China and Russia are stealing encrypted U.S. secrets now in the expectation that future quantum computers will let them read the data later, Anne Neuberger writes in Foreign Affairs.
The warning puts a practical timeline on one of the most discussed risks in quantum technology. A large enough quantum computer could break some of the encryption systems that protect medical records, bank transactions, government communications and military secrets. Such a machine does not exist yet. But Neuberger writes that U.S. intelligence reports show adversaries are already collecting encrypted information today and saving it for the moment when decryption becomes possible.
The strategy is known in cybersecurity circles as “harvest now, decrypt later.” It rests on a simple calculation. Some information loses value quickly. A troop location from today may have little meaning years from now. Other secrets retain value for decades. Nuclear design data, intelligence sources, military plans, sensitive diplomatic cables, industrial secrets and long-term authentication credentials could remain damaging if an adversary decrypts them years after they were stolen.
Neuberger, a former senior White House cyber and emerging technology official, writes that Washington and its allies must treat quantum computing as an approaching national security problem rather than a distant research question. She says the United States needs to protect its quantum supply chain, defend private-sector intellectual property and move faster to adopt new forms of encryption that can withstand attacks from quantum computers.
Encryption Vulnerability
The central risk comes from the way today’s common encryption works. Much of the internet depends on mathematical problems that are easy to use in one direction but very hard to reverse with conventional computers. One example is RSA encryption, which relies on the difficulty of factoring very large numbers. A classical supercomputer would need an immense amount of time to break a 2048-bit RSA key by brute force. Neuberger writes that a quantum computer could, in theory, decrypt that same key in less than eight hours.
That does not mean hackers can do this today because current quantum computers remain too small, noisy and error-prone to break the encryption that protects most real-world systems. However Neuberger writes that recent progress has narrowed the margin for delay. She says a quantum computer capable of breaking at least some widely used encryption could arrive within the next few years.
Beyond the code that protects websites and messages, governments and companies also use encryption to protect stored data, software updates, cloud services, identity systems and machine-to-machine communications. If a hostile intelligence service records encrypted traffic now, it can wait for future tools to unlock the contents.
The question now is not only when a quantum computer will arrive, but also whether the data being stolen today will still matter when that machine exists.
The threat is especially serious for secrets with long shelf lives. Nuclear weapons data, intelligence relationships, military technology, classified research and high-value corporate intellectual property can remain sensitive for many years. If China or Russia already has encrypted copies of such material, new encryption deployed later will not protect the information that was already taken.
China and Russia are the Main Concerns
Neuberger writes that China has made quantum technology a national priority and has invested heavily in quantum communications, quantum computing and quantum sensing. Russia has less public information available about its quantum programs, but Neuberger writes that the country has strong capabilities in physics, mathematics and cryptography. Since Russia’s full-scale invasion of Ukraine in 2022, Moscow has also deepened its cooperation with Beijing.
China has placed quantum technology inside its broader competition with the United States. Neuberger writes that Beijing has identified quantum as a top priority in its 2026 to 2030 five-year plan and has organized much of its research through state-directed hubs, including Hefei National Laboratory. The United States still holds a technical edge in quantum hardware, she writes, but much of that progress comes from private companies such as IBM, Google and startups.
The different systems create different strengths — and weaknesses. The U.S. model benefits from private capital, entrepreneurial companies and deep university research. China’s model can direct state resources toward strategic goals and connect research more closely to national priorities. Neuberger writes that the competition has begun to move beyond pure science into supply chains, military planning and technology blocs.
The race is not limited to computing, Neuberger adds that quantum sensors could also have major military value. These devices can measure time, gravity and magnetic fields with extreme sensitivity. In future systems, they could help militaries navigate when GPS is jammed or unavailable. They could also help detect stealth vehicles or submarines.
The U.S. military and its allies rely heavily on GPS for navigation, drones and precision-guided weapons. China has developed its own BeiDou-3 satellite navigation system. Neuberger writes that this gives Beijing more freedom to jam GPS in contested areas, such as the South China Sea, while keeping Chinese forces operational. Quantum sensors could give U.S. forces a local source of positioning and timing that does not depend on satellites.
Quantum communications also play a role in the geopolitical contest. Neuberger writes that China has focused early investments on secure quantum communications networks. In late 2023, China and Russia demonstrated what they described as a secure quantum link between Chinese satellites and ground stations in China and Russia. The link spanned about 2,400 miles. In early 2025, China conducted a similar demonstration with South Africa over more than 8,000 miles.
Neuberger writes that U.S. and European scientists question the value of such systems because they still need traditional encryption to authenticate the ends of a connection. That creates points of weakness. Still, she reports that the demonstrations suggest Beijing may be trying to build broader quantum cooperation with BRICS countries, possibly including computing and sensing.
