Quantum threats are usually not only a future drawback. Attackers can intercept encrypted knowledge in the present day and maintain it till quantum computing makes it simpler to interrupt tomorrow.
As quantum computing capabilities evolve, conventional cryptographic requirements—together with RSA, Diffie-Hellman, and ECC—face rising safety dangers. As a result of these algorithms underpin in the present day’s international community site visitors safety, their susceptibility to quantum-based decryption necessitates that organizations begin shifting towards quantum-resistant cryptographic (QRC) protocols.
A main concern is the “harvest now, decrypt later” risk, the place adversaries acquire encrypted knowledge now with the aim of decrypting it as soon as quantum expertise matures. For community and safety groups, this shifts quantum readiness from a long-term concern to a near-term planning precedence.
That’s the reason Cisco makes use of a full-stack post-quantum cryptography (PQC) structure to assist shield knowledge all through its complete lifecycle. By deploying quantum-safe algorithms beginning on the {hardware} boot stage, Cisco extends safety throughout the community stack, whereas serving to organizations put together for evolving quantum safety necessities resembling CNSA 2.0.
What’s Cisco full-stack PQC?
Introduced at Cisco Stay Amsterdam 2026, Cisco full-stack PQC extends safety throughout each layer of the community stack, from safe boot to knowledge transport. By integrating NIST-approved PQC algorithms from safe boot processes to knowledge transport protocols, Cisco helps present end-to-end safety for networking infrastructure.
Cisco C9000 Good Switches are the business’s first enterprise switches to help full-stack PQC. Relatively than limiting PQC to knowledge in transit, Cisco C9000 Good Switches embed quantum-safe algorithms on the {hardware} boot stage and within the knowledge aircraft. In follow, Cisco full-stack PQC helps shield each the gadget and the transport layer. This supplies a future-proof basis for enterprise community safety from preliminary power-up by knowledge transmission.
How Cisco full-stack PQC protects the community
From the second a Cisco change is turned on, earlier than any community site visitors is allowed, Cisco Safe Boot verifies the authenticity and integrity of the software program operating on the gadget. This hardware-rooted chain of belief helps forestall tampered or malicious code from operating, lowering the danger {that a} compromised gadget may undermine community safety or expose knowledge passing by the gadget.
The safe boot sequence verifies every stage of the boot course of, beginning with the Belief Anchor module (TAm) loading the microloader securely. The microloader then validates and hundreds the bootloader, which in flip verifies and hundreds the working system. Rooted in tamper-resistant {hardware}, this sequence helps set up belief within the software program earlier than the gadget begins regular operation.
As quantum capabilities mature, that chain of belief should additionally evolve to stay resilient towards future assaults. By integrating PQC into the safe boot course of, Cisco helps make sure that the hardware-rooted chain of belief stays resilient towards these threats.
Making use of PQC throughout your entire stack—from the silicon layer as much as the applying stage—helps organizations shield gadget integrity and strengthen defenses towards future decryption and signature-forgery assaults. Finally, Cisco full-stack PQC supplies the cryptographic agility wanted to assist safe tomorrow’s community whereas reinforcing belief in in the present day’s infrastructure.
Core capabilities of Cisco full-stack PQC
Cisco full-stack PQC helps safe each gadgets and knowledge throughout the community by these key capabilities:
- Safe boot with hardware-anchored belief: Cisco C9000 Good Switches use a TAm embedded in FPGA {hardware} to ascertain a quantum-resistant chain of belief solely present in Cisco gadgets. Cisco digitally indicators all pictures utilizing non-public keys saved securely within the construct atmosphere, whereas public keys are embedded within the TAm {hardware}. Throughout boot, the TAm verifies the microloader, which then verifies the BIOS/bootloader and the IOS XE picture, establishing a sequence of belief.
- Quantum-resistant transport safety: Cisco IOS XE introduces lattice-based ML-KEM algorithms to strengthen key exchanges in SSH, MACsec, IPsec, and TLS protocols. This helps keep the safety of encrypted knowledge even towards quantum-enabled adversaries.
- Complete transport aircraft safety: PQC is utilized to a number of community layers, together with Layer 2 (MACsec) and Layer 3 (IPsec), to assist shield knowledge confidentiality throughout campus and WAN environments.
The total-stack PQC street forward
Cisco continues to boost PQC capabilities with ongoing platform enhancements scheduled by 2026 and past. For organizations planning long-lived campus and department infrastructure, Cisco full-stack PQC represents an necessary first step in making ready networks for the quantum period with standards-based safety embedded all through the infrastructure stack.
Â
Discover Cisco community switches and
improve your post-quantum safety
