Logo
Cybersecurity

Post-Quantum Cryptography Readiness with ITSEC

Discover how ITSEC helps organisations prepare for the post-quantum era with future-proof cryptography and cyber resilience strategies.

ITSEC AsiaITSEC Asia
|
Jul 11, 2025
Post-Quantum Cryptography Readiness with ITSEC

For decades, public-key cryptography has been the backbone of protecting sensitive information, such as financial transactions, personal data, corporate communications, and government secrets. Whether logging into a secure banking app, shopping online, or browsing encrypted websites (like HTTPS), public key infrastructure (PKI) protects your data from cybercriminals. However, the rise of quantum computing introduces transformative and potentially disruptive challenge to this foundation of digital trust.

The Quantum Revolution

Quantum computers can perform complex computations faster than even the most advanced current supercomputers. While this capability promises breakthroughs in drug discovery and healthcare, materials science or Artificial Intelligence (AI), it also poses a significant threat to current cryptographic systems. Quantum computers could break widely used publickey cryptographic systems (e.g., RSA, ECC), compromising critical infrastructure security such as energy grids, financial systems, and sensitive government communication networks.

Compromised public-key cryptography could lead to forged digital certificates or signatures, undermining trust in banking, healthcare, and government services. Quantum cryptography attacks could also compromise billions of connected devices, from smart homes to Industrial Control Systems (ICS), by breaking traditional encryption used in secure communication.

Furthermore, cyber criminals and government adversaries could use “harvest now, decrypt later” attacks, where adversaries collect encrypted data today for decryption when quantum computers become available. This could affect all the critical infrastructure, which also often handles sensitive data with long-term confidentiality needs (e.g. medical records, state secrets). Experts predict that “Q-Day”, when quantum computers crack current encryption, may arrive within a decade. This has spurred global efforts to develop and implement post-quantum cryptography, new encryption algorithms designed to resist quantum attacks.

Global Efforts to Prepare for Post-Quantum Cryptography

Governments worldwide are already taking proactive steps to counter the threats of Quantum Computing to cybersecurity. In the US, the Quantum Computing Cybersecurity Preparedness Act (H.R.7535), signed into law on December 21, 2022, as Public Law 117-260, aims to encourage federal agencies to migrate their information technology systems to post-quantum cryptography (PQC) to protect against future quantum computing threats. It mandates agencies to assess vulnerabilities, maintain inventories of quantum-vulnerable systems, and develop strategies for PQC adoption. 

Furthermore, the Cybersecurity and Infrastructure Security Agency (CISA) launched a PQC Initiative in July 2023 to support critical infrastructure with risk assessments and transition planning. CISA has provided resources for cryptographic inventorying and testing PQC algorithms, indicating ongoing compliance efforts with H.R.7535. 

The National Institute of Standards and Technology (NIST) finalised three PQC standards (FIPS 203, 204, 205) on August 13, 2024. A fourth standard (HQC) was selected for standardisation on March 11, 2025. NIST encourages immediate transition to these standards.

The US National Security Agency mandates PQC for software and firmware updates by 2025. By 2030, all cryptographic systems within the scope of CNSA 2.0 must exclusively use PQC algorithms, phasing out legacy algorithms (e.g., RSA, ECC) vulnerable to quantum attacks.

In the European Union, the Commission Recommendation (EU) 2024/1101, adopted on April 11, 2024, urges EU Member States to develop consistent strategies for adopting PQC to secure digital infrastructures and services in public administrations and critical infrastructure. Southeast Asia’s first National Quantum-Safe Network Plus (NQSN+) was launched in Singapore in 2023 as part of Singapore’s Digital Connectivity Blueprint. NQSN+ aims to build a quantum-safe communication infrastructure by 2030. It combines PQC, which upgrades software with quantum-resistant algorithms, and Quantum Key Distribution (QKD), a hardwarebased approach for secure key sharing. 

In 2024, the Monetary Authority of Singapore (MAS) and Banque de France conducted a groundbreaking PQC experiment, successfully using quantum-resistant (PQC) algorithms (CRYSTALS-Dilithium and CRYSTALS-Kyber) to sign and encrypt email. In 2024, MAS also issued an advisory (MAS/TCRS/2024/01) urging financial institutions to prepare for quantum risks by maintaining cryptographic inventories, conducting risk assessments, and adopting PQC solutions. 

Singapore is also monitoring progress on NIST post-quantum cryptography and set to roll out its own standard from 2025. (reference: https://www.reedsmith.com/en/perspectives/2024/12/csa-to-roll-out-quantum-security-guidelines-from-2025

Meanwhile, Indonesia’s PQC efforts are in early stages compared to Singapore’s more structured initiatives. In May 2025, the Indonesian Defense University (Unhan RI) inaugurated the Center for Quantum Security Ecosystem (CQSE), and, at the same event, released a Quantum-Security Roadmap 2025-2030: Phase 1 (2025-27), creating a joint Unhan, BRIN, BSSN and TNI research hub and pilots of Quantum VPN for secret government and military communications. Phase 2 (2027- 30) extends post-quantum cryptography and quantum-key-distribution across the national strategic network.

