# Ready-to-quote paragraphs Five pre-cleared quote cards. Each is on the record. Attribution: *Shujaatali Badami, IEEE Senior Member*. If a piece needs more or longer commentary, email shujaatali@ieee.org with subject `[PRESS]` plus the outlet name. Same-day replies 9am to 5pm Central. --- ## 1. Post-quantum cryptography migration urgency > "The harvest-now-decrypt-later attacker does not care that a cryptographically relevant quantum computer is five or ten years out. The attacker cares that the data they capture today will be decryptable then. For TLS-protected traffic that has long-term value (medical records, classified government communications, ICS telemetry), the migration to ML-KEM and ML-DSA needs to start now, not in 2030." Use cases: any PQC, NIST FIPS 203/204, harvest-now-decrypt-later piece. --- ## 2. ICS PQC migration timeline > "Migrating an industrial control system to post-quantum cryptography is not the same problem as migrating a website. ICS hardware has a 20 to 30 year service life, the cryptographic primitives are baked into HSMs and firmware that cannot be hot-swapped, and the operational tolerance for downtime is measured in single digits of minutes per year. The realistic ICS PQC transition is a decade-long capital programme, not a software update." Use cases: ICS, SCADA, IEC 62443, water/power utility security, Automation.com style. --- ## 3. Quantum advantage claims > "Every big quantum-advantage claim eventually deflates. The pattern is: a vendor publishes a benchmark, the classical-algorithms community sees it, and within a few months a smarter classical algorithm closes the gap. This is healthy. It is how the field calibrates. The implication is that we should treat any single benchmark as a snapshot, not a milestone." Use cases: IBM, Google, IonQ, quantum supremacy/advantage news cycle. --- ## 4. IoT and constrained-device PQC > "Your smart bulb might outlive RSA. The cryptography on a constrained IoT device shipped today has to last 10 to 15 years in the field. ML-KEM-512 fits, ML-DSA fits with care, but the migration requires touching every device class, every protocol stack, every certification path. The work to do this on EDHOC and OSCORE inside the IETF LAKE working group is the early-warning system for whether the IoT industry will arrive on time." Use cases: IoT, smart home, EDHOC, IETF LAKE, constrained devices. --- ## 5. Cognitive radio and 6G > "6G is not a faster 5G. The radio learns. The radio also senses. Both shifts move the security work from "secure the protocol stack" to "secure the controller's policy and its training data." The new attack surface is adversarial reinforcement learning, not packet replay. The cryptographic substrate has to be post-quantum from day one, since the spec is going to ratification in the late 2020s." Use cases: 6G, cognitive radio, ISAC, terahertz, telecom security. --- ## Boilerplate attribution lines - *Shujaatali Badami, IEEE Senior Member, ISA Senior Member.* - *Shujaatali Badami, Quantum-IoT research engineer based in Chicago.* - *Shujaatali Badami, ICS-PQC researcher, IEEE Access author.* Last reviewed: 2026-04-27.