Cybersecurity and Quantum Computers

On June 22 nd , the President issued two executive orders on quantum computing. Executive Order 14412 , Securing the Nation Against Advanced Cryptographic Attacks (EO 14412) and Executive Order 14413 , Ushering in the Next Frontier of Quantum Innovation. EO 14412 directs federal agencies to transition federal information systems to National Institute of Standards and Technology (NIST) approved Federal Information Processing Standards (FIPS) for Post-Quantum Cryptography (PQC) and EO 14413 focuses on developing quantum computers as a nation. So, what does this mean and why is this important?

What are Quantum Computers?

Quantum computers are a significant step forward for computers. The computers we use today are considered classical computers that use bits, 0s and 1s, to compute. This is what makes up binary code. Quantum computers don’t use bits, they use qubits. Qubits are like bits that haven’t made up their mind. A qubit can exist as a 1, a 0, or in a state where it could become a 1 or could become a 0. This article from the International Organization for Standardization (ISO) does a good job explaining quantum computing and qubits. It describes a qubit as a flipped coin. While the coin is in the air, the coin can land on either heads or tails. A qubit is like a flipped coin hanging in the air, it has the possibility to become either 1 or 0. This is called superposition. Quantum computers can use this state of superposition to make advanced computations well beyond the ability of classical computers. If this seems strange, that is because it strange. Quantum physics makes Catch 22 seem like nonfiction. If you are interested in understanding the underlying mechanics, take a look at the ISO article mentioned above to get started. 

So What?

With qubits, quantum computers have the ability to solve math problems that are beyond the ability of classical computers. This is important because the way we encrypt data is by using math problems that classical computers cannot solve. A sufficiently advanced quantum computer could crack your credit union’s core system and take over, initiate fund transfers, or steal all your member’s data. Further, a quantum computer can be used to crack the encryption on previously stolen data. Bad actors are harvesting and storing encrypted data until the time comes when a quantum computer can break the encryption of the stored data. For example, a hacker obtains an encrypted prescreened list and keeps it in the hope they can one day obtain the social security numbers of the consumers on the list.  

That being said, a sufficiently advanced quantum computer capable of breaking traditional encryption systems has not been publicly developed yet. Companies and countries are working towards more and more advanced quantum computers and investing billions to do it. On March 26, 2026, Google published an article that securing against quantum computers by 2029. Just two and a half years from now, not a long time to make a transition. You should also keep in mind that whoever develops a sufficiently advanced quantum computer may not announce it. They may just start hacking. 

What Can be Done to Defend Against Quantum Computers?

On June 22, 2026, the President issued EO 14412. As noted above, EO 14412 directs federal agencies to transition federal information systems to National Institute of Standards and Technology (NIST) approved Federal Information Processing Standards (FIPS) for Post-Quantum Cryptography (PQC).

NIST is a nonregulatory organization within the Department of Commerce. As part of its mission NIST develops non-mandatory standards and best practices in a variety of industries, including cybersecurity. In 2024, NIST released three post-quantum encryption standards designed to withstand the attack of a quantum computer. The standards include instructions for incorporating them in products and encryption systems and NIST recommends that “system administrators to start integrating them into their systems immediately, because full integration will take time.” 

I am not going to go into detail about these standards. What is important is that you know that they exist and you can go to your system administrator and/or vendors and ask if they are adopting and incorporating these standards. If they are not, ask them what they are doing instead. The standards released by NIST are not the only way to secure against quantum computers. For example, ISO is working on standards to protect against quantum computers and just selected an algorithm to use for encryption. ISO standards are widely accepted and generally effective. However, beyond NIST, ISO and other national standard setting agencies, be careful of vendors who use “proprietary” algorithms and encryption methods. While they may be effective, you should strongly vet their methods.

Director of Federal Compliance
America's Credit Unions