The NextGov Quantum Summit, held 27 August 2025, underscored the urgency of preparing government and industry networks for a post-quantum world. Experts from MITRE, the Linux Foundation, Cloudflare, Quantinuum, IBM, DHS/CBP, CISA, and others highlighted both the disruptive risks posed by cryptographically relevant quantum computers and the opportunities to leverage quantum innovations for secure communications and national competitiveness. A recurring theme was the threat of “harvest now, decrypt later” attacks, where adversaries like China may already be stockpiling encrypted U.S. government and commercial data for future decryption. Across sessions, speakers stressed the need for crypto-agility, staged adoption of NIST’s new PQC standards, and early migration of high-value assets, with agencies and enterprises urged not to wait until “Q-Day” to act.

The event also produced several newsworthy disclosures and updates:

• CBP’s Dr. Edward Mays described activites that are occuring not just in his agency, but across government, to ensure PQC deployments, protecting mission-critical trade and border systems that process billions of daily transactions.
• CISA’s Dr. Garfield Jones revealed that by December 2025, CISA will publish a new Product Categories List of PQC-enabled technologies mandated by Executive Orders 14044 and 14306. This list will guide procurement across the federal civilian enterprise, requiring PQC-enabled products for future contracts and effectively phasing out non-compliant technologies by 2035. The draft categories he outlined include:
  • Networking hardware and software
  • Telecommunications hardware
  • Computers (operating systems, hypervisors, containers)
  • Storage area networks (SANs)
  • Cloud services
  • Identity, Credential, and Access Management (ICAM)
  • Collaboration software
  • Database and native management systems (e.g., SQL services)
  • Web software (browsers and servers)
  • Endpoint and enterprise security tools (encryption, antivirus, EDR/EUM, CDM tools)
• Jones also highlighted CISA’s push to bring automated cryptographic discovery tools into agencies, expand outreach to state and local governments, and address long-neglected operational technology (OT) systems such as those powering the electric grid, which often still rely on protocols with no encryption or authentication.
• Cloudflare shared that nearly 40% of its browser traffic already runs over PQC connections, proving deployment is feasible at internet scale. Together, the sessions made clear that the U.S. government sees PQC not as a distant research issue but as an immediate national security priority requiring joint industry-government action today.
• There was some discussion outside of the presentations on the status of the National Quantum Initiative Reauthorization Act. People with knowledge of its status said there is still strong bipartisan support for this and it is expected to pass. It will authorize up to $2.7 billion over five years to extend current programs including expanding NIST quantum centers and additional agency activities (including at NIH, State, SBA).

The entire day was expertly moderated by Tom Suder, an icon in accelerating mission critical technologies into government missions. As founder and President of the ATARC he has played a positive role in bringing the needs of government to industry and insights into the power of great American technology to government, making him the perfect moderator for an event like this.

For more on the topic of quantum security see: Executive’s Guide To Quantum Safe Security: Take these steps to make your enterprise quantum proof

For insights into the foundational concept of quantum computing see: The Executive’s Guide To Quantum Computing: What you need to know for your strategy today