As massive enterprises modernize their networks for the AI period, one problem stands out: the looming threat posed by quantum computing. At Cisco Dwell 2026 Amsterdam, Cisco responded by introducing what we describe as the business’s first full-stack post-quantum cryptography (PQC) structure.
This answer applies quantum-safe cryptography throughout each layer—from machine integrity at boot to information in transit safety for essential connections—utilizing Nationwide Institute of Requirements and Know-how (NIST)-approved quantum-resistant algorithms. For community engineers and safety architects, this marks probably the most important cryptographic leap in additional than 20 years.
Understanding the cryptographic problem
PQC addresses a structural weak point uncovered by quantum computing in fashionable cryptography. Whereas sturdy symmetric encryption resembling Superior Encryption Commonplace-Galois/Counter Mode (AES‑GCM) might already be in place to guard information, the cryptographic mechanisms used to set up and alternate these encryption keys are anticipated to turn out to be weak to quantum-based assaults.
For giant-scale organizations working huge, multisite networks, this vulnerability represents not only a technical concern however a enterprise continuity threat. Algorithms resembling Rivest–Shamir–Adleman (RSA) and Elliptic Curve Cryptography (ECC) stay safe towards classical computing however is not going to face up to cryptographically related quantum computer systems—techniques highly effective sufficient to interrupt as we speak’s extensively deployed public-key cryptography.
The rising risk of harvest now, decrypt later
This weak point is what makes the harvest now, decrypt later (HNDL) risk so severe. Delicate encrypted information is already being collected at scale throughout enterprise networks and digital companies. Whereas this information stays protected as we speak, it’s being retained by attackers with the expectation that quantum computer systems will expose it. When a cryptographically related quantum laptop emerges, years of gathered information might be uncovered without delay, making a long-term threat for organizations that don’t act now.
The increasing scope of the threat
This threat spans each main safety area. At the moment, an attacker can obtain a signed working system picture and extract the general public keys used to confirm it. Whereas benign for now, this adjustments in a quantum future. As soon as quantum computer systems can defeat as we speak’s code‑signing cryptography, an attacker may compromise a vendor’s non-public signing keys and use them to insert backdoors or malware into bootloaders and working techniques that also seem absolutely trusted.
The identical threat applies to encrypted community communications. Encrypted information over Web Protocol Safety (IPsec) or Media Entry Management Safety (MACsec) could be collected and saved as we speak with out being readable. When quantum computer systems turn out to be obtainable, the public-key cryptography used to set up session keys could be damaged, permitting beforehand captured information to be decrypted lengthy after it was transmitted.
Why a full-stack architectural strategy is crucial
Addressing this threat is just not confined to any single safety management, protocol, or layer. It requires a full-stack architectural strategy that applies quantum‑protected cryptography constantly throughout machine integrity and community communications.
The Cisco full-stack PQC structure is constructed round this precept: shield what runs (machine integrity) and what flows (information in transit) with quantum-safe cryptography utilized finish to finish. Safety begins earlier than the working system even masses, with Cisco Safe Boot establishing a quantum‑protected chain of belief for Cisco C9000 Sensible Switches from the second they energy on. By cryptographically validating every stage of the boot course of with quantum-resistant algorithmsit ensures that solely verified software program runs, making a stable and safe basis for community operations.
That very same architectural precept applies to how information strikes throughout the community. From IPsec tunnels connecting branches to MACsec securing the campus, Cisco integrates quantum‑resistant key alternate instantly into essential community protocols. The result’s constant, quantum‑protected safety throughout the total know-how stack with out requiring disruptive adjustments to community design or operations.
For massive enterprise networks—the place real-time collaboration, AI-driven automation, and high-value information flows are the norm—this “safety fused into the community” mannequin is crucial for digital resilience at scale.
Engineering for resilience begins now
For IT leaders managing massive enterprise infrastructures, the most secure time to construct quantum resistance into the stack is throughout ongoing improve cycles—not after the risk turns into pressing.
Begin by auditing present machine authentication and encryption workflows to pinpoint dependencies on RSA- and ECC-based algorithms. Prioritize upgrades to platforms supporting full-stack PQC, guaranteeing each machine integrity and community visitors are secured towards quantum threats.
With quantum-resilient networking as a core functionality, enterprises can confidently deploy AI-driven purposes, keep uninterrupted operations, and mitigate dangers from quickly advancing cyberthreats.
Full-stack PQC is the new actuality for enterprise safety
Full-stack PQC is not a speculative idea; it’s physics. The transition to Cisco IOS XE 26 represents a maturing of the safety panorama by which we cease assuming our encryption is unbreakable and begin engineering for a world the place it isn’t.
Whether or not you might be defending towards HNDL assaults as we speak or getting ready for compliance with the NSA’s CNSA 2.0 timeline, the trail ahead is obvious. The quantum clock is ticking, and the time to behave is now.
Uncover how Cisco is modernizing networking for the AI period with quantum-resilient community safety at each layer. Go to our AI-ready safe community structure website to discover the newest improvements in safe networking.
Discover our AI-ready safe community structure to see how we’re redefining the way forward for safe connectivity.
