Risk & Compliance Exchange 2026: HCLSoftware’s Stephen Hunt on long-term strategy for post-quantum cryptography - Federal News Network

FEDERAL INSIGHT BY HCLSOFTWARE IT MODERNIZATION Risk & Compliance Exchange 2026: HCLSoftware’s Stephen Hunt on long-term strategy for post-quantum cryptography Agencies have begun inventorying systems for PQC vulnerabilities. HCLSoftware CTO says next step is to build a “continuous cycle” of cryptographic agility. Justin Doubleday@jdoubledayWFED May 20, 2026 11:18 am           Many organizations are looking at post-quantum cryptography as a “future concern.” But Stephen Hunt, the chief technology officer for federal markets at HCLSoftware, argues it’s a challenge organizations should be tackling today. The prospect of a future quantum computer capable of breaking current cryptography has already led federal agencies to begin inventorying their most high-risk cryptographic assets. The concept that a cyber attacker could steal sensitive data today and decrypt it in the future has lent more urgency to the challenge. Meanwhile, Google and Cloudflare recently announced that they will complete their post-quantum cryptographic transitions by 2029, effectively placing a new marker on the timeline for other organizations to follow. “There’s an urgency here because changing out algorithms, changing key links — whatever you’re doing to remediate weak cryptography — is not necessarily an easy step to take,” Hunt said during Federal News Network’s Risk & Compliance Exchange 2026. “The first step, obviously, is the inventory, but there’s work after that, and it’s going to be a crank you turn a lot of times.” Inventorying vulnerable systems and data The federal government has already started moving out on the PQC challenge. The Office of Management and Budget mandated that agencies identify all IT systems and data vulnerable to quantum decryption. Agencies were required to submit and update migration plans for shifting from traditional algorithms to PQC, including budgetary requirements. President Donald Trump has also directed the Cybersecurity and Infrastructure Security Agency to maintain a list of product categories that include PQC-supported products. Hunt said a long-term, post-quantum strategy requires building a “continuous cycle” for managing cryptographic inventories. The National Institute of Standards and Technology has approved the first batch of PQC algorithms. While organizations that follow Federal Information Processing Standards can’t rush to adopt PQC today, Hunt said they can prepare to manage a cycle of cryptographic adoption. “What you can do is to use that time to really understand your inventory and test how you’re going to handle those new algorithms,” Hunt said. “They’re going to be heavier than the ones we have today. They’re going to take more CPU. They’re just going to take more. You need the time to ensure that your systems, as they sit today, could withstand a swap out into post quantum. Or do you have to do something larger and then talk to your vendors about their roadmaps? Where are they on their PQC journey?” Naming someone to lead point on PQC Hunt also recommends naming a PQC lead, identifying “one person with authority and budget and accountability for the program.” He added, “Without that, work gets distributed and nothing gets owned or done.” Training system owners on cryptographic inventory management will also be key, Hunt said. “It doesn’t have to be an in-depth training,” he said. “You don’t need to go to class for three days. An hour would do. That leads to an honest assessment of their environment and gives them some ideas of the work that they’ve got in front of them.” Organizations should also be aware that weak algorithms can “sneak in” through reloaded systems or vendor upgrades, Hunt pointed out. “Establish continuous discovery, ideally daily. Because if you are remediating, you want to make sure that the remediation sticks and there’s nobody sliding in algorithms that you’ve already retired.” Discover more articles and videos now on the Risk & Compliance Exchange event page. Copyright © 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.           Justin Doubleday Justin Doubleday covers cybersecurity, homeland security and the intelligence community for Federal News Network. Follow @jdoubledayWFED Sign up for breaking news. Related Stories Amelia Brust/Federal News Network These RFPs show acquisition reform is more than just policy REPORTER'S NOTEBOOK Read more Operationalizing the National Cyber Strategy COMMENTARY Read more Privileged access management: Imperative to defense modernization COMMENTARY Read more Related Topics ALL NEWS CYBERSECURITY EXCHANGES FEDERAL INSIGHTS HCLSOFTWARE IT MODERNIZATION POST QUANTUM CRYPTOGRAPHY PQC QUANTUM RISK & COMPLIANCE EXCHANGE STEPHEN HUNT TECHNOLOGY Around the Web Protein Isn't Enough - Here's What Really Builds Muscle After 60 ApexLabs Dementia and Memory Loss Have Been Linked to a Common Habit. Do You Do It? Health Headlines Managing Sleep Apnea: Getting Good Sleep GoodRx Neurologists Alarmed: This Grocery Store Staple is Wiping out Your Memory Weekly Mind Journal My Dog Used to Destroy Every Toy - Until This Linen Companion Amestory Sciatica is Not From a Slipped Disc. Meet The Real Enemy of Sciatica (Stop This) SmoothSpine If You Have More Than $1,000 In Your Checking Account, Make These 6 Moves The Penny Hoarder Cardiologists: These 2 Veggies Will Kill Your Belly Fat Quickly (Try It) Health Trending What Does a CPAP Machine Do? GoodRx UPCOMING EVENTS From backlogs to breakthroughs: Transforming e-records, FOIA, and e-discovery in government Mission-ready AI: Where data strategy meets real-world impact Federal Retirement Tax Planning and TSP Maximization Securing the space domain: Cyber resilience in a contested environment Federal Executive Forum Zero Trust Strategies in Government Progress and Best Practices 2026 More TOP STORIES Air Force could save millions by reducing PCS moves, but culture could complicate reform DEFENSE NEWS These RFPs show acquisition reform is more than just policy REPORTER'S NOTEBOOK Amid staffing cuts, IRS sees overtime hours spike and digitization efforts ‘fall short’ WORKFORCE Trump administration’s RIF overhauls ‘troubling’ to former MSPB officials WORKFORCE RIGHTS/GOVERNANCE Senate lawmakers renew military right to repair push CONGRESS HHS sends RIF notices to dozens of staff it missed during office-wide layoffs last year WORKFORCE