Drones are changing how war looks. Quantum is changing whether states will still trust the systems underneath modern war at all.
Drones dominate the footage.
AI dominates the commentary.
Quantum is moving somewhere deeper.
It is not the loudest military technology race right now. It is the quieter one. And that is exactly why it is dangerous.
Drones change how force is delivered. AI changes how fast militaries process information, target, sort, and decide. Quantum changes whether states can still trust encrypted communications, digital identity, precision timing, navigation, sensing, and parts of the optimisation layer that increasingly sit underneath military planning and national resilience.[1][2][3]
That is a different category of risk.
It is also why this piece does not need science fiction to work. There is no need to invent a secret quantum machine already running live war plans somewhere in the Middle East. The open record is already strong enough. Serious governments are treating quantum not as a gimmick, but as a long transition programme with defence implications across cryptography, sensing, logistics, and secure communications.[1][2][4][5][6]
That is the signal worth paying attention to.
Cause
The cause is straightforward.
Modern war runs on trust.
Trusted communications. Trusted keys. Trusted identity. Trusted navigation. Trusted timing. Trusted logistics. Trusted software. Trusted maintenance records. Trusted command systems.
Break enough of that trust and military power starts to degrade from the inside, even before a missile lands.
That is why the quantum race is not only about a future machine cracking codes in one dramatic moment. It is about whether states can preserve trust across the systems they already depend on. NIST finalised its first three quantum resistant cryptography standards in August 2024 and explicitly urged organisations to start transitioning as soon as possible.[1] The UK National Cyber Security Centre then set out a migration roadmap with three clear milestones: define migration goals, complete full discovery, and build an initial plan by 2028; carry out early high priority migration by 2031; and complete migration of systems, services, and products by 2035.[2]
That is not the language of speculative research.
That is the language of a state level transition already underway.
The same pattern is visible in national security systems. NSA guidance now points users toward its updated quantum resistant algorithm choices under CNSA 2.0.[3] The Pentagon went further in November 2025. Its chief information office directed the department to identify and inventory cryptography across national security systems, business systems, weapons systems, cloud environments, mobile devices, physical access systems, internet of things devices, unmanned systems, and operational technology. The memo said migration must proceed with deliberate urgency to maintain warfighter lethality and information dominance.[4]
That list alone tells you the scale of the issue.
Quantum is not being treated as a narrow cyber problem.
It is being treated as a military system wide exposure.
The strategic cause is therefore bigger than code breaking alone. The danger begins before a cryptographically relevant quantum computer fully arrives, because sensitive data can be stolen now and held for later decryption. NIST’s own migration guidance is explicit on that point. It warns of “harvest now, decrypt later” risk and notes that full integration of new cryptography can take 10 to 20 years after algorithm standardisation.[7]
That is why the race is already active.
And it is why the first states to lose in the quantum era may not be the ones without the best machine.
They may be the ones that migrate too late.
Constraint
This is where the piece gets harder.
The quantum race is real, but the bottlenecks are brutal.
The first constraint is that quantum advantage in defence will not arrive as one neat cinematic event. It will arrive unevenly across cryptography, sensing, optimisation, and infrastructure. That makes it harder for political systems to prioritise because the benefits and the dangers are distributed, not concentrated.
The second constraint is that migration is messy. The NCSC says this transition will span multiple leadership cycles, carry significant cost, and require deep discovery work across whole estates, including bespoke systems, physical infrastructure, and supplier dependencies.[2] That is manageable for modern cloud services. It is much uglier for legacy military systems, specialist hardware, long life platforms, and allied environments built over decades.
The Pentagon’s own memo reflects that reality. It is not simply telling components to “get quantum ready.” It is telling them to inventory cryptography everywhere, assign migration points of contact, track risk, and coordinate solutions across a sprawling defence ecosystem.[4]
That alone should kill any lazy idea that quantum is only a lab issue.
It is already a governance issue.
It is also a procurement issue.
And it is a force readiness issue.
The third constraint is the supply chain.
