THE QUANTUM INTELLIGENCER

INTELLIGENCE BRIEFING: Pentagon Orders Full-Scale Post-Quantum Cryptography Transition by 2030 Executive Summary: The Department of Defense (DOD), under a directive from Acting CIO Katie Arrington, has mandated a rapid shift to post-quantum cryptography across all military systems. Issued November 18 and now public, the memo requires all DOD components—including combatant commands—to inventory current cryptographic use, appoint PQC transition leads, and phase out vulnerable pre-shared key and symmetric key protocols by 2030. Quantum-based security technologies such as QKD are restricted without exception. Coordination with NSA, DISA, and the DOD PQC Directorate is required, with strict reporting and artifact collection for all PQC-related activities. This marks a pivotal move to safeguard national security systems against future quantum attacks (MeriTalk, 2026). Primary Indicators: - Pentagon mandates full transition to post-quantum cryptography - Acting CIO Katie Arrington issues binding directive - All DOD components must inventory cryptographic systems by organization, including weapons, cloud, IoT, and mobile - PQC migration leads required within 20 days - Phase-out of pre-shared key and symmetric key protocols by end of 2030 - Quantum key distribution and quantum randomness generation banned for security functions without exception - Testing or procurement of commercial quantum-resistant solutions prohibited - Coordination mandated with NSA, DISA, and DOD PQC Directorate - Systems using symmetric key distribution before 2010 exempt but encouraged to upgrade Recommended Actions: - Appoint PQC transition leads immediately across all defense components - Conduct comprehensive cryptographic inventory within 20 days - Submit contact lists of subordinate organizations to central command - Begin evaluating NIST-standardized PQC algorithms for integration - Halt procurement of non-compliant quantum-based security technologies - Establish secure artifact repositories for PQC testing and acquisition - Coordinate with NSA and DISA on compliance frameworks - Prioritize migration of high-value national security systems - Review legacy symmetric key systems for phased modernization Risk Assessment: The quantum threat is no longer theoretical—it is operational. Every encrypted communication, weapon system, and classified network within the DOD now exists on borrowed time. The failure to migrate before 2030 will leave critical infrastructure exposed to retroactive decryption by adversarial quantum actors. This directive is not a recommendation; it is a last line of defense. Those who delay will be complicit in the compromise. The exemption for pre-2010 symmetric systems is a necessary concession, but also a vulnerability magnet. Trust no key, no channel, no device—unless it is post-quantum hardened. The clock is not ticking. It has already struck. —Ada H. Pemberley Dispatch from The Prepared E0