Space research has always depended on trust. Trust in instruments, trust in data, trust in infrastructure and trust between the organisations that design, operate and analyse complex systems.
Today, much of that trust is digital.
Research data moves between institutions. Ground systems communicate with distributed infrastructure. Partners exchange technical information, operational updates and sensitive project documentation. Identity systems, software updates, certificates and encrypted channels all play a role in keeping this environment secure.
That is why the transition to post-quantum security matters.
Quantum computing is not only a scientific milestone. It is also a long-term cybersecurity challenge. A sufficiently powerful quantum computer could undermine widely used public-key cryptographic systems that protect today’s digital communications. The exact timeline remains uncertain, but the direction of travel is clear enough for governments, standards bodies and security agencies to act.
In August 2024, the U.S. National Institute of Standards and Technology finalised its first three post-quantum cryptography standards and encouraged organisations to begin transitioning to the new standards as soon as possible. The UK National Cyber Security Centre has also described migration to post-quantum cryptography as a major technology change that will take years, with organisations expected to begin planning well before full migration deadlines. At European level, EU Member States, supported by the European Commission, have issued a coordinated implementation roadmap for the transition to post-quantum cryptography.
For space research, this is not an abstract issue.
Many systems in the space domain have long operational lifecycles. Sensitive research data may need to remain confidential for years. Collaboration often involves multiple organisations, jurisdictions and technical environments. Once deployed, infrastructure may be difficult, expensive or slow to replace.
This creates a simple but important question: are today’s secure communication systems ready for tomorrow’s cryptographic risks?
One of the most discussed concerns is “harvest now, decrypt later”. In this scenario, an attacker records encrypted data today, even if they cannot read it immediately, and stores it until future quantum capabilities make decryption possible. For information with short-term value, that risk may be limited. For research, defence-related work, critical infrastructure or strategic technology development, the confidentiality window can be much longer.
Post-quantum readiness therefore begins before quantum computers become a practical threat. It starts with understanding where cryptography is used, what data it protects, how long that protection must last and which systems will be difficult to update.
Communication is more than a channel
This is especially important for communication.
Secure communication is not just about encrypting a channel. It involves identity, authentication, key management, certificates, protocols, software integrity, monitoring and governance. If one part of the trust chain becomes weak, the security of the wider system can be affected.
In space research environments, this trust chain may span laboratories, control systems, cloud services, partner networks, suppliers and specialised infrastructure. The more connected these environments become, the more important it is to design communication security that can evolve.
Why crypto-agility is essential
That is where crypto-agility becomes essential.
A crypto-agile system is designed so that cryptographic algorithms, keys and protocols can be updated without rebuilding the entire architecture. This matters because the post-quantum transition will not be a single event. Standards will mature. Implementations will be tested. Vendors will update products. Organisations will need to migrate in phases while maintaining operational continuity.
Systems that are difficult to update will carry higher risk. Systems designed with adaptability in mind will be better positioned to respond.
The COSMOS-SECURE perspective
COSMOS-SECURE is focused on secure communication in space research with this long-term perspective. The project recognises that future-ready communication security must address both current cyber risks and emerging cryptographic challenges.
The objective is not simply to react to quantum risk. It is to support communication environments that remain trusted over time.
For organisations involved in space research, the first steps are practical. Build an inventory of cryptographic assets. Identify sensitive data and long-term confidentiality requirements. Understand which communication systems depend on vulnerable public-key mechanisms. Engage suppliers early. Prioritise systems with the highest exposure or longest lifecycle. And most importantly, treat post-quantum security as part of strategic resilience, not as a narrow technical upgrade.
The post-quantum transition will take time. That is precisely why preparation should begin early.
Space research depends on secure cooperation. As the digital foundations of that cooperation evolve, communication systems must be designed to withstand not only today’s threats, but also the cryptographic realities of the decades ahead.
For COSMOS-SECURE, this is the core principle: secure communication must be resilient, adaptable and ready for the future.