Analysis of Poland's Cybersecurity Strategy in the Post-Quantum Context
Does the newly published Strategy adequately address the problem of digital communication in the era of advancing quantum technology?
Digital communication in the post-quantum era
Your data could be decrypted in the future. Prepare for the post-quantum era now.
I help organizations assess vulnerability to HNDL and MITM, plan migration to post-quantum cryptography, and build a security strategy resilient to the rise of quantum computers.
Why it matters now
Quantum computers don't need to exist yet to threaten your data. Attackers can intercept it today and decrypt it in the future.
Harvest Now, Decrypt Later
Data encrypted with classical algorithms and intercepted today could be decrypted in a few years when a quantum computer capable of breaking encryption becomes available.
Data longevity
If your data needs to remain protected for 5–20 years, classical cryptography will no longer be sufficient. The risk grows every year.
Loss of trust in signatures
Digital signatures based on RSA/ECC may lose credibility. This means a risk of undermining the validity of documents and transactions.
Migration takes years
Large organizations need 3–7 years to transition to post-quantum cryptography. Delaying decisions increases risk and costs.
Who needs post-quantum security?
The most at-risk organizations are those that store data for years and rely on trust in digital signatures, encryption, and online communication.
Finance and insurance
Transactions, contracts, customer data and operation histories must remain confidential and legally binding for years. Loss of trust in signatures is a real regulatory risk.
Public administration and registries
Registries, e-services and official documents have a time horizon measured in decades. A "harvest now, decrypt later" attack directly undermines the state's credibility.
Healthcare, legal and sensitive data
Medical records, case files, expert opinions and personal data have long-term value and are especially attractive to attackers.
Technology, SaaS and critical infrastructure
Cloud platforms, digital service providers and critical system operators must think about security 5–10 years ahead.
Don't see your industry, but you process long-lived data?
Ask how post-quantum affects your organizationHow I can help your organization
Post-quantum is not just new algorithms. It's decisions about data, time, and trust. I work with organizations that want to consciously prepare for change.
Exposure screening
A quick reconnaissance of data, flows, and cryptographic dependencies to determine whether the organization requires further analysis and where to start.
- Data triage for long-term confidentiality
- Mapping of key data flows and communication channels
- Identifying cryptographic mechanisms protecting critical flows
- Preliminary qualification of exposure to the HNDL scenario
- Report with priorities for further analysis
Crypto-governance support
Building organizational capacity to manage cryptography: from organizing knowledge about dependencies, through ownership and decision-making processes, to measurable accountability.
- Establishing program ownership and accountability for cryptographic decisions
- Defining a collaboration model between security, IT, architecture, procurement, legal, and business
- Preparing principles for cryptography inventory and dependency classification
- Linking cryptography to data, flows, systems, vendors, and owners
- Defining metrics, reporting, and escalation processes for cryptographic risks
Migration roadmap
Translating knowledge about data, dependencies, and responsibilities into a migration plan: priorities, stages, requirements for systems and vendors, and principles for maintaining crypto-agility.
- Prioritizing migration areas by risk, criticality, and data horizon
- Selecting a migration path for key dependencies: hybrid, update, replacement, or vendor control
- Defining requirements for architecture, PKI, certificates, protocols, and the cryptography lifecycle
- A roadmap of technical, organizational, and procurement decisions
Nie wiesz, co wybrać?
Umów się na bezpłatną, 20-minutową rozmowę, podczas której postaram się odpowiedzieć na Twoje pytania.
Why PostQ.pl?
PostQ.pl was created for one reason: most organizations underestimate how long their data lives and how much quantum computers will undermine today's guarantees of confidentiality and trust.
I combine technical, strategic and educational experience. I help security teams, boards and lawyers talk about post-quantum in the same language and make decisions that make sense in a 5–10 year horizon.
- Working with organizations in regulated and technology sectors
- Focus on long-lived data (finance, healthcare, government, legal)
- Recommendations based on NIST, ENISA and ETSI standards
Consultant
Michał Pietrus
I work on communication security and cryptography, and how they translate into real business and regulatory decisions.
If you want to discuss how post-quantum will affect your organization, let's start with a short conversation — no strings attached.
Let's talk about post-quantum in your organization
Write a few sentences about your situation. I'll follow up with a short, no-obligation conversation proposal and we'll see if and how I can help.
How does a quantum computer affect digital communication?
Communication confidentiality over time
Encrypted data intercepted today can be decrypted and revealed in the future, increasing the risk of leaks of long-lived information.
Data trust
A quantum computer undermines today's guarantees that information is authentic and untampered, affecting the credibility of digital communication-based processes.
Identity certainty
A quantum computer weakens methods for confirming who is actually participating in communication, increasing the risk of impersonation and bad decisions.
Longevity of digital signatures
Signatures based on classical algorithms are losing resilience, which over time undermines the evidentiary value of documents and transactions.
Strategic predictability
What has simply worked so far, the quantum computer changes and forces a new approach to digital communication security.
Latest posts
View all posts »
NIST Additional Digital Signature Schemes: Third Round of PQC Selection
PQC cryptography, for now, doesn't bring simple answers and requires integrators to have broad knowledge of specific cryptographic schemes — and there will be quite a few in the coming decade.
Why quantum threats affect every organization
Although an effective quantum computer doesn't exist yet, the consequences of post-quantum threats reach far beyond cryptography.
QKD vs. PQC | Two paradigms, two threat models, one problem
Hardware-based security (QKD), software-based security (PQC), or perhaps as usual — it depends?