The conversation around quantum computing often feels like science fiction — a distant milestone for future generations. However, for those of us protecting critical mainframe infrastructure, the quantum threat is not just a future event; it also is an active risk that requires immediate action. Global cybersecurity guidance from the United States, the United Kingdom, the European Union, and others have already established a clear mandate: initial migrations to post-quantum cryptography (PQC) must begin now to meet a 2030 deadline for high-risk systems.
Understanding the "Harvest Now, Decrypt Later" Threat
The most pressing concern for mainframe professionals today is the "harvest now, decrypt later" strategy. There is consensus that malicious actors are currently capturing encrypted data with the intent of decrypting it once cryptographically relevant quantum systems become available. For organizations managing data with long-term sensitivity, such as financial records, health care data, or national security information, the encryption protecting your systems today may already be vulnerable to tomorrow’s quantum capabilities.
The Roadmap to PQC Readiness
Transitioning to a quantum-safe environment will be a multi-step, multi-year journey that involves more than just a simple software patch. It requires a structured approach across several domains.
- Discovery and Inventory: You cannot protect what you cannot see. The first step is a comprehensive cataloging of all cryptographic assets and network connections across your entire mainframe portfolio.
- Analysis and Planning: Once inventoried, assets must be classified as PQC-ready or non-compliant. This phase identifies internal and external dependencies, such as IBM System SSL, JSSE, or Bouncy Castle, that must support new PQC standards.
- Execution and Delivery: This involves migrating protocols to PQC-compliant versions and establishing long-term cryptographic agility to respond to future threats.
What You Can Start Doing Today
While the full transition to PQC will take time, there are immediate steps organizations can take to strengthen their posture:
- Inventory Your Crypto Assets: Begin documenting where classical cryptography like Rivest-Shamir-Adleman (RSA) and Elliptic-Curve Cryptography (ECC) is used in your applications.
- Adopt AES-256: Transitioning symmetric encryption to 256-bit AES is a critical step in providing a baseline of quantum resistance for data at rest and in transit.
- Upgrade to TLS 1.3: PQC algorithms will generally be prioritized for TLS 1.3, making the migration from TLS 1.2 an essential prerequisite.
- Leverage Application-Transparent Security: Moving to mechanisms like AT-TLS can simplify future PQC migrations by centralizing security management and reducing the need for application-level code changes.
Join the Conversation at SHARE Blueprint
To help organizations navigate these complexities, SHARE Blueprint is offering a focused, two-day education event centered on PQC and its specific impact on mainframe security. This event is designed for z/OS professionals, cybersecurity leaders, and architects who need technical clarity and strategic frameworks to prepare their systems for the post-quantum era. Attendees will engage in deep-dive discussions, interactive tabletop exercises, and expert panel reviews.
Prepare Ahead of Time
The path to a quantum-safe mainframe begins with the actions you take today. Whether it's starting your internal inventory or joining us in Pittsburgh for SHARE Blueprint, the time to lead your organization into the post-quantum era is now.
Michael Jordan is a Distinguished Engineer for cybersecurity and compliance at Broadcom
Register for SHARE Pittsburgh and SHARE Blueprint today! Already a member, check out the SHARE'd Conversations: An Introduction to Post-Quantum Cryptography.