Logo
Cybersecurity

Post-Quantum Cryptography Readiness with ITSEC

Discover how ITSEC helps organisations prepare for the post-quantum era with future-proof cryptography and cyber resilience strategies.

ITSEC AsiaITSEC Asia
|
Jul 11, 2025
Post-Quantum Cryptography Readiness with ITSEC

For decades, public-key cryptography has been the backbone of protecting sensitive information, such as financial transactions, personal data, corporate communications, and government secrets. Whether logging into a secure banking app, shopping online, or browsing encrypted websites (like HTTPS), public key infrastructure (PKI) protects your data from cybercriminals. However, the rise of quantum computing introduces transformative and potentially disruptive challenge to this foundation of digital trust.

The Quantum Revolution

Quantum computers can perform complex computations faster than even the most advanced current supercomputers. While this capability promises breakthroughs in drug discovery and healthcare, materials science or Artificial Intelligence (AI), it also poses a significant threat to current cryptographic systems. Quantum computers could break widely used publickey cryptographic systems (e.g., RSA, ECC), compromising critical infrastructure security such as energy grids, financial systems, and sensitive government communication networks.

Compromised public-key cryptography could lead to forged digital certificates or signatures, undermining trust in banking, healthcare, and government services. Quantum cryptography attacks could also compromise billions of connected devices, from smart homes to Industrial Control Systems (ICS), by breaking traditional encryption used in secure communication.

Furthermore, cyber criminals and government adversaries could use “harvest now, decrypt later” attacks, where adversaries collect encrypted data today for decryption when quantum computers become available. This could affect all the critical infrastructure, which also often handles sensitive data with long-term confidentiality needs (e.g. medical records, state secrets). Experts predict that “Q-Day”, when quantum computers crack current encryption, may arrive within a decade. This has spurred global efforts to develop and implement post-quantum cryptography, new encryption algorithms designed to resist quantum attacks.

Global Efforts to Prepare for Post-Quantum Cryptography

Governments worldwide are already taking proactive steps to counter the threats of Quantum Computing to cybersecurity. In the US, the Quantum Computing Cybersecurity Preparedness Act (H.R.7535), signed into law on December 21, 2022, as Public Law 117-260, aims to encourage federal agencies to migrate their information technology systems to post-quantum cryptography (PQC) to protect against future quantum computing threats. It mandates agencies to assess vulnerabilities, maintain inventories of quantum-vulnerable systems, and develop strategies for PQC adoption. 

Furthermore, the Cybersecurity and Infrastructure Security Agency (CISA) launched a PQC Initiative in July 2023 to support critical infrastructure with risk assessments and transition planning. CISA has provided resources for cryptographic inventorying and testing PQC algorithms, indicating ongoing compliance efforts with H.R.7535. 

The National Institute of Standards and Technology (NIST) finalised three PQC standards (FIPS 203, 204, 205) on August 13, 2024. A fourth standard (HQC) was selected for standardisation on March 11, 2025. NIST encourages immediate transition to these standards.

The US National Security Agency mandates PQC for software and firmware updates by 2025. By 2030, all cryptographic systems within the scope of CNSA 2.0 must exclusively use PQC algorithms, phasing out legacy algorithms (e.g., RSA, ECC) vulnerable to quantum attacks.

In the European Union, the Commission Recommendation (EU) 2024/1101, adopted on April 11, 2024, urges EU Member States to develop consistent strategies for adopting PQC to secure digital infrastructures and services in public administrations and critical infrastructure. Southeast Asia’s first National Quantum-Safe Network Plus (NQSN+) was launched in Singapore in 2023 as part of Singapore’s Digital Connectivity Blueprint. NQSN+ aims to build a quantum-safe communication infrastructure by 2030. It combines PQC, which upgrades software with quantum-resistant algorithms, and Quantum Key Distribution (QKD), a hardwarebased approach for secure key sharing. 

In 2024, the Monetary Authority of Singapore (MAS) and Banque de France conducted a groundbreaking PQC experiment, successfully using quantum-resistant (PQC) algorithms (CRYSTALS-Dilithium and CRYSTALS-Kyber) to sign and encrypt email. In 2024, MAS also issued an advisory (MAS/TCRS/2024/01) urging financial institutions to prepare for quantum risks by maintaining cryptographic inventories, conducting risk assessments, and adopting PQC solutions. 

Singapore is also monitoring progress on NIST post-quantum cryptography and set to roll out its own standard from 2025. (reference: https://www.reedsmith.com/en/perspectives/2024/12/csa-to-roll-out-quantum-security-guidelines-from-2025

Meanwhile, Indonesia’s PQC efforts are in early stages compared to Singapore’s more structured initiatives. In May 2025, the Indonesian Defense University (Unhan RI) inaugurated the Center for Quantum Security Ecosystem (CQSE), and, at the same event, released a Quantum-Security Roadmap 2025-2030: Phase 1 (2025-27), creating a joint Unhan, BRIN, BSSN and TNI research hub and pilots of Quantum VPN for secret government and military communications. Phase 2 (2027- 30) extends post-quantum cryptography and quantum-key-distribution across the national strategic network.

