C-Day. Here's Why It May Be the Most Important Cybersecurity-Quantum Concept You've Never Heard.

In my first article in this series; The Quantum Clock Is Ticking; I introduced two concepts that will serve as the analytical backbone for everything that follows.

Q-Day: the moment quantum computing achieves the capability to break modern encryption at scale. A defined, planned-for event that the NSA, CISA, and NIST have all acknowledged in public guidance. A threat serious enough that NIST finalized an entirely new suite of post-quantum cryptographic standards in 2024. A timeline that artificial intelligence is actively compressing in ways the current public consensus has not yet fully absorbed.

And C-Day: my original framing for the moment that is, in my assessment, more immediately dangerous than Q-Day itself.

C-Day is Capture Day. The moment adversaries shift from opportunistic data theft, grab what you can and monetize it now, to strategic, quantum-anticipatory collection. Systematic harvesting of encrypted data today, stored with institutional patience, waiting for the quantum capability that will eventually render that encryption meaningless. The cryptographic community has warned for years about "harvest now, decrypt later" (HNDL). Michele Mosca and others framed that timing risk. C-Day is a name for the strategic inflection point inside HNDL: the moment adversaries shift from opportunistic capture to strategically deliberate, quantum-anticipatory collection.

In that first article, I argued that C-Day is not a future event. For the adversaries who most stand to benefit from quantum capability, C-Day has already occurred. The collection is active. The Silent Window, the period between C-Day and Q-Day, is not a warning period. It is an operational reality.

Today’s article goes deeper. I want to examine C-Day not as an abstract concept but as a framework with distinct operational scenarios, each carrying different risk profiles, different detection challenges, and different implications for how security leaders need to think and act right now.

Why This Framework Matters

Before I walk through the scenarios, let me be direct about why I believe C-Day deserves its own named framework rather than being folded into the existing "harvest-now-decrypt-later" language that practitioners use.

Naming matters in security. The moment we gave a name to advanced persistent threats, boards started allocating budgets to defend against them. The moment we named ransomware as a category distinct from malware, organizations started building response playbooks specific to it. Language creates accountability. Frameworks create action.

The harvest-now-decrypt-later concept has existed in practitioner circles for years. It has not generated the organizational urgency it warrants, in part because it describes a behavior rather than a moment. C-Day names the strategic inflection point: the shift in adversarial intent from tactical to generational (i.e. from immediately usable to strategically held for a future event). That shift changes everything about how you should assess your current exposure, how you should prioritize your security investments, and determine how urgently you should be acting.

The C-Day → Silent Window → Q-Day construct gives security leaders and boards a mental model with a beginning, a middle, and an end. Most organizations are mentally living in the middle without understanding that the beginning has already passed for many of them. That misunderstanding is costing them time they cannot recover.

The Facts

The evidentiary case for C-Day as an active, ongoing operation is not circumstantial. It is documented in public disclosures, intelligence community warnings, and the forensic record of some of the most significant breaches of the past decade.

Salt Typhoon. Disclosed in late 2024, Salt Typhoon is arguably the most significant telecommunications infrastructure compromise in U.S. history. Chinese state-affiliated actors maintained persistent, undetected access inside major U.S. telecommunications carriers, in some cases for years before discovery. The targets included lawful intercept systems, the very infrastructure used to monitor communications under court order. The strategic value of that access, in a quantum context, extends well beyond the dwell period. Communications collected through that access, stored and encrypted by classical standards for indefinite periods of time, become a permanent intelligence asset on Q-Day.

The OPM Breach. In 2015, the U.S. Office of Personnel Management disclosed a breach affecting 21.5 million individuals, virtually everyone who had applied for a federal security clearance over the preceding decade. The data included Standard Form 86 submissions: deeply detailed personal histories covering foreign contacts, financial circumstances, mental health disclosures, past substance use, and family member information. This is not data with a two-year shelf life. A foreign intelligence service holding detailed files on 21.5 million individuals who held or applied for U.S. security clearances is sitting on a generational intelligence asset. The quantum decryption of any encrypted communications tied to those individuals is a force multiplier on an already catastrophic breach incident.

SolarWinds. The 2020 SolarWinds compromise affected approximately 18,000 organizations, including nine federal agencies and the top-tier of U.S. defense contractors, through a compromised software update that granted attackers privileged access to network monitoring infrastructure. Dwell time in many environments was measured in months. In a number of cases, the full scope of what was accessed was never definitively established. What was collected, and in what form, by adversaries with the patience to store and decrypt it later? That question does not have a public answer.

These are the operations we know about. They were each, in their own way, a C-Day event: a moment when adversaries collected data whose full strategic value was not understood at the time of discovery, and may not be fully understood for another decade.

