment, which could necessitate costly upgrades for those solutions. This is due to PQC algorithms typically having larger keys and ciphertexts, which may exceed the memory or bandwidth restrictions of legacy devices; Likewise:

• Review IT Infrastructure, and Network Security Devices

Don't forget to assess the PQC algorithm's effect on IT infrastructure, and their associated network intrusion detection systems also. The Health CIO should also be aware that

PQC algorithms will have implications for performance of their networks overall, and this may necessitate the need for future upgrades to optimise their networks or infrastructure.

• Quantum Networks and Internet - An Additional Potential Unforeseen Cost

  On a slightly separate note, the coming of future quantum internet may be an additional potential major future upgrade for Trust networks/ infrastructures, which will not be without significant cost. Currently no dates are being widely publicised for this. However, this will be another potential additional future cost, the Health CIO should plan for, or be aware its likely that worst case, upgrades (including to network infrastructure and cabling) to realise

The Quantum Internet could be introduced either just preceding or following immediately on the heels of the introduction of Cryptographically Relevant Quantum Computers, (CRQC), due to the potential implications of PQC-algorithms for latency, and fragmentation of network traffic.

• Review IT Applications

  The Health CIO can also start to raise and work with their third party solution providers where applicable to commence a preliminary review of the compatibility of their IT applications, to their PQC algorithms of choice.

  
  

  • Cloud-Based/Remote & In-house

    • Start to reach out to any third-party solution vendors for their legacy solutions, as part of preliminary discussions, to understand status of their solutions and supplier plans and roadmaps for making their solutions, quantum-safe, and quantum-ready. This exercise should give the Health CIO a prior indication as to the implications of PQC compliance for their solutions. From this they should start to be able to form a picture as to which of their systems may require solution upgrade, or worst case replacement, and from here they'll start to build an initial understanding of the implications and the costs.

      
      

      Furthermore, its important to remember that

Systems are only as strong as their weakest link, so you're still going to be vulnerable to PQC attacks, if you don't ensure that any processes and data you also have running in the cloud (or in your hosted environments), are also quantum-secure.

Zoom, Apple and Microsoft are among some of the 'early' providers who now say their cloud offerings are 'quantum-safe.'

• Establish Day Forwards Compatibility Reviews For All New & Future Systems

• The Health CIO should ensure he thinks in terms of Crypto-agility by design

• Coordinate with Vendors & Partners

  • Don't only require your vendors to disclose their cryptographic practices, but

  • Push for PQC-ready systems for all new third-party systems, especially extending to ensue you have cover for cloud storage, billing platforms, and telehealth solutions.

  • Embed PQC-ready Requirements for all new third-party systems, as a factor or specification for suppliers, into their planning/ procurement for all future IT, including third-party IT solutions, so essentially make PQC compliance a condition of all new supplier contracts; and for purposes of clarity and transparency:

• Require vendors to disclose their cryptographic planning & practices. to ensure that all future IT solution providers have both made their solutions and adopted practices that make them forwards-compatible with PQC, as and when it comes.

• Adopt as a Requirement for all Solution Procurements Include PQC readiness, and practices in procurement and contract terms for all future IT solution, and system procurement.

  • The Health CIO may need to amend, or work with their Trust's legal team to amend their standard contracts terms accordingly, to reflect this, and or also can also consider reviewing the hospitals cyber liability insurance requirements also, as there have been issues with hospitals being unable to secure cover in some cases, statistics have shown

  
  

• Skills & Role Assessment of Team

The Health CIO may also find it necessary to do a skill assessment of his team, to review the bandwidth and capability of his team to support the migration and future maintenance and upgrade schedule. This preliminary check will provide an opportunity to ensure they have access to the correct skills or engages with solution providers to assist and pick up the slack in these areas.

Moreover, National Cyber Security, Centre, (NCSC) has proposed a three step miilestone and timeline to assist organisations with their migrations to PQC technology.

Paradigm Coaching for Health CIO's in Digital Transformation

Additional Resources

The National Cyber Security Centre, (NCSC) intend to have accredited a small group of PQC consultancies by the end of March 2025. Alongside this, they will be running test projects within government focusing on the discovery activities that the NCSC recommends all organisations undertake to understand where and how cryptography is used in all systems - theirs and their suppliers, the technologies that are reliant on it, and the data it protects whether in transit or storage. Paradigm can also provide tailored advice to hospitals in their transition to PQC, also

Conclusion

In concluding, the Health CIO should start to plan, understanding the current cryptographic protections in place, and so that they can

Develop or evolve their future cyber security strategy into a flexible comprehensive strategy for dealing with quantum threats, ensuring they can switch to quantum-resistant algorithms without major disruption, should the need arise.

They can take preliminary steps toward this now by doing things like, starting to identify where their most sensitive data is stored, as well as understanding their System Data flows, infact this requirement, namely to define specifications for all systems data flows, together with details of the system's PQC-compliance could also be incorporated immediately, as standard into future procurement's procedures, for all new third party solution providers. However, the Health CIO should remember that implementing PQC algorithms could potentially have implications for issues like network latency also, that merit closer evaluation in procurement. However, at least initially integrating the evaluation of these requirements into their overall Data Security & IG evaluation for new IT solutions, is possibly the best place to start.

It's particularly important that Health CIO's be careful not to underestimate the time that could be required to implement this migration. The NCSC's stipulation of a 7-10 year lead time may on the surface of it appear generous, (Paradigm would possibly have stipulated 5-10 years). However, they have been keen to stress that they have based their assumptions on validated evidence, so Health CIO's should ideally start to think and plan towards their migrations today, or as soon as possible, and be sure not to underestimate the time and investment entailed in migrating their enterprises to Post-Quantum Cryptography, (PQC) algorithms. A 7-10 year window, should be seen as a minimum requirement for the seamless transition of a large critical enterprise, such as a Trust or large hospital.

Contact Paradigm to see how we can help your Trust plan their PQC Migration: Submit an RFP Request

#DigitalParadigm #FuturistHealthCIO #theideatory

 Preparing for the Quantum Leap: NCSC's Strategy... By Ann Samuels© 2022. This blog is licensed via CC by ND-4.0