Response Has Begun
The United States has already started to respond on encryption. In 2016, the National Institute of Standards and Technology began a global process to develop algorithms designed to resist attacks from quantum computers. In August 2024, NIST standardized an initial set of these algorithms. Large internet infrastructure companies have begun using them in some systems.
Neuberger writes that every major internet company, including Google and Facebook, uses quantum-resistant cryptography to some degree. But the transition remains incomplete. The new standards have not yet spread across all internet protocols. Some of the systems that certify websites as safe still need upgrades. The U.S. government has set a goal for all federal agencies to use quantum-resistant cryptography by 2035, but Neuberger writes that this deadline may be too slow if quantum computers mature sooner.
She also points to a recent Google paper that suggests a quantum attack on a type of cryptography that protects much of the internet may require fewer resources than earlier estimates suggested. Google has accelerated its own quantum-safe upgrade timeline to 2029 and has urged others to do the same.
The policy challenge is large because encryption is buried deep inside modern life:
- Banks use it to move money.
- Hospitals use it to protect health records.
- Governments use it to guard classified communications.
- Logistics companies use it to manage global trade.
- Software companies use it to verify code and updates.
- Cloud providers use it to protect data moving between servers and customers.
Recognizing that slow or uneven transition could create weak points, Neuberger writes that the United States must lead a global effort to upgrade internet protocols to quantum-resistant encryption. A single country with weaker standards could create risk for trade and communications that cross borders. She says NIST should work with the European Union Agency for Cybersecurity and equivalent bodies in Asia to build interoperable algorithms and provide technical help to developing countries.
Interoperability is crucial because systems in different countries and companies can still talk to one another securely. Without that coordination, quantum-safe upgrades could fracture the internet into incompatible systems. That would hurt commerce, finance, logistics and communications.
Neuberger writes that the United States and China still have reason to cooperate on basic standards through groups such as the International Organization for Standardization and the Internet Engineering Task Force. Both countries want to avoid a fragmented digital world that disrupts trade. Chinese cryptographers took part in the U.S. algorithm competition, and U.S. and European researchers took part in China’s open competition.
But Neuberger writes that cooperation is unlikely to extend to quantum hardware. Quantum computers, sensors and communications systems have clear military uses. Great powers will try to dominate those areas.
Securing the Stack
She says the United States and its allies should secure what she calls the quantum stack. That means the full set of materials, hardware, software, intellectual property and specialized equipment needed to build quantum systems. The list includes specialized electronics, refrigerators, helium and silicon isotopes. Some quantum computers need extreme cooling. Others depend on precise materials and manufacturing processes. Control over these inputs could matter as much as control over finished machines.
Neuberger writes that export controls should protect critical parts of the quantum supply chain. She also says U.S. and allied intelligence agencies should help private quantum companies defend themselves from industrial espionage. That could include sharing threat information, giving cybersecurity advice and requiring strong defenses for firms working on sensitive technology.
The private sector sits at the center of the issue because many leading quantum companies are not government labs. They are startups, cloud providers, chip companies and research spinouts. Their intellectual property can become a national asset. It can also become a target.
The immediate work will require governments and companies to inventory the data that may already have been exposed through vulnerable channels, Neuberger writes. They need to decide which information would cause the most harm if an adversary decrypted it in several years. They also need contingency plans for disclosure.
Credentials are a special concern. If attackers decrypt old connections that contain passwords, tokens or authentication keys, they may be able to use them to enter systems even after those systems upgrade to quantum-resistant encryption. Neuberger writes that once organizations install stronger encryption, they should also change old passwords and authentication keys.
She also says governments and major digital infrastructure companies must plan for the possibility that a capable quantum computer arrives before all internet protocols have been upgraded. In that case, leaders may need emergency measures. They could rush quantum-resistant encryption into key sectors such as banking and communications. They could also cut off connections to systems that have not upgraded.
While these steps are disruptive, the alternative could be worse if attackers can suddenly read traffic that was assumed to be secure.
The article frames quantum security as a race with two tracks. One track is the race to build powerful quantum technologies. The other is the race to protect today’s secrets before those technologies arrive. The second race may be more urgent because adversaries can act now.
Neuberger writes that Washington and its allies should prepare for a world in which Beijing or Moscow develops a capable quantum computer first. That does not mean such an outcome is certain. It means national security planning must account for it.
Neuberger writes that quantum technology will change national security in ways that echo earlier technological turning points, including nuclear weapons, microelectronics, the internet, GPS and artificial intelligence. The difference is that the first damage from quantum computing may not come from a dramatic attack. It may come from old files quietly becoming readable.
For the United States and its allies, the warning is that secrecy has a deadline. The secrets being stolen today may become the intelligence breakthroughs of the next decade.
