Original Broadcast Date: 1/18/26

Presented by Commvault & Carahsoft

Ed Mays, Deputy Assistant Commissioner of Infrastructure and Support Services for the Office of Information and Technology at U.S. Customs and Border Protection, uses his interview on Fed Gov Today to explain why preparing for quantum computing is an urgent national security priority. His message is clear: even though quantum threats are still emerging, waiting to act would put critical government systems at serious risk.

Mays explains that quantum computing matters because the technology landscape is changing rapidly, often faster than organizations expect. He stresses that CBP has a responsibility to be ready before the nation is forced to react. Adversaries, he notes, operate with fewer constraints and are making significant progress, which means federal agencies must think ahead to defend the country’s borders, economy, and critical infrastructure.

At the core of the issue is cryptography. Mays points out that encryption is embedded in nearly every modern technology, from mobile devices and satellites to everyday appliances. Much of today’s encryption relies on algorithms that quantum computers will eventually be able to break far more easily than traditional computers. When that happens, current protections could fail quickly, exposing sensitive systems and data.

For CBP, the stakes are especially high. Mays highlights the Automated Commercial Environment, or ACE, which tracks trade entering the United States through ports, airports, rail, and other channels. He describes ACE as the lifeblood of the U.S. economy. Protecting systems like this for the future is essential, and post-quantum cryptography is a key part of that effort. Without it, adversaries could disrupt trade, impact border operations, and harm the livelihoods of Americans.

Mays describes CBP’s journey toward post-quantum cryptography as proactive and deliberate. About two years ago, the agency worked with the National Institute of Standards and Technology and others to conduct one of the first post-quantum cryptography proofs of concept in the federal government. He says the effort was highly successful, but also eye-opening. Even with deep technical expertise, the team learned far more than expected about processing demands, system interactions, and the complexity of implementing quantum-resistant solutions.

One of the biggest lessons, Mays explains, is that cryptography is everywhere. It is not limited to a single application or component, but woven throughout hardware, operating systems, and software. Because of that, transitioning to post-quantum cryptography is not as simple as swapping out algorithms. Each change can affect performance, processing time, and system behavior in ways that must be carefully tested and understood.

Building on the proof of concept, CBP now plans to take the next step by protecting a high-value application. Mays explains that the agency intends to “wrap” this system with post-quantum cryptography protections, learning from the experience before expanding the approach across the broader technology stack. This phased strategy allows CBP to manage risk while gaining practical insights into what large-scale adoption will require.

Uncertainty remains a major challenge. Mays acknowledges that no one knows exactly when quantum computers will be powerful enough to pose a widespread threat or what form those threats will take. However, he argues that the absence of a clear timeline does not justify inaction. The key strategic question, he says, is understanding risk and taking steps now to reduce it. If agencies wait until quantum attacks are imminent, it may be too late to respond effectively.

Mays notes that the cyber threat environment has already changed dramatically. CBP now faces tens of millions of attempted attacks on its networks each day, a stark contrast to a decade ago. This reality shapes how he thinks about quantum risk. As computing power grows and attack methods evolve, agencies must assume that new capabilities will eventually be used against them.

His own perspective on risk shifts after visiting a quantum computing vendor. Seeing the technology firsthand, Mays realizes how unprepared organizations could be if they fail to act early. At that time, he says, there were few protections in place. Since then, guidance from leadership and directives to inventory systems and encryption have helped agencies better understand their exposure. That preparation work, while more complex than expected, provides a clearer path forward.

Today, CBP focuses on knowing what it has, where cryptography is used, and how systems might be affected by future changes. Mays emphasizes that preparation is about slowing adversaries down and buying time, even if quantum threats cannot be eliminated entirely. By acting now, CBP improves its chances of protecting critical missions and adapting as technology evolves.

Throughout the interview, Mays reinforces a sense of urgency balanced with realism. Quantum computing may still be developing, but the responsibility to prepare already exists. For CBP, early action, continuous learning, and careful risk management are essential steps toward keeping the nation secure in a rapidly changing technological future.