The more consequential question is what the operations we do not know about now may look like in the future?  How many threat actors continue to store data which was exfiltrated in the thousands of attacks that succeed each month?  How many hands does that data pass through on dark web markets and in other data-sharing/selling operations? 

The Three Scenarios

C-Day is not a single event with a single profile. It manifests in at least three distinct operational scenarios, each requiring a different detection and response posture.

Scenario 1: Known Exfiltration

This is the category most security leaders have some mental model for. A breach occurs. Eventually, sometimes quickly, sometimes after months or years of adversary dwell time, it is discovered. Incident response is initiated. The scope of what was accessed is assessed, to the extent forensics allows. Notifications are issued. The incident is closed.

In a pre-quantum world, this lifecycle has a natural end. In a post-C-Day world, it does not.

Every breach that resulted in the exfiltration of encrypted data, communications, files, database records, network traffic captures, is a potential quantum time bomb. The breach may be closed in the conventional sense. The data is not gone. It is in adversary hands, encrypted by standards that will not survive Q-Day, waiting.

The OPM breach is closed in the conventional sense. SolarWinds is closed in the conventional sense. Salt Typhoon's disclosed elements are closed in the conventional sense. None of them are closed in the quantum sense. That distinction is not being made in most organizations' risk frameworks, and it should be.

Security leaders need to revisit their historical breach inventory with a specific question: what was exfiltrated that carries long-shelf-life strategic value, and is it protected by encryption standards that quantum will break? That assessment does not exist in most organizations today. It needs to.

Scenario 2: Unknown Exfiltration

This is the scenario that keeps practitioners with national security backgrounds, including me, awake at night. It is the one I believe carries the greatest risk for the largest number of organizations, and it is the one that existing security frameworks are least equipped to address.

Unknown exfiltration refers to persistent, low-and-slow collection operations that have never triggered a detection event. No alert. No anomaly flagged. No forensic artifact recovered in an incident investigation. Silent access, maintained over extended periods, systematically collecting data with a precision and patience that avoids every tripwire in a conventionally instrumented environment.

These operations are not hypothetical. The intelligence community has documented the existence of nation-state collection capabilities specifically designed to operate below the detection threshold of enterprise security tools. The adversaries executing C-Day Scenario 2 are not using commodity malware. They are using custom tooling, living-off-the-land techniques, and operational tradecraft developed over years of trial and refinement – some of it in environments exactly like yours.

The absence of a known breach is not evidence of security. For any organization holding data with long-term strategic value, defense contractors, financial institutions, healthcare systems, energy infrastructure operators, legal firms handling sensitive M&A or litigation, the probability of Scenario 2 exposure should be treated as non-zero and evaluated accordingly. The sophistication of the adversaries executing this doctrine makes detection by conventional security tooling genuinely difficult. AI-native detection platforms with continuous behavioral learning are not a luxury in this environment. They are the mechanism by which Scenario 2 becomes discoverable rather than permanently invisible.

Scenario 3: Structural Exposure

The third scenario requires no breach at all. No intrusion. No malware. No compromised credentials. Just infrastructure and patience.

Encrypted internet traffic transits networks. It passes through internet exchange points, undersea cable landing stations, telecommunications infrastructure, cloud provider backbone networks. Nation-state actors with the collection infrastructure of a signals intelligence apparatus, and several of them do, do not need access to your environment to collect your encrypted communications. They need access to the infrastructure your communications traverse.

This is not a theoretical capability. The documents disclosed by Edward Snowden in 2013 established that bulk collection of internet traffic at infrastructure level is a real, operational capability that has been deployed at scale. The United States has this capability. China has this capability. Russia has this capability. Others either already have it, or are developing it.

Any organization whose communications transit infrastructure is subject to nation-state collection, which in practice means any organization communicating over the public internet, carries some degree of Scenario 3 exposure. The encryption protecting those communications is sufficient against today's adversaries. It is not sufficient against a Q-Day-capable adversary processing a stored archive of collected traffic.

Who Is Most Exposed

Not all organizations carry equal C-Day risk. The adversaries executing this doctrine are strategic actors with finite collection capacity. They prioritize targets whose data has the highest long-term value.

The highest-risk categories are not surprising, but the framing matters:

Defense contractors and the defense industrial base. Not because of what they know today, because of what they will know over the next decade. Technical specifications (and their evolution over time), program data, acquisition intelligence, and personnel information with security clearance implications all carry strategic value that compounds over time.

Financial institutions. Transaction records, trading algorithms, and M&A intelligence are obvious targets. Less obvious but equally significant: the cryptographic infrastructure protecting interbank communications and settlement systems is exactly what nation-state actors with commercial disruption objectives would want to understand before Q-Day.