The Quantum Revolution

PT ITSEC Asia Tbk (CYBR), a leading cybersecurity firm listed on the Indonesian Stock Exchange, is pioneering the integration of post-quantum cryptography (PQC) solutions and research in Indonesia and the Asia Pacific region

ITSEC’s PQC Strategy Includes:

Research and Testing

Partnering with global tech firms and academic institutions, ITSEC develops PoCs to validate PQC algorithms and solutions such as Quantum Entropy Appliances, Quantum Entropy-as-a-Service, and Digital Quantum Key Distribution (DQKD) products. ITSEC conducts controlled PoC implementations to showcase PQC integration in real-world applications like secure communications, financial transactions, and data storage.

Training and Capacity Building

Through ITSEC Cyber Academy, launched in 2025, ITSEC offers PQCfocused training tied to PoC outcomes, equipping Indonesian IT professionals with skills to adopt quantum-safe standards. 

Industry Awareness

ITSEC promotes PQC through PoC demonstrations at industry forums, media, and conferences (e.g., ITSEC Cybersecurity Summit 2025), highlighting the need for quantum readiness

ITSEC’s PQC efforts align with Indonesia’s growing effortsin quantum-safe cybersecurity.

Share this post

You may also like

What Is Cloud Security? A First Introduction for Modern Enterprises
Cybersecurity

What Is Cloud Security? A First Introduction for Modern Enterprises

INTRODUCTION: CLOUD ADOPTION IS ACCELERATING, SO ARE THE RISKS Cloud computing has been part of enterprise IT for years, but the risk landscape around it is changing faster than ever. As organizations embrace AI, remote work, and digital transformation, cloud environments have become the backbone of business operations and a prime target for attackers. Today, breaches are no longer limited to traditional data centers. Misconfigured cloud resources, stolen credentials, and unmanaged identities are now among the most common root causes of security incidents. This is why understanding what cloud security is and what it is not matters deeply for enterprises today. At its core, cloud security refers to the policies, technologies, configurations, and responsibilities that protect cloud-based systems, data, and services. This concept is inseparable from how cloud computing itself is defined:an on demand, shared,and externally managed computing model, as outlined in the NIST [https://csrc.nist.gov/pubs/sp/800/145/final]Cloud Computing Definition (SP 800-145), where responsibility is inherently distributed between the provider and the user. WHAT IS CLOUD COMPUTING? A SIMPLE ENTERPRISE PERSPECTIVE Cloud computing is not

ITSEC AsiaITSEC Asia
|
Feb 12, 2026 7 minutes read
Data Protection and Cybersecurity Laws in the Asia-Pacific Region
Cybersecurity

Data Protection and Cybersecurity Laws in the Asia-Pacific Region

Info

Apart from sales and trade, the majority of internet users utilize it for socializing and interacting with peers online. For instance, there were 3.8 billion social media users in January 2020, which represents a 9 percent increase from the previous year. The advancements in internet and related communication technologies enable easy access to information from anywhere on the planet. For example, an online merchant operating in Thailand can offer their services to customers residing in the European Union and the United States. In order to address the dissemination of personal information, including financial, medical, and other types of personal data, worldwide through the internet, appropriate legal regulations need to be established to protect the personal data of citizens and the digital assets of organizations while working online. Following the implementation of the General Data Protection Regulation (GDPR) in the European Union (which came into effect on May 25, 2018), which governs data protection and privacy in EU countries and regulates the transfer of personal data outside the European Union and

ITSEC AsiaITSEC Asia
|
Jul 10, 2023 11 minutes read
Why Cybersecurity Awareness Matters for Modern Enterprises
Cybersecurity

Why Cybersecurity Awareness Matters for Modern Enterprises

INTRODUCTION As organizations accelerate digital transformation through cloud adoption, remote work, and AI-driven systems, the nature of cyber risk continues to evolve. Security challenges are no longer limited to technical vulnerabilities alone. Increasingly, attackers exploit human behavior, trust, and routine workflows to gain unauthorized access to systems and sensitive data. Phishing campaigns, social engineering tactics, and impersonation attacks have grown more sophisticated and harder to detect. Industry guidance from ENISA [https://www.enisa.europa.eu/] highlights that human-centric attack techniques remain among the most effective methods used against organizations today. In this context, cybersecurity awareness has become a critical factor in determining how effectively enterprises can prevent, detect, and respond to cyber threats. This article explains why cybersecurity awareness is important, the challenges enterprises face in building it, and how awareness strengthens overall cybersecurity resilience. WHAT IS CYBERSECURITY AWARENESS? According to findings highlighted in the Verizon Data Breach Investigations Report (DBIR), [https://www.verizon.com/business/resources/reports/dbir/]human interaction continues to play a significant role in successful cyber incidents. In enterprise environments, cybersecurity awareness is not limited to IT or security teams. It applies to every

ITSEC AsiaITSEC Asia
|
Jan 19, 2026 4 minutes read

Receive weekly
updates on new posts

Subscribe
Logo
Indonesia

Noble House, Level 11
Jakarta 12950, Indonesia

Singapore

112 Robinson Road, #11-04
Singapore 068902

Australia

Level 22, 120 Spencer St Melbourne,
Victoria, 3004

United Arab Emirates

Golden Mile 4, Office 13, Floor M,
Palm Jumeirah, Dubai, United Arab Emirates

Mauritius

The Catalyst Building, Ground Floor, Lot 40,
Silicon Avenue Ebene, Mauritius

Services

Copyright © ITSEC 2026 | All Rights Reserved