The Quantum Revolution

PT ITSEC Asia Tbk (CYBR), a leading cybersecurity firm listed on the Indonesian Stock Exchange, is pioneering the integration of post-quantum cryptography (PQC) solutions and research in Indonesia and the Asia Pacific region

ITSEC’s PQC Strategy Includes:

Research and Testing

Partnering with global tech firms and academic institutions, ITSEC develops PoCs to validate PQC algorithms and solutions such as Quantum Entropy Appliances, Quantum Entropy-as-a-Service, and Digital Quantum Key Distribution (DQKD) products. ITSEC conducts controlled PoC implementations to showcase PQC integration in real-world applications like secure communications, financial transactions, and data storage.

Training and Capacity Building

Through ITSEC Cyber Academy, launched in 2025, ITSEC offers PQCfocused training tied to PoC outcomes, equipping Indonesian IT professionals with skills to adopt quantum-safe standards. 

Industry Awareness

ITSEC promotes PQC through PoC demonstrations at industry forums, media, and conferences (e.g., ITSEC Cybersecurity Summit 2025), highlighting the need for quantum readiness

ITSEC’s PQC efforts align with Indonesia’s growing effortsin quantum-safe cybersecurity.

Share this post

You may also like

Calculating the Cost of Securing Your Business
Cybersecurity

Calculating the Cost of Securing Your Business

Tips

As the strategic importance of information security continues to grow for organizations of all sizes, and the complexity of information security increases across industries, business decisions are increasingly driven by the need to protect their intellectual assets and safeguard their IT infrastructure from evolving cybersecurity threats. Securing customer records, protecting sensitive financial information, and complying with regulatory requirements can create significant pressures on IT decision-makers and their resources. While many organizations have traditionally outsourced critical elements of their IT operations to managed service providers, more and more businesses are proactively outsourcing their security functions to specialized information security service providers. This has led to a need for evaluating the benefits of outsourcing security elements and comparing them to managing these processes internally. I wrote this article to help business leaders understand the best way to approach Managed Security Service Providers (MSSPs) in the context of Total Cost Ownership (TCO), a subject that is frequently discussed and of interest to both technical and non-technical leaders. INTERNAL SOLUTIONS OR OUTSOURCING? The key to evaluating

ITSEC AsiaITSEC Asia
|
Jul 10, 2023 8 minutes read
Four Strong Reasons to Use an MSSP
Cybersecurity

Four Strong Reasons to Use an MSSP

Test

The multitude of challenges to be faced is the main reason why most organizations today are turning to managed security service providers (MSSPs) to help them address these issues. The challenges of strengthening human resources, processes, and technologies as efforts to secure their intellectual property and data appropriately, while still complying with cybersecurity regulations, can be a daunting task even for well-managed IT departments. With these considerations in mind, here are four main reasons why I prefer MSSPs over in-house security. USING MSSP SAVES YOU MONEY Building, running, and maintaining a cybersecurity ecosystem comes with significant costs. One of the reasons is that many software solutions require specialized hardware and equipment to run, and they often come with recurring licensing costs. Additionally, the salaries of cybersecurity employees and the training they need to effectively utilize new tools and technologies add to the expenses. One of the CFO's favorite aspects of using MSSP is that it can replace the capital expenditures often needed to add new tools with a large

ITSEC AsiaITSEC Asia
|
Jul 10, 2023 5 minutes read
Why Cybersecurity Awareness Matters for Modern Enterprises
Cybersecurity

Why Cybersecurity Awareness Matters for Modern Enterprises

INTRODUCTION As organizations accelerate digital transformation through cloud adoption, remote work, and AI-driven systems, the nature of cyber risk continues to evolve. Security challenges are no longer limited to technical vulnerabilities alone. Increasingly, attackers exploit human behavior, trust, and routine workflows to gain unauthorized access to systems and sensitive data. Phishing campaigns, social engineering tactics, and impersonation attacks have grown more sophisticated and harder to detect. Industry guidance from ENISA [https://www.enisa.europa.eu/] highlights that human-centric attack techniques remain among the most effective methods used against organizations today. In this context, cybersecurity awareness has become a critical factor in determining how effectively enterprises can prevent, detect, and respond to cyber threats. This article explains why cybersecurity awareness is important, the challenges enterprises face in building it, and how awareness strengthens overall cybersecurity resilience. WHAT IS CYBERSECURITY AWARENESS? According to findings highlighted in the Verizon Data Breach Investigations Report (DBIR), [https://www.verizon.com/business/resources/reports/dbir/]human interaction continues to play a significant role in successful cyber incidents. In enterprise environments, cybersecurity awareness is not limited to IT or security teams. It applies to every

ITSEC AsiaITSEC Asia
|
Jan 19, 2026 4 minutes read

Receive weekly
updates on new posts

Subscribe
Logo
Indonesia

Noble House, Level 11
Jakarta 12950, Indonesia

Singapore

112 Robinson Road, #11-04
Singapore 068902

Australia

Level 22, 120 Spencer St Melbourne,
Victoria, 3004

United Arab Emirates

Golden Mile 4, Office 13, Floor M,
Palm Jumeirah, Dubai, United Arab Emirates

Mauritius

The Catalyst Building, Ground Floor, Lot 40,
Silicon Avenue Ebene, Mauritius

Services

Copyright © ITSEC 2026 | All Rights Reserved