MOODSΓ—Never Local
Quantum Security Audit β€” April 2026

US GovernmentπŸ‡ΊπŸ‡Έ
Quantum Security
Dashboard

A comprehensive audit of federal data breach vulnerabilities, quantum threat exposure, and Post-Quantum Cryptography migration readiness across 12 key federal departments and agencies.

Prepared by Gianluca Di Bella|moods.buildΓ—neverlocal.com
Live
0K+
Federal Cyber Incidents (FY2023)
Reported by OMB FISMA
Live
0B
Malicious Connections Blocked
By CISA on federal networks (2025)
Live
$0B
Projected Cost by 2035
If PQC migration is not completed
Live
$0M
Avg. Breach Cost (US)
Per organization in 2025 (IBM)
Section 02

The Impending Quantum Threat

The NSA has published CNSA 2.0 algorithm requirements and urged all National Security Systems to begin migrating to quantum-resistant cryptography immediately. The White House NSM-10 and OMB M-23-02 mandate federal agencies to inventory and transition their cryptographic systems.

CRITICAL

Harvest Now, Decrypt Later

Nation-state adversaries are actively intercepting and storing encrypted US federal data today, planning to decrypt it once cryptographically relevant quantum computers become operational. NSA has flagged this as a priority concern.

HIGH

Real-Time System Compromise

Once operational, quantum computers will break the RSA and ECC encryption protecting federal communications, digital signatures, VPNs, and secure access across all government systems and National Security Systems (NSS).

HIGH

Legacy System Exposure

GAO's 2025 High Risk List identifies federal cybersecurity as a top concern. Over 300 legacy IT systems across agencies have unknown quantum vulnerability, with many lacking funded remediation plans.

Fig. 1

Quantum Threat Timeline vs. Federal PQC Readiness (2020–2035)

Quantum Threat Timeline vs. Federal PQC Readiness (2020–2035)

This chart illustrates the growing gap between escalating quantum computing capability and current federal PQC readiness. Key milestones include NSM-10 (2022), NIST PQC Standards (2024), CNSA 2.0 target (2027), and full NSS migration (2030). The 'Vulnerability Gap' represents the period during which critical federal data and systems remain exposed.

Section 03

US Federal Data Breaches

Analysis of OMB FISMA reports, CISA incident data, and GAO cybersecurity assessments reveals a persistent and escalating challenge. Over 32,000 cybersecurity incidents were reported by federal agencies in FY2023 alone β€” a 10% increase year-over-year. Key agencies such as DOD, HHS, OPM, and Treasury remain high-value targets for state-sponsored adversaries.

Key Finding

The 2015 OPM breach exposed 22 million records including security clearance data. The 2024 Treasury breach via BeyondTrust involved Chinese state actors. The SolarWinds supply-chain attack compromised 18,000+ organizations including multiple federal agencies. These incidents demonstrate that adversaries are already targeting the exact systems that quantum computing will render completely indefensible β€” every breach today represents data that can be decrypted in the quantum future.

Fig. 2

Federal Agency Data Breach Impact Analysis (FY2020–2025)

Federal Agency Data Breach Impact Analysis (FY2020–2025)

Bubble chart visualizing breach impact across 12 federal departments. Position indicates incident count and severity; bubble size represents volume of records exposed (millions). Data from OMB FISMA reports and CISA incident tracking.

Fig. 3

Breach Type Distribution by Federal Department

Breach Type Distribution by Federal Department

Heatmap showing the distribution of breach types across federal departments, highlighting the prevalence of state-sponsored APT attacks, phishing, credential theft, and supply chain compromises β€” all vectors amplified by quantum computing.

Section 04

Departmental Risk Assessment

Qualitative risk assessment across 12 key federal departments and agencies, evaluated against six critical quantum risk dimensions including data sensitivity, legacy exposure, HNDL risk, and alignment with CNSA 2.0 requirements.

