The world of connected devices is vast, diverse, and vulnerable. From consumer IoT products in homes to the industrial sensors that underpin critical infrastructure, billions of devices are now permanently connected to networks.
Yet, in the rush to innovate and ship at speed, cybersecurity has often been an afterthought. For IoT and IIoT vendors, the arrival of post-quantum cryptography (PQC) standards represents one of the most significant – and complex – security transitions yet.
IoT and IIoT’s vulnerabilities
Secure, robust encryption has rarely been a core design principle for IoT. Low-cost development cycles, strict hardware constraints, and pressure to get products to market quickly often take precedence over long-term security. As a result, IoT devices today present a wide attack surface: they are remote, always-on, and built with lifespans stretching to a decade or more.
In industrial settings, the stakes are even higher. Networks of monitoring devices, sensors, and control systems keep factories, utilities, and logistics chains running. A single compromised endpoint can provide attackers with a backdoor into highly sensitive systems. Adding to this risk is the supply chain: many IoT products inherit vulnerabilities from upstream vendors or component providers.
Updating cryptographic protections for these devices is especially difficult. Unlike modern smartphones or laptops, many IoT devices cannot receive over-the-air security patches. Once deployed, they remain effectively static, locked into the cryptographic scheme that was chosen at design.
The post-quantum deadline
This challenge has now been amplified by the ratification of NIST’s official post-quantum cryptography standards. Quantum computers, when they reach sufficient scale, will render widely used RSA and ECC algorithms obsolete. Anticipating this, NIST has standardised three new cryptographic algorithms designed to withstand quantum attacks:
- FIPS 203 ML-KEM (Kyber) – module-lattice-based key encapsulation
- FIPS 204 ML-DSA (Dilithium) – module-lattice-based digital signature
- FIPS 205 SLH-DSA (SPHINCS+) – stateless hash-based digital signature
The timeline is clear: RSA and ECC will be deprecated by 2030 and fully phased out by 2035.
Governments and standards bodies worldwide are aligning on the deadline, with some setting even more aggressive targets for critical infrastructure and government contractors.
For IoT vendors, the implications are profound. PQC keys are significantly larger than their RSA/ECC predecessors, straining memory and bandwidth-constrained devices. Protocols like TLS, essential for device-to-Cloud communications, must also be PQC-ready. Without careful planning, security upgrades could compromise device performance or even prove impossible for legacy hardware.
Implementation matters
The standards themselves are only half the story. In practice, it is the implementation of PQC that will determine whether IoT vendors can meet security and performance needs. Embedded systems demand cryptographic libraries specifically configured for their unique constraints: low memory, limited bandwidth, and diverse processor architectures such as ARM, RISC-V, and x86.
A successful PQC solution for IoT must be:
• Optimised for size, performance, and bandwidth
• Configurable, allowing manufacturers to minimise binary size by selecting only the functions required
• Flexible, supporting a full suite of algorithms beyond NIST’s standards, such as LMS/XMSS, for niche use cases
• Certifiable, built with FIPS 140-3 and other global requirements in mind
This is a key focus area for PQShield’s work in embedded post-quantum security.
By developing cryptographic libraries that are purpose-built for constrained environments, PQShield has shown how NIST’s PQC standards can be applied without breaking performance budgets.
These implementations are designed to run efficiently across a wide range of micro controllers, and remain highly configurable – meaning vendors can scale their cryptographic footprint either up or down, depending on the device.
Securing the implementation
For vendors, performance may be the priority but security cannot be an afterthought. Poor implementations can introduce new vulnerabilities even when using quantum-safe algorithms.
The risks are especially acute in IoT. Side-channel attacks, such as timing analysis or power monitoring, are more feasible on small, embedded devices. A secure PQC implementation must therefore include countermeasures to defend against these vectors.
PQShield’s embedded cryptographic libraries, for example, include built-in resistance to side-channel attacks and are validated with extensive fuzz testing to reduce bugs. They are engineered not only to deliver quantum-proof security but also to address the wider IoT risk profile, ensuring that secure boot protocols, TLS connections, and device-to-Cloud authentication all meet PQC requirements.
Preparing for what’s ahead
The quantum threat is no longer theoretical. With NIST’s first PQC standards finalised, the countdown to PQC readiness has begun. For industries built on IoT and IIoT devices, the challenge is particularly acute. The hardware constraints, fragmented supply chains, and long deployment lifespans of embedded systems make them the hardest class of devices to upgrade, and the ones most at risk.
The task is daunting, but the roadmap is clear. By investing now in optimised, secure, and configurable PQC implementations, IoT vendors can protect their products, their customers, and their industries. The alternative – delaying until further regulations force a rushed, last-minute upgrade – risks both security breaches and operational disruption.
The quantum era will not wait. For IoT, the time to act is now.
By Ben Packman, Chief Strategy Officer, PQShield
This article originally appeared in the embedded world North America supplement of Electronic Specifier Design – see ES’s Magazine Archives for more featured publications.
