Quantum readinessCisco LiveCisco Network SecurityCisco SecurityBlogCiscoSecurity
Blog7 minute read

Cisco Got Serious About PQC at Cisco Live 2026

Cisco got serious about Post-Quantum Cryptography at Cisco Live US. With Cisco IQ, the 8000 Series Secure Router, and a PQC-safe full stack architecture, Cisco is making sure their product lineup is secure today for tomorrow's threats.

In this blog

 The threat that's already happening 

While Q-day may still be a few years down the road, the risk posed by Cryptographically Relevant Quantum Computers (CRQC) is here now. That threat is the "harvest now, decrypt later" (HNDL) attack model, where adversaries capture encrypted traffic today and save it for future decryption once a CRQC is on the scene. Long-lived encrypted data like financial records, intellectual property, PHI and government communications are especially at risk - they will still be valuable in 5 or 10 years when they can be decrypted. 

Thankfully, organizations are taking steps to protect against HNDL attacks. CISA's Post-Quantum Cryptography Initiative strongly urged that critical infrastructure operators begin inventorying their systems for post-quantum cryptography (PQC) vulnerabilities now (perform Crypto Asset Inventory), while the NSA's CNSA 2.0 standard requires that new acquisitions by National Security Systems support PQC by 2027. 

Cisco understands this risk, so they arrived in Las Vegas for Cisco Live 2026 with a coherent, multi-layer PQC strategy spanning campus, WAN, security and Public Key Infrastructure. 

 Quick review 

Important terms:

  • Quantum-resistant: Refers to specific algorithms that resist quantum attacks. Applicable to encryption, authentication and secure boot.
  • Quantum-safe: Holistic hardware + software assurance against quantum threats.
  • Post-Quantum Cryptography: Algorithms designed to be quantum safe. The three to understand are ML-KEM (FIPS 203), ML-DSA (FIPS 204) and SLH-DSA (FIPS 205). There are 9 more proposed and two more waiting for ratification.
  • Shor's Algorithm: Can efficiently factor very large integers and solve discrete logarithm problems, meaning it can break RSA, Diffie-Hellman and Elliptic Curve Cryptography when run on a CRQC. In summary, using factored math to hide secrets is no longer secure against Shor's algorithm, but needs a high-fidelity/qubit QPU.
  • Grover's Algorithm: Algorithm for unstructured search. It halves symmetric key security. For instance, AES-256 behaves like AES-128. This algorithm is effective against any encryption algorithm.

 Cisco's full-stack PQC Architecture 

Introduced at Cisco Live Amsterdam 2026 and expanded in Las Vegas, Cisco's architectural approach to the PQC challenge is called full-stack post-quantum cryptography, meaning that quantum-safe algorithms are applied at every layer of the network stack, from when a device powers on to when a packet leaves the wire. 

 Pillar One: Secure Boot

A quantum-resistant transport layer is only as strong as the device running it. If an attacker forges the code-signing certificates to install a modified bootloader or OS, then any encryption above it is irrelevant. Today an attacker could download a signed IOS image and extract the public signing key. Right now, this isn't a big deal, but with a CRQC, the attacker could derive Cisco, or any other vendor's private key, and sign malicious images to make them appear completely legitimate. 

Cisco is addressing this threat with a hardware-rooted chain of trust built into the Trust Anchor module (TAm), embedded in dedicated hardware on C9000 Smart Switches and 8000 Series Secure Routers. During boot, the TAm verifies the microloader; the microloader verifies the BIOS, the BIOS verifies the IOS XE image. All verification is done with quantum-resistant signature algorithms (ML-DSA-87 and LMS). No packets traverse the device until the chain is verified, and the verification is resistant to quantum forgery. 

 Pillar Two: Transport Security 

After the device is booted with a verified IOS-XE image, the transport layer has the capability to apply quantum-resistant key exchange to every major protocol. 

  • SSH
  • MACsec
  • IPsec / IKEv2
  • TLS 1.3

ML-KEM-768/1024 is a lattice-based key encapsulation mechanism that could enhance Elliptic Curve (EC), Diffie-Hellman (key encrypt/exchange) and RSA – protecting its public key exchange (Composite Key). ML-KEM is also used to protect the symmetric keys for all NIST PQC algorithms.

ML-DSA will replace RSA, EC, and eventually AES for certificates, keys, and roots of trust. 

