The scenarios in this series are fictional but grounded in real capabilities and documented risk patterns. They're designed to provoke discussion, not predict specific events. Hover any dotted term for context.
Red Team Scenario #002 — Intelligence (Quantum / Cryptographic Security)
Time horizon: ~14 months out (set July 17, 2027). Capability profile: A claimed CRQC, HNDL targeting, mid-stage U.S. PQC migration, AI-assisted document forensics under time pressure.
Situation Briefing
It is Saturday, July 17, 2027, 11:20 PM Eastern. Seventy-two hours ago, a Mandarin-language internal document surfaced in the inbox of a Taiwan-based defector, an MSS-adjacent cryptographer who walked in to AIT Taipei nine days ago. CIA's Asia Mission Center has translated and authenticated the document's stylistic markers; NSA Q-Group is running technical validation in parallel.
The document, marked 机密 (Secret) and bearing what appear to be genuine PLA Strategic Support Force registration numbers, asserts that a joint PLASSF/MSS quantum facility in Hefei achieved stable error-corrected operation above the surface-code threshold in March 2027 and has since used the system to decrypt a defined set of historical U.S. and allied communications.
To prove the claim, the document quotes — verbatim, including a unique typographical anomaly — a U.S. State Department cable from August 14, 2019, encrypted in transit using an RSA-2048-based key exchange, which has never been declassified or otherwise released. NSA confirms the cable is real and the quoted text is accurate to the character.
If the claim is true, the implications are roughly these:
- A decade of harvested encrypted intercepts — from State, DoD, DOE, FBI, Treasury, and the Agency — becomes retroactively readable. This includes raw FISA collection, EO 12333 collection on U.S. persons captured incidentally, allied liaison product, and source identities for ongoing HUMINT operations.
- The PQC migration, mandated by NSM-10 and accelerated under the 2025 Crypto Modernization Order, is at 41% completion across federal high-value systems, 12% across state/local government, and an estimated 23% across designated critical infrastructure. Private sector compliance is wildly uneven; most major banks are at 50–70%, most utilities are below 20%.
- Allied PQC posture is non-uniform. UK is at 58%; Canada 47%; Australia 22%; New Zealand 18%. Five Eyes liaison comms in 2018–2024 used a shared key infrastructure that is fully exposed if the claim is real.
The defector has failed two of seven polygraph items. Linguistic analysis flags the document as 88% likely to be MSS-internal-style; the 12% residual is consistent with either (a) a deliberate plant prepared by someone with MSS document access, or (b) an MSS document that was deliberately drafted to be discoverable.
You are the Director of National Intelligence. POTUS wants a recommendation by Tuesday 10:00 AM.
Decision Point
Complicating Factors
The 2019 cable is real, and that fact has two readings. Either Beijing decrypted it (consistent with CRQC), or Beijing acquired it through traditional means and is now using it as the evidentiary kernel of a fabricated quantum claim. The second interpretation would itself constitute a major counterintelligence failure, traceable to a still-active source.
The bank anomaly. In March 2027, a U.S. money-center bank ran a closed test of its hybrid PQC-protected interbank transaction layer and observed unexplained signature anomalies in 0.4% of test traffic. The bank classified the result as a vendor implementation bug and did not report. Treasury learned of it forty-eight hours ago through an unrelated examination. The anomaly is consistent with a quantum attack on the legacy half of the hybrid stack — or with a routine vendor bug. There is no time to disentangle the two.
Bimodal IC confidence. NSA Q-Group assesses the underlying CRQC claim at 32% likely true. CIA's Open Source Enterprise — relying on patent filings, semiconductor supply chain signals, and travel pattern analysis of relevant PRC researchers — assesses 61% likely true. The error bars on both are unusually wide. No reconciliation is possible inside the 72-hour window.
Allied initiative. Israel's Unit 8200 reached out at 16:00 Eastern with parallel intelligence pointing in the same direction, derived from a separate source. They want to coordinate a joint response posture before disclosure. Their handling standards diverge from ours in specific, known ways. The U.K. has not yet been read in.
Hill exposure. Two SSCI members were briefed in summary form yesterday under the Gang of Eight protocol. One has retained the right to deliver a public statement on national security grounds if she judges the executive response inadequate. Her staff is already drafting.
Market pressure. Quantum-pure-play equities (IonQ, Rigetti, D-Wave) are up 19% on a Reuters report citing "unconfirmed Asia-Pacific quantum developments." PQC vendors (PQShield, SandboxAQ, ISARA-derived stacks) are up 31%. If a leak from any other channel — Hill, ally, contractor — surfaces in the next 96 hours, there is a non-trivial probability of a flight-to-quality dislocation in Treasuries.
The civil-liberties detonation. A non-trivial portion of FISA Section 702 and Executive Order 12333 collection from 2017–2025 is held encrypted at rest under algorithms that, if the claim is real, are now plaintext to Beijing. This includes incidentally collected U.S.-person communications under minimization regimes that assumed the encryption layer would protect against future compromise. The 2027 reauthorization debate is live in committee. A leak — or a public announcement — would touch a third rail with both ends grounded.