Table

Department Quantum Risk Overview

DepartmentRisk ScoreBreachesCost ExposurePQC Readiness
01
DOD
9.545$4500M
15%
02
HHS
8.868$1800M
10%
03
DHS
8.252$1200M
20%
04
Treasury
9.038$1500M
14%
05
DOE
8.735$1100M
15%
06
DOJ
7.842$700M
15%
07
State
8.330$650M
18%
08
OPM
8.515$500M
10%
09
VA
7.555$900M
12%
10
DOC
6.222$250M
15%
11
NASA
7.818$600M
22%
12
Education
5.828$200M
10%
Fig. 4

Quantum Vulnerability Risk Assessment by Federal Department

Quantum Vulnerability Risk Assessment by Federal Department

Comprehensive risk assessment of US federal departments against key quantum vulnerability indicators. Scores are on a 1-10 scale, with higher scores indicating greater risk. PQC Readiness is inverted (lower = less ready). Data sourced from GAO, CISA, and OMB FISMA reports.

Section 05

The Staggering Cost of Inaction

The average cost of a US data breach hit an all-time high of $10.22 million in 2025 (IBM). Projections based on current cybercrime growth trajectories and the escalating quantum threat indicate a potential cumulative cost to the US federal government of over $304 billion by 2035 if PQC migration is not completed.

Data Breach Costs
IP & Trade Secret Theft
Regulatory Penalties
Infrastructure Damage
National Security Impact
Remediation & Recovery
Fig. 5

Projected Cost of Federal Quantum Insecurity (2025–2035)

Projected Cost of Federal Quantum Insecurity (2025–2035)

Stacked area chart projecting the cumulative financial impact of failing to achieve quantum safety across US federal agencies, broken down by cost category. Based on IBM breach cost data ($10.22M US average), GAO risk assessments, and Cybersecurity Ventures growth models.

Fig. 6

PQC Investment vs. Potential Loss Avoidance by Department

PQC Investment vs. Potential Loss Avoidance by Department

Compares estimated PQC migration investment against potential financial losses avoided over 10 years per federal department. Bubble size represents ROI multiplier, demonstrating the clear financial benefit of proactive migration aligned with CNSA 2.0 timelines.

Section 06

moods.build Γ— Never Local PQC Migration Roadmap

A four-phase migration roadmap aligned with NIST standards, NSA CNSA 2.0 requirements, and OMB M-23-02 directives β€” designed to ensure a smooth, secure, and cost-effective transition to Post-Quantum Cryptography across all federal agencies.

Phase 1Active

Discovery & Assessment

2025 – 2027

Progress20%
  • Complete cryptographic asset inventory across all agencies
  • Identify PKC/TLS/IPSec dependencies per department
  • Assess HNDL risk exposure & data classification
  • Build migration plan & budget framework (OMB M-23-02)
Phase 2

Priority Migration

2027 – 2030

  • Deploy NIST PQC standards (FIPS 203/204/205)
  • Migrate critical systems (DOD, NSA, Treasury priority)
  • Implement hybrid cryptography (classical + PQC)
  • VPN/TLS protocol migration to ML-KEM & ML-DSA
Phase 3

Full Deployment

2030 – 2033

  • Complete migration of all federal agencies
  • Decommission legacy crypto infrastructure
  • IoT & ICS device firmware updates to PQC
  • FedRAMP alignment & compliance verification
Phase 4

Continuous Assurance

2033 – 2035+

  • Continuous cryptographic agility framework
  • Real-time quantum threat monitoring & intelligence
  • Automated PQC certificate rotation & management
  • Ongoing governance & reporting to CISA/OMB
Fig. 7

PQC Migration Strategic Roadmap (2025–2035+)

PQC Migration Strategic Roadmap (2025–2035+)

The proposed strategic roadmap for the US federal government's transition to Post-Quantum Cryptography, aligned with CNSA 2.0 and NIST guidance. Outlines key phases, activities, and milestones from 2025 to 2035 and beyond.