All Briefings | Red Team Scenarios
June 28, 2026
Red Team Scenarios

Harvest Now, Decrypt Later

Red Team Scenarios play the adversary's hand so the defender does not have to learn it the hard way. This one comes with a simulator you can run from either chair.

The Threat: Harvest Now, Decrypt Later

Start with the adversary's logic, because it is simpler than the cryptography. A foreign intelligence service does not need to break your encryption today. It needs to copy your encrypted traffic today and keep it. The decryption happens later, once a cryptographically relevant quantum computer exists. The collection happens now, while it is cheap and deniable.

That is harvest now, decrypt later, and the U.S. intelligence community treats it as a current activity rather than a future one. The NSA, CISA, and FBI have all framed it that way.

The target is not your tactical chatter, which is worthless in ten years. It is anything whose confidentiality has to hold for a long time: diplomatic cables, the identities of human sources, weapons designs, genomic and biometric records. Those secrets are worth stealing today even if the break is a decade out.

The Math: Mosca's Inequality

There is a clean way to know whether you are exposed, and it does not require predicting Q-Day. Michele Mosca's inequality adds the years your data must stay secret to the years it takes you to migrate to quantum-safe cryptography. If that sum is greater than the years until Q-Day, you are already exposed.

X + Y > Z
X = how long your data must stay secret  ·  Y = how long migration takes  ·  Z = time until Q-Day

That is the whole risk model. You do not need a date for Z. You need to notice that X and Y are large, fixed, and mostly out of your control, while Z keeps getting shorter.

It got shorter again last year. In May 2025, Google's Craig Gidney showed that breaking RSA-2048 might take under a million noisy qubits, roughly a twentieth of his own 2019 estimate. No new hardware shipped. The cryptanalytic bar simply dropped.

What Changed: The June 22 Orders

The federal government has now written that math into policy. Executive Order 14412, signed June 22, sets the deadlines: high-value federal systems migrate to post-quantum key establishment by the end of 2030, and to post-quantum signatures by the end of 2031. The companion quantum order pushes the offensive side of the equation; the migration order is the defensive clock. The algorithms are already standardized. NIST finalized them in 2024 as FIPS 203, 204, and 205.

This is not the first move. NSA's CNSA 2.0 expects new national-security systems to support post-quantum cryptography from 2027. NSM-10 has required agencies to inventory their quantum-vulnerable systems since 2022, on the theory that you cannot migrate what you cannot find.

The orders are a defensive clock. The point of this briefing is that the offensive clock started earlier.

The Red Team: Play Both Sides

The inequality is easier to feel than to read, so I built a simulator for it. You can run it from either chair.

As the adversary, you choose what to harvest and bank today under a real collection budget, then watch which secrets still matter when the break finally lands. As the defender, you allocate scarce migration effort against the executive-order deadlines and find out which systems X plus Y leaves exposed. Same clock, two seats.

Play the Q-Day Red Team

Anna's Read: The Clock Already Started

Treating Q-Day as a future problem, a line item for the 2030 budget cycle, fails the math. If a secret you are protecting today has to stay secret past roughly 2030, and your migration will take years, then an adversary harvesting it now will be able to read it in time. The exposure is not coming. It is banked.

My read: the executive-order deadlines are right to be aggressive, and they are still a defensive response to a collection campaign that does not announce itself. The honest planning assumption is that long-lived secrets sent under classical encryption today should be treated as compromised on a long enough timeline. Q-Day is not the day you lose them. It is the day someone else reads what they already took.

What to watch: the 2027 CNSA 2.0 gate for national-security systems, whether agencies actually finish their NSM-10 inventories, and whether the next cryptanalysis result shortens Z again.

Sources

  • NIST, "Post-Quantum Cryptography," including FIPS 203, 204, and 205. csrc.nist.gov
  • The White House, "Securing the Nation Against Advanced Cryptographic Attacks," June 2026. whitehouse.gov
  • The White House, "Ushering in the Next Frontier of Quantum Innovation," June 2026. whitehouse.gov
  • OMB Memorandum M-23-02, "Migrating to Post-Quantum Cryptography," November 18, 2022. whitehouse.gov
  • Craig Gidney, "How to factor 2048 bit RSA integers with less than a million noisy qubits," May 2025. arxiv.org
  • NIST, "What Is Post-Quantum Cryptography?" nist.gov

Related

Interactive
The Q-Day Red Team
Run the inequality yourself. Harvest as the adversary, or migrate as the defender, against the same Q-Day clock.
Interactive
PQC Decision Clock
The migration countdown for post-quantum cryptography, deadline by deadline.
Interactive
PQC Migration Scoreboard
Who is on track to meet the post-quantum deadlines, and who is not.

Anna R. Dudley writes on national security, intelligence policy, and the systems that decide them. Red Team Scenarios is the series that plays the adversary's hand so the defender does not have to learn it the hard way. Subscribe at annardudley.substack.com.

Back to Briefings
Copied to clipboard