THREAT INTELLIGENCE
Harvest-now, decrypt-later: why the attack is already underway
Nation-state actors are collecting encrypted government traffic today, with the explicit intent to decrypt it once quantum hardware scales.
6 min read
The risk is real, present, and already active.
Nation-state adversaries are conducting harvest-now-decrypt-later operations against Australian government, critical infrastructure networks and organisations. Data encrypted today with RSA or ECC will be decryptable once scaled quantum computers are operational — a capability assessed to arrive within this decade.
The ASD has fixed mandatory milestones: planning complete by 2026, full PQC migration by 2030. Organisations that begin now have time to do this carefully. Those that delay will face compressed timelines, higher cost, and regulatory exposure.
See how we respond01
Encryption collapse
Shor's algorithm renders RSA, ECC, and Diffie-Hellman cryptographically broken at quantum scale — every current-generation secret is exposed the day quantum capability arrives.
02
Stolen secrets
Adversaries are exfiltrating encrypted Australian traffic today, stockpiling it to decrypt the moment quantum capability arrives — long-lived secrets are already compromised.
03
Compliance deadline
Commonwealth agencies face fixed ASD milestones: PQC planning complete by 2026, full migration by 2030. Organisations that delay face compressed timelines and regulatory exposure.
04
Supply-chain exposure
Cryptographic dependencies reach deep into every vendor, SaaS platform and infrastructure component — each an unmanaged pathway for compromise that your organisation is accountable for.
Five streams — one authoritative PQC transition plan.
View all
Start with a 60-minute briefing.
We walk your executive team through the threat model, the ASD timeline, and what an execution-ready transition plan looks like for your estate. No sales follow-up. Delivered by practitioners.