DoW PQC Strategic Path

The Department of War (DoW) Chief Information Officer, Honorable Kirsten Davies, has officially released the DoW Post-Quantum Cryptography (PQC) Strategy, a comprehensive national security blueprint designed to systematically eliminate asymmetric cryptographic vulnerabilities across all military operating domains. Formulated in direct alignment with Presidential Executive Order 14409 (Securing the Nation Against Advanced Cryptographic Attacks), the defensive mandate enforces an enterprise-wide timeline requiring all high-impact National Security Systems (NSS) and non-NSS infrastructures to fully support quantum-resistant primitives by December 31, 2030, with absolute transition across the entire force by December 31, 2031. Systems failing to meet these strict implementation gates will be retired or phased out.

                    [ DoW Quantum Modernization Timeline ]
[ April 2026 Strategy Release ] ──► [ Dec 2030: Complete PQC Support ] ──► [ Dec 2031: 100% PQC Enforcement ]
                                     All non-compliant systems phased out.  CNSA 2.0 / NIST mandatory suite.

Neutralizing Existential Vulnerabilities and Mandating Absolute Deprecation

The strategy transitions the Department of War from an exploratory posture to an active hardening paradigm to counter Cryptographically Relevant Quantum Computers (CRQCs) operated by peer adversaries. Defense planners warn that state-sponsored entities are aggressively conducting “Harvest Now, Decrypt Later” operations—intercepting and storing encrypted tactical radio, satellite communications (SATCOM), and command and control (C2) traffic to decode it once high-qubit fault-tolerant systems emerge. The blueprint establishes that true quantum readiness is not achieved merely by rolling out new algorithms, but by the complete deprecation of legacy algorithms across data pathways, software supply chains, and storage systems.

Critically, the strategy explicitly bans several technical approaches from being classified as valid quantum-safe solutions. Honorable Kirsten Davies’ directive mandates that increase of legacy key sizes, proxy-only overlay patches, and quantum communication technologies—such as Quantum Key Distribution (QKD), quantum networking, and non-local quantum randomness generation—will not be accepted as security solutions for confidentiality or authentication. For high-assurance classification environments, all encryption devices must upgrade to the National Security Agency (NSA) Commercial National Security Algorithm Suite 2.0 (CNSA 2.0), utilizing asymmetric post-quantum algorithms for key establishment while completely phasing out commercial pre-shared key (PSK) architectures.

                                [ Explicit Security Exclusions ]
Banned Workarounds ──► QKD / Quantum Networks, Non-Local Randomness, Symmetric PSKs, Proxy-Only Layers
Approved Pathway   ──► Native Asymmetric PQC Algorithms, CNSA 2.0 Integration, KMI-Provisioned Modules

The Dual-Track Strategic Path and Five Lines of Effort (LoEs)

To manage this complex technological overhaul without degrading ongoing joint force lethality, the DoW is splitting system upgrades into two parallel acquisition pathways coordinated under a centralized governance task force:

These tracks are executed across five specialized Lines of Effort (LoEs):

  1. PQC Governance and Integration to optimize funding streams and enable certification reciprocity.
  2. Cryptographic Inventory and Planning to discover legacy dependencies using Automated Cryptography Discovery and Inventory (ACDI) tools.
  3. Develop and Analyze to partner with international bodies like NATO and the Internet Engineering Task Force (IETF) to promote cryptographic agility.
  4. Integrate Commercial Solutions to upgrade enterprise DoW PKI, firmware signatures, and operating systems.
  5. PQC Migration and Fielding to physically deploy ruggedized quantum-safe hardware across space platforms, tactical data links, telephony, and unmanned autonomous edge devices.

The complete, unabridged cryptographic migration framework, high-assurance implementation guidelines, and acronym indices can be reviewed in the official Department of War Post-Quantum Cryptography Strategy Paper here. Statutory project execution timelines and executive policy announcements can be audited via the Department of War Chief Information Officer Press Room here.

July 1, 2026