Quantum migration will not stop with ministries and primes. It will run down into the SME layer because secure military power is only as strong as the smallest supplier still relying on vulnerable cryptography. In the UK, there is not yet a single public rule saying every defence SME must complete post quantum migration on a bespoke defence only deadline. But that misses the real mechanism. The MOD Cyber Security Model says suppliers are contractually required to meet Defence Standard 05 138 controls, submit a Cyber Improvement Plan with timescales if they cannot yet comply, and continue annual reassessment through the Supplier Assurance Questionnaire process. Defence Condition 658 and related industry guidance also push those obligations down the supply chain.[8][9]
That means many SMEs will not experience quantum migration first as a ministerial speech.
They will experience it as a contract condition, a supplier assurance demand, a risk assessment, or a prime contractor requirement.
The fourth constraint is hype. Quantum discussions are full of magic language, especially around “quantum secure” communications. The Pentagon has already drawn a line through some of that. Its November 2025 memo says components are not to use quantum confidentiality or keying technologies such as quantum key distribution for confidentiality, authentication, integrity, or key distribution without exception.[4]
That is one of the most revealing defence signals in the open record.
The Pentagon is not buying the shiny version.
It is prioritising inventory, standards, migration, and control.
That is the adult position.
The fifth constraint is technical uncertainty. Timelines for a cryptographically relevant quantum computer remain uncertain, but the strategic problem does not wait for certainty. Governments still have to inventory, redesign, procure, certify, and migrate now because the transition itself is long, expensive, and operationally disruptive.[2][4][7]
That uncertainty creates a familiar strategic trap.
Move too slowly and you are exposed.
Move too late and the transition becomes a crisis.
Move intelligently and you still carry a long, expensive, politically dull migration burden that does not produce cinematic headlines.
That is why so many governments will underreact.
The sixth constraint is that the first defence gains from quantum are likely to appear in areas the public does not instinctively romanticise. The U.S. Army has already highlighted quantum sensing for intelligence, surveillance and reconnaissance, communications, logistics, and positioning, navigation and timing, especially in environments where GPS is denied.[5] DARPA is pushing hybrid quantum and classical work on route planning, sensor target assignments, and real time supply chain management across the Department of Defense logistics enterprise.[6]
That is a very different picture from the usual public fantasy.
The first strategic value of quantum may appear not in a dramatic battlefield supercomputer, but in better sensing under contest, better timing when space support is degraded, and better optimisation for military sustainment.
That sounds less glamorous.
It is actually more serious.
Consequence
If states get this wrong, the consequences will not be narrow.
The first consequence is delayed vulnerability. NIST’s guidance is blunt that long life sensitive data is already exposed to the logic of “harvest now, decrypt later.”[7] That means diplomatic archives, intelligence traffic, defence industrial secrets, weapons system design data, access credentials, and critical infrastructure records may all be part of a contest that has already started. A government does not need to lose a war in 2032 to suffer quantum consequences. It only needs to protect 2026 data with assumptions that do not survive 2032.
The second consequence is degraded military trust in contested environments. The Army’s work on quantum sensing is not abstract. It is focused on ISR, communications, logistics, and PNT in conditions where GPS is denied.[5] In plain English, quantum is tied to a future battlefield in which jamming, spoofing, and degraded space support are normal. The side that preserves navigation, timing, and sensor confidence longer will not merely have better gadgets. It will have a more coherent force under pressure.
The third consequence is a widening optimisation gap. DARPA’s own material points to route planning, sensor target assignments, and real time supply chain management as hard defence problems where hybrid quantum and classical approaches may create gains before the fully mature machine arrives.[6] Modern militaries are already constrained by fuel, lift, supply chains, maintenance cycles, and targeting trade offs. A state that improves its planning and logistics layer even marginally under wartime pressure can generate outsized operational advantage. That is especially true in any prolonged campaign where sustainment decides tempo.
