Episode Details
Back to Episodes
Quantum Safe Queensland: A Practical Roadmap with Prof. Craig Costello
Episode 66
Published 2 weeks ago
Description
Q-Day is coming — and the encryption protecting your most sensitive data may already be on borrowed time. In this episode of Cyber Voices, host David Savva-Willett sits down at AISA's BrisSec 2026 with Professor Craig Costello, cryptographer at the Queensland University of Technology and one of the global researchers shaping post-quantum cryptography (PQC) standards. Craig demystifies what post-quantum cryptography actually is, why "harvest now, decrypt later" attacks mean the threat is already here, and what recent breakthroughs from Google AI, UC Berkeley and Caltech mean for the timeline. He unpacks Google's bold 2029 Q-Day prediction, explains why PQC runs on the classical hardware you already own, and walks through a pragmatic transition roadmap aligned to the Australian Signals Directorate's guidance — from naming a transition lead and running an inventory scan, to prioritising key exchange over digital signatures, and managing vendor migrations. Whether you're a CISO, security architect, or just trying to understand what quantum computing really means for your organisation, this is a clear-eyed, panic-free conversation about preparing for the biggest cryptographic shift in 50 years.
Topics covered:
• What post-quantum cryptography is (and isn't)
• Harvest now, decrypt later attacks explained
• Why Google says Q-Day arrives by 2029
• Recent algorithmic breakthroughs lowering qubit requirements
• A practical PQC transition plan: 90 days and beyond
• ASD guidance and the road to 2030
• Crypto agility as a long-term security discipline
Cyber Voices is the official podcast of the Australian Information Security Association (AISA).
Planning for Post-Quantum Cryptography (the page Craig referenced directly) The ASD's practical framework covering inventory scans, transition timelines, and milestones — including the recommended deadline of end of 2030 to cease use of traditional asymmetric cryptography. 🔗 https://www.cyber.gov.au/business-government/secure-design/planning-for-post-quantum-cryptography
Information Security Manual (ISM) — landing page The full ISM, intended for CISOs, CIOs, and cyber security professionals. 🔗 https://www.cyber.gov.au/business-government/asds-cyber-security-frameworks/ism
ISM — Guidelines for Cryptography The chapter that contains the specific PQC controls Craig mentioned, including ISM-2073 (PQC transition plan requirement) and the list of ASD-approved post-quantum algorithms. 🔗 https://www.cyber.gov.au/business-government/asds-cyber-security-frameworks/ism/cyber-security-guidelines/guidelines-for-cryptography
Professor Craig Costello — QUT profile For listeners who want to take Craig up on his offer to engage directly with industry partners. 🔗 https://www.qut.edu.au/about/our-people/academic-profiles/craig.costello
Topics covered:
• What post-quantum cryptography is (and isn't)
• Harvest now, decrypt later attacks explained
• Why Google says Q-Day arrives by 2029
• Recent algorithmic breakthroughs lowering qubit requirements
• A practical PQC transition plan: 90 days and beyond
• ASD guidance and the road to 2030
• Crypto agility as a long-term security discipline
Cyber Voices is the official podcast of the Australian Information Security Association (AISA).
Planning for Post-Quantum Cryptography (the page Craig referenced directly) The ASD's practical framework covering inventory scans, transition timelines, and milestones — including the recommended deadline of end of 2030 to cease use of traditional asymmetric cryptography. 🔗 https://www.cyber.gov.au/business-government/secure-design/planning-for-post-quantum-cryptography
Information Security Manual (ISM) — landing page The full ISM, intended for CISOs, CIOs, and cyber security professionals. 🔗 https://www.cyber.gov.au/business-government/asds-cyber-security-frameworks/ism
ISM — Guidelines for Cryptography The chapter that contains the specific PQC controls Craig mentioned, including ISM-2073 (PQC transition plan requirement) and the list of ASD-approved post-quantum algorithms. 🔗 https://www.cyber.gov.au/business-government/asds-cyber-security-frameworks/ism/cyber-security-guidelines/guidelines-for-cryptography
Professor Craig Costello — QUT profile For listeners who want to take Craig up on his offer to engage directly with industry partners. 🔗 https://www.qut.edu.au/about/our-people/academic-profiles/craig.costello