Quantum threats aren’t only a future downside. Attackers can intercept encrypted information immediately and maintain it till quantum computing makes it simpler to interrupt tomorrow.
As quantum computing capabilities evolve, conventional cryptographic requirements—together with RSA, Diffie-Hellman, and ECC—face rising safety dangers. As a result of these algorithms underpin immediately’s world community site visitors safety, their susceptibility to quantum-based decryption necessitates that organizations begin transferring towards quantum-resistant cryptographic (QRC) protocols.
A major concern is the “harvest now, decrypt later” risk, the place adversaries gather encrypted information now with the objective of decrypting it as soon as quantum know-how matures. For community and safety groups, this shifts quantum readiness from a long-term concern to a near-term planning precedence.
That’s the reason Cisco makes use of a full-stack post-quantum cryptography (PQC) structure to assist shield information all through its complete lifecycle. By deploying quantum-safe algorithms beginning on the {hardware} boot stage, Cisco extends safety throughout the community stack, whereas serving to organizations put together for evolving quantum safety necessities corresponding to CNSA 2.0.
What’s Cisco full-stack PQC?
Introduced at Cisco Dwell Amsterdam 2026, Cisco full-stack PQC extends safety throughout each layer of the community stack, from safe boot to information transport. By integrating NIST-approved PQC algorithms from safe boot processes to information transport protocols, Cisco helps present end-to-end safety for networking infrastructure.
Cisco C9000 Good Switches are the business’s first enterprise switches to help full-stack PQC. Relatively than limiting PQC to information in transit, Cisco C9000 Good Switches embed quantum-safe algorithms on the {hardware} boot stage and within the information airplane. In apply, Cisco full-stack PQC helps shield each the system and the transport layer. This supplies a future-proof basis for enterprise community safety from preliminary power-up by way of information transmission.
How Cisco full-stack PQC protects the community
From the second a Cisco swap is turned on, earlier than any community site visitors is allowed, Cisco Safe Boot verifies the authenticity and integrity of the software program working on the system. This hardware-rooted chain of belief helps stop tampered or malicious code from working, lowering the chance {that a} compromised system might undermine community safety or expose information passing by way of the system.
The safe boot sequence verifies every stage of the boot course of, beginning with the Belief Anchor module (TAm) loading the microloader securely. The microloader then validates and hundreds the bootloader, which in flip verifies and hundreds the working system. Rooted in tamper-resistant {hardware}, this sequence helps set up belief within the software program earlier than the system begins regular operation.
As quantum capabilities mature, that chain of belief should additionally evolve to stay resilient in opposition to future assaults. By integrating PQC into the safe boot course of, Cisco helps be certain that the hardware-rooted chain of belief stays resilient in opposition to these threats.
Making use of PQC throughout your complete stack—from the silicon layer as much as the applying stage—helps organizations shield system integrity and strengthen defenses in opposition to future decryption and signature-forgery assaults. Finally, Cisco full-stack PQC supplies the cryptographic agility wanted to assist safe tomorrow’s community whereas reinforcing belief in immediately’s infrastructure.
Core capabilities of Cisco full-stack PQC
Cisco full-stack PQC helps safe each gadgets and information throughout the community by way of these key capabilities:
Safe boot with hardware-anchored belief: Cisco C9000 Good Switches use a TAm embedded in FPGA {hardware} to determine a quantum-resistant chain of belief solely present in Cisco gadgets. Cisco digitally indicators all photographs utilizing personal keys saved securely within the construct atmosphere, whereas public keys are embedded within the TAm {hardware}. Throughout boot, the TAm verifies the microloader, which then verifies the BIOS/bootloader and the IOS XE picture, establishing a sequence of belief.
Quantum-resistant transport safety: Cisco IOS XE introduces lattice-based ML-KEM algorithms to strengthen key exchanges in SSH, MACsec, IPsec, and TLS protocols. This helps keep the safety of encrypted information even in opposition to quantum-enabled adversaries.
Complete transport airplane safety: PQC is utilized to a number of community layers, together with Layer 2 (MACsec) and Layer 3 (IPsec), to assist shield information confidentiality throughout campus and WAN environments.
The complete-stack PQC street forward
Cisco continues to boost PQC capabilities with ongoing platform enhancements scheduled by way of 2026 and past. For organizations planning long-lived campus and department infrastructure, Cisco full-stack PQC represents an necessary first step in making ready networks for the quantum period with standards-based safety embedded all through the infrastructure stack.
Discover Cisco community switches andenhance your post-quantum safety