The fourth consequence is supply chain fragility. If quantum migration stalls in the lower tiers of defence industry, the vulnerability does not stay in a small vendor. It spreads upward into primes, programmes, maintenance chains, logistics networks, and shared data environments. The public debate often treats defence resilience as though it sits in capitals and headquarters. In reality it often breaks first in overlooked suppliers, legacy components, and poorly mapped dependencies.[8][9]
And the exposure does not stop at defence suppliers. The same transition pressure is building across critical infrastructure, including electricity, water, and operational technology, because a state cannot protect military power for the quantum era while leaving the civilian systems that sustain it on vulnerable cryptography. Australia’s ASD is already recommending that organisations cease using traditional asymmetric cryptography by the end of 2030 and complete their transition to post quantum cryptography on that timeline.[10]
The fifth consequence is strategic competition over standards and adoption. China’s leadership now treats quantum technology, including computing, sensing, and communications, as important to national security and future warfare, according to the Pentagon’s 2025 report on Chinese military power. The same report says China is developing post quantum cryptography, exploring military applications of quantum sensing, and building infrastructure for a planned global quantum communication network.[11]
That should sharpen the point.
This is not simply about who invents first.
It is about who migrates first, who sets standards first, who integrates first, and who forces others to adapt to a framework they did not design.
The sixth consequence is strategic distraction. Public debate will keep chasing the visible layer of military technology because drones are easy to film and AI is easy to debate. Quantum is quieter, slower, and far less theatrical. That makes it exactly the sort of domain where serious states can gain advantage while everyone else is still arguing over the last visible revolution.
That is the danger.
Not that quantum replaces drones or AI.
That it moves underneath them.
Conclusion
Drones will still dominate the footage.
AI will still dominate the argument.
But the deeper contest is over whether modern states can still trust the invisible systems that make military power possible.
That is why the quieter strategic race is quantum.
Not because a miracle machine has already arrived.
Not because every war plan is secretly being run by quantum computers.
But because governments, defence departments, and rival powers are already behaving as though the transition window has opened, and the states that treat it as a distant research topic may discover too late that the infrastructure of trust was the battlefield all along.[1][2][4][11]
The question is not whether quantum will become relevant to defence.
That answer is already visible.
The sharper question is this.
When the next crisis comes, which states will still be able to trust their communications, navigation, logistics, and suppliers and which ones will discover too late that they upgraded the weapons but not the systems that make those weapons usable?
References
[1] NIST, “NIST Releases First 3 Finalized Post Quantum Encryption Standards,” 13 August 2024.
[2] UK National Cyber Security Centre, “Timelines for migration to post quantum cryptography,” 20 March 2025.
[3] NSA, “Post Quantum Cybersecurity Resources,” including CNSS Policy 15 and CNSA 2.0 references.
[4] Department of Defense CIO, “Preparing for Migration to Post Quantum Cryptography,” 20 November 2025.
[5] U.S. Army, “See more, see further with C5ISR Center and Quantum Sensing,” 9 July 2025.
[6] DARPA, “Quantum sensing and computing,” including ONISQ optimisation tasks.
[7] NIST, “Considerations for Achieving Crypto Agility,” warning on harvest now, decrypt later and long migration timelines.
[8] UK Ministry of Defence, “Cyber Security Model,” including Cyber Improvement Plans, annual SAQ reassessment, and current use of CSM v4.
[9] UK Ministry of Defence, “Cyber security for defence suppliers (Def Stan 05 138, Issue 4)” and related DEFCON 658 flow down guidance.
[10] Australian Signals Directorate, “Planning for post quantum cryptography,” including the recommendation to cease traditional asymmetric cryptography by end 2030 and complete transition on that timeline.
[11] U.S. Department of Defense, “2025 Annual Report to Congress: Military and Security Developments Involving the People’s Republic of China,” quantum technology and future warfare sections.
Everyone Is Watching Drones and AI. The Quieter Strategic Race Is Quantum was originally published in DataDrivenInvestor on Medium, where people are continuing the conversation by highlighting and responding to this story.
