Quantum threats aren’t only a future downside. Attackers can intercept encrypted knowledge at this time and maintain it till quantum computing makes it simpler to interrupt tomorrow.
As quantum computing capabilities evolve, conventional cryptographic requirements—together with RSA, Diffie-Hellman, and ECC—face rising safety dangers. As a result of these algorithms underpin at this time’s international community site visitors safety, their susceptibility to quantum-based decryption necessitates that organizations begin transferring towards quantum-resistant cryptographic (QRC) protocols.
A main concern is the “harvest now, decrypt later” menace, the place adversaries acquire encrypted knowledge now with the objective of decrypting it as soon as quantum know-how matures. For community and safety groups, this shifts quantum readiness from a long-term concern to a near-term planning precedence.
That’s the reason Cisco makes use of a full-stack post-quantum cryptography (PQC) structure to assist defend knowledge all through its whole lifecycle. By deploying quantum-safe algorithms beginning on the {hardware} boot stage, Cisco extends safety throughout the community stack, whereas serving to organizations put together for evolving quantum safety necessities equivalent to CNSA 2.0.
What’s Cisco full-stack PQC?
Introduced at Cisco Stay Amsterdam 2026, Cisco full-stack PQC extends safety throughout each layer of the community stack, from safe boot to knowledge transport. By integrating NIST-approved PQC algorithms from safe boot processes to knowledge transport protocols, Cisco helps present end-to-end safety for networking infrastructure.
Cisco C9000 Sensible Switches are the business’s first enterprise switches to assist full-stack PQC. Slightly than limiting PQC to knowledge in transit, Cisco C9000 Sensible Switches embed quantum-safe algorithms on the {hardware} boot stage and within the knowledge airplane. In follow, Cisco full-stack PQC helps defend each the gadget and the transport layer. This supplies a future-proof basis for enterprise community safety from preliminary power-up via knowledge transmission.
How Cisco full-stack PQC protects the community
From the second a Cisco change is turned on, earlier than any community site visitors is allowed, Cisco Safe Boot verifies the authenticity and integrity of the software program working on the gadget. This hardware-rooted chain of belief helps stop tampered or malicious code from working, decreasing the danger {that a} compromised gadget may undermine community safety or expose knowledge passing via the gadget.
The safe boot sequence verifies every stage of the boot course of, beginning with the Belief Anchor module (TAm) loading the microloader securely. The microloader then validates and hundreds the bootloader, which in flip verifies and hundreds the working system. Rooted in tamper-resistant {hardware}, this sequence helps set up belief within the software program earlier than the gadget begins regular operation.
As quantum capabilities mature, that chain of belief should additionally evolve to stay resilient in opposition to future assaults. By integrating PQC into the safe boot course of, Cisco helps make sure that the hardware-rooted chain of belief stays resilient in opposition to these threats.
Making use of PQC throughout your entire stack—from the silicon layer as much as the applying stage—helps organizations defend gadget integrity and strengthen defenses in opposition to future decryption and signature-forgery assaults. In the end, Cisco full-stack PQC supplies the cryptographic agility wanted to assist safe tomorrow’s community whereas reinforcing belief in at this time’s infrastructure.
Core capabilities of Cisco full-stack PQC
Cisco full-stack PQC helps safe each units and knowledge throughout the community via these key capabilities:
- Safe boot with hardware-anchored belief: Cisco C9000 Sensible Switches use a TAm embedded in FPGA {hardware} to ascertain a quantum-resistant chain of belief solely present in Cisco units. Cisco digitally indicators all photos utilizing non-public keys saved securely within the construct setting, whereas public keys are embedded within the TAm {hardware}. Throughout boot, the TAm verifies the microloader, which then verifies the BIOS/bootloader and the IOS XE picture, establishing a series of belief.
- Quantum-resistant transport safety: Cisco IOS XE introduces lattice-based ML-KEM algorithms to strengthen key exchanges in SSH, MACsec, IPsec, and TLS protocols. This helps preserve the safety of encrypted knowledge even in opposition to quantum-enabled adversaries.
- Complete transport airplane safety: PQC is utilized to a number of community layers, together with Layer 2 (MACsec) and Layer 3 (IPsec), to assist defend knowledge confidentiality throughout campus and WAN environments.
The complete-stack PQC street forward
Cisco continues to boost PQC capabilities with ongoing platform enhancements scheduled via 2026 and past. For organizations planning long-lived campus and department infrastructure, Cisco full-stack PQC represents an necessary first step in getting ready networks for the quantum period with standards-based safety embedded all through the infrastructure stack.
Discover Cisco community switches and
improve your post-quantum safety