Logo
Cybersecurity

Post-Quantum Cryptography Readiness with ITSEC

Discover how ITSEC helps organisations prepare for the post-quantum era with future-proof cryptography and cyber resilience strategies.

ITSEC AsiaITSEC Asia
|
Jul 07, 2025
Post-Quantum Cryptography Readiness with ITSEC

For decades, public-key cryptography has been the backbone of protecting sensitive information, such as financial transactions, personal data, corporate communications, and government secrets. Whether logging into a secure banking app, shopping online, or browsing encrypted websites (like HTTPS), public key infrastructure (PKI) protects your data from cybercriminals. However, the rise of quantum computing introduces transformative and potentially disruptive challenge to this foundation of digital trust.

The Quantum Revolution

Quantum computers can perform complex computations faster than even the most advanced current supercomputers. While this capability promises breakthroughs in drug discovery and healthcare, materials science or Artificial Intelligence (AI), it also poses a significant threat to current cryptographic systems. Quantum computers could break widely used publickey cryptographic systems (e.g., RSA, ECC), compromising critical infrastructure security such as energy grids, financial systems, and sensitive government communication networks.

Compromised public-key cryptography could lead to forged digital certificates or signatures, undermining trust in banking, healthcare, and government services. Quantum cryptography attacks could also compromise billions of connected devices, from smart homes to Industrial Control Systems (ICS), by breaking traditional encryption used in secure communication.

Furthermore, cyber criminals and government adversaries could use “harvest now, decrypt later” attacks, where adversaries collect encrypted data today for decryption when quantum computers become available. This could affect all the critical infrastructure, which also often handles sensitive data with long-term confidentiality needs (e.g. medical records, state secrets). Experts predict that “Q-Day”, when quantum computers crack current encryption, may arrive within a decade. This has spurred global efforts to develop and implement post-quantum cryptography, new encryption algorithms designed to resist quantum attacks.

Global Efforts to Prepare for Post-Quantum Cryptography

Governments worldwide are already taking proactive steps to counter the threats of Quantum Computing to cybersecurity. In the US, the Quantum Computing Cybersecurity Preparedness Act (H.R.7535), signed into law on December 21, 2022, as Public Law 117-260, aims to encourage federal agencies to migrate their information technology systems to post-quantum cryptography (PQC) to protect against future quantum computing threats. It mandates agencies to assess vulnerabilities, maintain inventories of quantum-vulnerable systems, and develop strategies for PQC adoption. 

Furthermore, the Cybersecurity and Infrastructure Security Agency (CISA) launched a PQC Initiative in July 2023 to support critical infrastructure with risk assessments and transition planning. CISA has provided resources for cryptographic inventorying and testing PQC algorithms, indicating ongoing compliance efforts with H.R.7535. 

The National Institute of Standards and Technology (NIST) finalised three PQC standards (FIPS 203, 204, 205) on August 13, 2024. A fourth standard (HQC) was selected for standardisation on March 11, 2025. NIST encourages immediate transition to these standards.

The US National Security Agency mandates PQC for software and firmware updates by 2025. By 2030, all cryptographic systems within the scope of CNSA 2.0 must exclusively use PQC algorithms, phasing out legacy algorithms (e.g., RSA, ECC) vulnerable to quantum attacks.

In the European Union, the Commission Recommendation (EU) 2024/1101, adopted on April 11, 2024, urges EU Member States to develop consistent strategies for adopting PQC to secure digital infrastructures and services in public administrations and critical infrastructure. Southeast Asia’s first National Quantum-Safe Network Plus (NQSN+) was launched in Singapore in 2023 as part of Singapore’s Digital Connectivity Blueprint. NQSN+ aims to build a quantum-safe communication infrastructure by 2030. It combines PQC, which upgrades software with quantum-resistant algorithms, and Quantum Key Distribution (QKD), a hardwarebased approach for secure key sharing. 

In 2024, the Monetary Authority of Singapore (MAS) and Banque de France conducted a groundbreaking PQC experiment, successfully using quantum-resistant (PQC) algorithms (CRYSTALS-Dilithium and CRYSTALS-Kyber) to sign and encrypt email. In 2024, MAS also issued an advisory (MAS/TCRS/2024/01) urging financial institutions to prepare for quantum risks by maintaining cryptographic inventories, conducting risk assessments, and adopting PQC solutions. 

Singapore is also monitoring progress on NIST post-quantum cryptography and set to roll out its own standard from 2025. (reference: https://www.reedsmith.com/en/perspectives/2024/12/csa-to-roll-out-quantum-security-guidelines-from-2025

Meanwhile, Indonesia’s PQC efforts are in early stages compared to Singapore’s more structured initiatives. In May 2025, the Indonesian Defense University (Unhan RI) inaugurated the Center for Quantum Security Ecosystem (CQSE), and, at the same event, released a Quantum-Security Roadmap 2025-2030: Phase 1 (2025-27), creating a joint Unhan, BRIN, BSSN and TNI research hub and pilots of Quantum VPN for secret government and military communications. Phase 2 (2027- 30) extends post-quantum cryptography and quantum-key-distribution across the national strategic network.