The Australia problem. AUS PQC posture is the weakest in Five Eyes. AUKUS pillar-two communications used a shared key infrastructure in 2022–2024 that is highly exposed. The Australian PM is on a state visit to New Delhi until Wednesday. Time-zone-adjusted notification windows for Canberra are unfavorable.
Discussion Questions
- The verification-cost asymmetry. Every day spent verifying is a day the adversary processes more of the harvested archive. Every day acting on unverified intelligence risks a market dislocation, allied alarm, and a credibility loss that compounds. The asymmetry favors action only if the leak is real. How do you reason about a decision whose cost structure is determined by the variable you cannot observe?
- Bluff specificity. The leak is specific — a real cable, quoted to the character. A bluff in response (Option C) becomes catastrophically harder when the adversary has already proven their claim. Or does the specificity of the leak make it precisely the right place to bluff back, since the adversary now expects a confident response and nothing else? Where does deception logic meet escalation logic?
- Retroactive notification. If HUMINT identities, sensitive sources, allied liaison product, and U.S.-person communications collected over a decade are now retrospectively exposed, who is owed notice and in what order? Affected sources (some of whom may be recallable, most of whom are not). Affected allies. Affected oversight committees. Affected courts that issued the underlying FISA orders. Affected U.S. persons whose minimization assumptions just inverted. The notification sequence is itself a national security decision.
- The 702 collision. Section 702 reauthorization is in active committee. Disclosure that a decade of 702 collection is potentially exposed would arrive with explosive political force in either direction — strengthening the case for reauthorization (defense-in-depth requires more, not less) or shattering it (the program's harms are now concrete and historical). Does the executive get to control the timing of that disclosure relative to the reauthorization vote?
- The Five Eyes notification order. The harm asymmetry across allies is large. Australia, with the weakest PQC posture and the heaviest AUKUS exposure, is most damaged by silence and most exposed by disclosure. Israel, not a Five Eyes member, is offering coordination. The U.K., a closer partner with a stronger crypto posture, has not yet been read in. What is the obligation order when standard protocol and operational logic point in different directions?
Anna's Read
Three trends worth surfacing for the audience this letter serves:
One — quantum collection is hard. The people who would know whether a CRQC has been achieved number in the low thousands globally; the subset working on PRC programs is small and embedded in environments where traditional collection is degraded. We are entering a period where intelligence on adversary cryptanalytic capability will routinely arrive with confidence intervals so wide they straddle action thresholds in both directions. This will not improve.
Two — HNDL is the one cybersecurity threat that gets worse the longer you wait, and the countermeasure is never economically rational at the moment of decision. PQC migration is expensive, slow, breaks compatibility, and yields no measurable benefit until the day it does. Every fiscal cycle since 2022 has produced a rational case to defer some increment of migration. Those increments compound. The bill, if presented, is presented as a single line.
Three — the bluff option deserves its own seat at the table. Strategic ambiguity about U.S. capability has been a load-bearing feature of cryptanalytic deterrence for seven decades. We should not let the factuality of our quantum posture distort our analysis of whether implied posture can carry deterrent weight. But the bluff is a checkout-only line: once called, you cannot unbluff, and the cost of being called is the loss of the deterrent value of every prior credibility deposit.
The reason this scenario is hard is that it tests whether an executive can take a costly, possibly-wrong action on irreducibly ambiguous intelligence — without the post-hoc validation that wartime decisions eventually get. If the leak is a plant, you panicked markets, exposed your migration posture, and burned a year of credibility with the Hill. If the leak is real and you waited 30 days to verify, you handed the adversary a final month of unobstructed processing on an archive that contains the past decade of American foreign policy.
There is also a quieter question underneath the loud ones. Section 702 was authorized on the implicit assumption that the encryption layer would eventually protect collected data from indefinite-future adversary access. That assumption is now probabilistically defective. The reauthorization debate cannot be the same conversation it was in 2024 — and the executive has limited ability to control whether it changes through orderly disclosure or through leak.
I would value sharp pushback from staff on SSCI, HPSCI, House Q-Caucus, the National Quantum Initiative oversight subcommittee, and SVC counsel. This scenario has direct implications for FY28 IC topline, the Vulnerability Equities Process, and the 2027 Section 702 reauthorization sequencing. If your principal would weight any of the four options differently, I would like to know which complicating factor moved them.
Replies, corrections, and "you're missing X" responses welcome — including from quantum hardware folks who think the timeline is wrong. — A.D.
Related Briefings
Anna R. Dudley writes about AI, intelligence policy, and the procurement decisions being made faster than the public-policy debate that is supposed to constrain them. Red Team Scenarios is the series for the call you don't want to take. Subscribe at annardudley.substack.com.