With these two pillars, every device in a network will have integrity verified at boot, every management session is protected by quantum-resistant key exchange, and every data-plane connection uses symmetric encryption established through a quantum-safe handshake. 

Cisco's roadmap (subject to change) for this implementation is as follows:

  • C9350 MACsec (AES-256): first half of 2026
  • C9610 MACsec (AES-256): second half of 2026
  • C9350 / C9610 IPsec with IKEv2 PQC key exchange: second half of 2026
  • ML-DSA image signing to enable verification of IOS-XE: second half of 2026
  • LMS signing and verification on bootloader: second half of 2026

At the time of writing, many of the above functionality is already available, while second half of 2026 functionality is expected to be implemented with the release of IOS-XE 26.1.2.

Cisco's effort in this area is significant for federal agencies, defense contractors, and regulated industries. The full stack PQC architecture is designed to meet CNSA 2.0 requirements 

 8000 Series Secure Router family 

In a breakout session hosted by Nikolai Pitaev, WAN teams were reminded that they must replace outdated hardware that cannot support PQC on the control plane. IKEv2 key exchange and authentication as well as a quantum safe data plane all rely on a secured control plane. 

To fulfill this requirement, Cisco introduced the G2 generation of the 8000 Series Secure Router, purpose built for quantum-safe WAN aggregation.

Cisco 8650 Series Secure Router 

  • 4x Quantum Flow Processor ASICs
  • Multi-100 GE PQC interfaces
  • Up to 226 Gbps IPsec throughput
  • Line-rate LAN and WAN MACsec

Cisco 8570 Series Secure Router

  • 1x QFP ASICs
  • Multi-40/10 GE PQC
  • Up to 63 Gbps IPsec
  • Line-rate LAN and WAN MACsec

Cisco 8550 Series Secure Router 

  • 1x QFP ASICs
  • multi-10 GE PQC
  • up to 48 Gbps IPsec

Cisco 8475 Series Secure Router 

  • Secure Networking Processor
  • multi-25/10 GE PQC
  • up to 45 Gbps IPsec
  • 10.9 Gbps NGFW throughput

Cisco 8455 Series Secure Router 

  • Secure Networking Processor
  • multi-25/10 GE PQC
  • up to 31 Gbps IPsec
  • 9.5 Gbps NGFW throughput

While not specifically highlighted in Pitaev's session, the C8100-G2, C8200-G2, C8300-G2, C8400-G2 and C8500-G2 are PQC safe (the C8100 series does not support secure boot). 

The Quantum Flow Processor found in the 8600 and 8500 Series is the hardware engine that enables line-rate PQC encryption without sacrificing WAN throughput. ML-KEM and ML-DSA generate a larger computational load, which is why software only implementation on older hardware cannot sustain production WAN traffic volumes at PQC key sizes. 

Obviously, not all organizations can just replace hardware at will, so the session also covered an interim option: Post Quantum Pre-Shared Keys (PPK). PPK injects a quantum-safe shared secret into the IKEv2 key derivation process, breaking the dependency on asymmetric key exchange without replacing the underlying algorithms. It is important to note, however, that this is a bridge measure for organizations preparing for a full ML-KEM deployment. 

 Quantum readiness assessments 

Determining which devices in your environment are quantum-ready and which need to be refreshed, updated or reconfigured may at first seem like a monumental task. Thankfully, next month, Cisco IQ will be able to conduct quantum readiness assessments to identify the assets in your environment most exposed to HNDL attacks. 

When the assessment is completed, you will receive a list of the infrastructure to replace in priority order, providing assurance that you are taking the correct steps. 

 What you should do now

  1. Conduct a cryptographic inventory to identify where RSA, Diffie-Hellman and ECC are in use across your WAN, campus and application layers. You cannot migrate what you do not know about
  2. Ensure that your hardware refresh decisions are quantum safe. If you are already replacing hardware because it is EOL and vulnerable to mythos-class AI models, the correct decision is to ensure it is quantum-safe.
  3. Deploy PPK as an interim measure.  PPK can be deployed on your existing infrastructure as a stopgap against HNDL until you get quantum-safe gear in place.

All infrastructure refresh initiatives now have a PQC dimension, doubly so for organizations with long-lasting data. If you are planning a WAN or campus infrastructure refresh and want to evaluate quantum-safe architectures against your specific environment, the WWT Advanced Technology Center is the right place to start. Do not hesitate to reach out to your WWT account team for an evaluation or quantum readiness briefing. 

Technologies