The Quantum Revolution

PT ITSEC Asia Tbk (CYBR), a leading cybersecurity firm listed on the Indonesian Stock Exchange, is pioneering the integration of post-quantum cryptography (PQC) solutions and research in Indonesia and the Asia Pacific region

ITSEC’s PQC Strategy Includes:

Research and Testing

Partnering with global tech firms and academic institutions, ITSEC develops PoCs to validate PQC algorithms and solutions such as Quantum Entropy Appliances, Quantum Entropy-as-a-Service, and Digital Quantum Key Distribution (DQKD) products. ITSEC conducts controlled PoC implementations to showcase PQC integration in real-world applications like secure communications, financial transactions, and data storage.

Training and Capacity Building

Through ITSEC Cyber Academy, launched in 2025, ITSEC offers PQCfocused training tied to PoC outcomes, equipping Indonesian IT professionals with skills to adopt quantum-safe standards. 

Industry Awareness

ITSEC promotes PQC through PoC demonstrations at industry forums, media, and conferences (e.g., ITSEC Cybersecurity Summit 2025), highlighting the need for quantum readiness

ITSEC’s PQC efforts align with Indonesia’s growing effortsin quantum-safe cybersecurity.

Share this post

You may also like

Data Protection and Cybersecurity Laws in the Asia-Pacific Region
Cybersecurity

Data Protection and Cybersecurity Laws in the Asia-Pacific Region

Info

Apart from sales and trade, the majority of internet users utilize it for socializing and interacting with peers online. For instance, there were 3.8 billion social media users in January 2020, which represents a 9 percent increase from the previous year. The advancements in internet and related communication technologies enable easy access to information from anywhere on the planet. For example, an online merchant operating in Thailand can offer their services to customers residing in the European Union and the United States. In order to address the dissemination of personal information, including financial, medical, and other types of personal data, worldwide through the internet, appropriate legal regulations need to be established to protect the personal data of citizens and the digital assets of organizations while working online. Following the implementation of the General Data Protection Regulation (GDPR) in the European Union (which came into effect on May 25, 2018), which governs data protection and privacy in EU countries and regulates the transfer of personal data outside the European Union and

|
Jul 10, 2023 11 minutes read
Top Five Cybersecurity Threats to Small Business Owners
Cybersecurity

Top Five Cybersecurity Threats to Small Business Owners

According to a recent Verizon Data Breach Investigations Report, over the past two years, small and medium-sized businesses have become the primary target of cybercriminals, and they are now more affected by cyber breaches than large-scale businesses. Cyberattacks on SMEs have increased because cybercriminals have predicted that small and medium-sized enterprises have fewer resources to dedicate to their security. Most SMEs lack dedicated security professionals, and they are too small to afford them. This makes them vulnerable and easy targets for cybercriminals. In this context, neglecting security is no longer an option, and the assumption that your business is too small to attract the interest of cybercriminals is unrealistic. TOP FIVE CYBER THREATS AFFECTING SMALL AND MEDIUM-SIZED ENTERPRISES Incompatible Operating Systems and Software: Ensure that your computers and the software running on them are up to date. This is crucial and forms a solid foundation for good security practices. Hackers exploit vulnerabilities in outdated software and operating systems, often infiltrating organizations. Failing to apply software and operating system updates when they

|
Jul 20, 2023 5 minutes read
Four Strong Reasons to Use an MSSP
Cybersecurity

Four Strong Reasons to Use an MSSP

Test

The multitude of challenges to be faced is the main reason why most organizations today are turning to managed security service providers (MSSPs) to help them address these issues. The challenges of strengthening human resources, processes, and technologies as efforts to secure their intellectual property and data appropriately, while still complying with cybersecurity regulations, can be a daunting task even for well-managed IT departments. With these considerations in mind, here are four main reasons why I prefer MSSPs over in-house security. USING MSSP SAVES YOU MONEY Building, running, and maintaining a cybersecurity ecosystem comes with significant costs. One of the reasons is that many software solutions require specialized hardware and equipment to run, and they often come with recurring licensing costs. Additionally, the salaries of cybersecurity employees and the training they need to effectively utilize new tools and technologies add to the expenses. One of the CFO's favorite aspects of using MSSP is that it can replace the capital expenditures often needed to add new tools with a large

|
Jul 10, 2023 5 minutes read

Receive weekly
updates on new posts

Subscribe
Logo
Indonesia

Noble House, Level 11
Jakarta 12950, Indonesia

Singapore

112 Robinson Road, #11-04
Singapore 068902

Australia

Level 18, 390 St Kilda Road
Melbourne Victoria 3004

United Arab Emirates

Golden Mile 4, Office 13, Floor M,
Palm Jumeirah, Dubai, United Arab Emirates

Mauritius

The Catalyst Building, Ground Floor, Lot 40,
Silicon Avenue Ebene, Mauritius

Services

Copyright © ITSEC 2025 | All Rights Reserved