Quantum threats should not only a future drawback. Attackers can intercept encrypted knowledge as we speak and maintain it till quantum computing makes it simpler to interrupt tomorrow.
As quantum computing capabilities evolve, conventional cryptographic requirements—together with RSA, Diffie-Hellman, and ECC—face rising safety dangers. As a result of these algorithms underpin as we speak’s international community site visitors safety, their susceptibility to quantum-based decryption necessitates that organizations begin transferring towards quantum-resistant cryptographic (QRC) protocols.
A main concern is the “harvest now, decrypt later” risk, the place adversaries accumulate encrypted knowledge now with the purpose of decrypting it as soon as quantum expertise matures. For community and safety groups, this shifts quantum readiness from a long-term concern to a near-term planning precedence.
That’s the reason Cisco makes use of a full-stack post-quantum cryptography (PQC) structure to assist shield knowledge all through its total lifecycle. By deploying quantum-safe algorithms beginning on the {hardware} boot degree, Cisco extends safety throughout the community stack, whereas serving to organizations put together for evolving quantum safety necessities equivalent to CNSA 2.0.
What’s Cisco full-stack PQC?
Introduced at Cisco Dwell Amsterdam 2026, Cisco full-stack PQC extends safety throughout each layer of the community stack, from safe boot to knowledge transport. By integrating NIST-approved PQC algorithms from safe boot processes to knowledge transport protocols, Cisco helps present end-to-end safety for networking infrastructure.
Cisco C9000 Sensible Switches are the business’s first enterprise switches to assist full-stack PQC. Moderately than limiting PQC to knowledge in transit, Cisco C9000 Sensible Switches embed quantum-safe algorithms on the {hardware} boot degree and within the knowledge aircraft. In observe, Cisco full-stack PQC helps shield each the system and the transport layer. This gives a future-proof basis for enterprise community safety from preliminary power-up by way of knowledge transmission.
How Cisco full-stack PQC protects the community
From the second a Cisco change is turned on, earlier than any community site visitors is allowed, Cisco Safe Boot verifies the authenticity and integrity of the software program working on the system. This hardware-rooted chain of belief helps stop tampered or malicious code from working, lowering the danger {that a} compromised system may undermine community safety or expose knowledge passing by way of the system.
The safe boot sequence verifies every stage of the boot course of, beginning with the Belief Anchor module (TAm) loading the microloader securely. The microloader then validates and masses the bootloader, which in flip verifies and masses the working system. Rooted in tamper-resistant {hardware}, this sequence helps set up belief within the software program earlier than the system begins regular operation.
As quantum capabilities mature, that chain of belief should additionally evolve to stay resilient towards future assaults. By integrating PQC into the safe boot course of, Cisco helps be certain that the hardware-rooted chain of belief stays resilient towards these threats.
Making use of PQC throughout all the stack—from the silicon layer as much as the applying degree—helps organizations shield system integrity and strengthen defenses towards future decryption and signature-forgery assaults. Finally, Cisco full-stack PQC gives the cryptographic agility wanted to assist safe tomorrow’s community whereas reinforcing belief in as we speak’s infrastructure.
Core capabilities of Cisco full-stack PQC
Cisco full-stack PQC helps safe each units and knowledge throughout the community by way of these key capabilities:
- Safe boot with hardware-anchored belief: Cisco C9000 Sensible Switches use a TAm embedded in FPGA {hardware} to ascertain a quantum-resistant chain of belief solely present in Cisco units. Cisco digitally indicators all photos utilizing non-public keys saved securely within the construct atmosphere, whereas public keys are embedded within the TAm {hardware}. Throughout boot, the TAm verifies the microloader, which then verifies the BIOS/bootloader and the IOS XE picture, establishing a series of belief.
- Quantum-resistant transport safety: Cisco IOS XE introduces lattice-based ML-KEM algorithms to strengthen key exchanges in SSH, MACsec, IPsec, and TLS protocols. This helps keep the safety of encrypted knowledge even towards quantum-enabled adversaries.
- Complete transport aircraft safety: PQC is utilized to a number of community layers, together with Layer 2 (MACsec) and Layer 3 (IPsec), to assist shield knowledge confidentiality throughout campus and WAN environments.
The complete-stack PQC street forward
Cisco continues to boost PQC capabilities with ongoing platform enhancements scheduled by way of 2026 and past. For organizations planning long-lived campus and department infrastructure, Cisco full-stack PQC represents an essential first step in getting ready networks for the quantum period with standards-based safety embedded all through the infrastructure stack.
Discover Cisco community switches and
improve your post-quantum safety