Healthcare systems and pharmaceutical companies. Clinical trial data, drug development pipelines, and patient records at scale. Collective intelligence on millions of people brought together by breach events across hundreds of regional healthcare organizations. In the case of government healthcare programs, the intersection of medical and personnel data creates dossier-level intelligence on millions of individuals.  Data 5, 10 or more years from now has great value and consequences.  

Legal firms. The firms handling sensitive litigation, M&A transactions, and government contracting disputes hold the most sensitive communications of some of the most consequential organizations and individuals in the world – protected by attorney-client privilege but not by quantum-resistant encryption. Can you imagine the impact of all the case law being exposed?  Details of settlements, information under privilege, informant information, and more.

Critical infrastructure operators. Energy, water, and transportation systems. The strategic value of understanding these systems' functionality and vulnerabilities over a decade-long horizon, before quantum capability is deployed offensively, is self-evident.

In short, any data on anyone and anything that will be equally and/or more valuable in 10 years than it is today. That framing is the correct risk filter. If that data is compromised, the C-Day risk posture deserves serious attention. As much of it has already been compromised, the C-Day risk is real and needs serious attention.

The Adversarial Calculus

I want to be precise about why this doctrine makes rational strategic sense for the adversaries most likely to execute it.

A nation-state actor with a ten-year planning horizon, a sustained national investment in quantum computing, and the collection infrastructure to harvest encrypted data at scale faces an extraordinarily favorable risk-reward calculation. The cost of collection, in relative terms for a state-level actor, is low. The technical risk of the collection operation is manageable with sophisticated tradecraft. The downside of discovery is diplomatic friction, which these actors have demonstrated tolerance for repeatedly. 

The potential upside is a future library of decrypted communications covering a decade of legal, geopolitical, military, commercial, and intelligence activity such a repository would represent a strategic asset of incalculable value. The impact would dwarf anything revealed by Snowden by orders of magnitude.

There is no rational case for a sophisticated nation-state actor with quantum ambitions not to be executing C-Day operations. The question is not whether they are. The question is how long they have been doing it, how comprehensively, and whether any of their collection has touched your environment.

The Howard Projection

By 2027, a major public breach disclosure will include forensic evidence of quantum-anticipatory data collection. The first time C-Day Scenario 2 is publicly named, forensically documented, and attributed to a nation-state actor. This will be the disclosure event that forces enterprise quantum risk from theoretical budget conversation to operational board imperative. Organizations that have not yet initiated post-quantum planning will face the same pressure they faced in the 72 hours after the first major ransomware event hit a peer organization.

By 2028, the U.S. and Western aligned  intelligence community will declassify or acknowledge, in sufficiently specific terms, that nation-state quantum-anticipatory collection has been active against targets for a period of no less than five years. The disclosure will not include operational specifics. It will not need to. The acknowledgment alone will be sufficient to trigger a regulatory and litigation cascade that reshapes the cyber liability landscape.

By 2029, cyber insurance underwriters in the U.S. and EU will incorporate C-Day exposure assessment, specifically cryptographic inventory completeness and evidence of post-quantum migration progress, into standard policy underwriting for organizations in defined high-risk sectors. Organizations without a documented program will face coverage exclusions and/or significant premium increases for quantum-related breach events. The market will not wait for regulatory compulsion. It will price the risk before regulators mandate disclosure of it, or exclude it in material ways.

By 2035, the C-Day operations of 2018 through 2030 will be acknowledged as the defining intelligence collection campaigns of the early twenty-first century. They will be viewed as the digital equivalent of the most consequential Cold War espionage operations, with damage that compounds as quantum capability matures and the collected library becomes progressively more readable. The organizations that understood and acted on C-Day risk in the 2024–2028 window will be studied alongside those that adopted cloud security frameworks seriously in 2010. The ones that did not will share a different historical category.

What Comes Next

In the next installment of this series, I will address the technical foundation of why Q-Day is not just a threat to encrypted data in transit. It is a threat to the cryptographic infrastructure that underpins digital trust itself. Certificates, digital signatures, identity infrastructure, code signing, PKI. The architecture of online security was built for a world without quantum. Understanding exactly how quantum breaks that architecture and what NIST's 2024 post-quantum standards do and do not solve, is the prerequisite for the risk reduction framework I will lay out in my fifth article in this series.

The Silent Window is active. C-Day, for many of the organizations reading this, has already passed in one or more of its three forms. The question that matters now is not whether you were exposed. It is whether you are still being exposed, and what you are doing about it.

About the Author: 

Doug Howard is the CEO of Pondurance, an AI-powered managed detection and response firm providing MDR, digital forensics and incident response, and cyber advisory services. He previously served in the U.S. Air Force and held roles at the Pentagon. He writes on cybersecurity, artificial intelligence, and emerging threats at the intersection of national security and enterprise risk.

This is the second article of the series "The Quantum Clock Is Ticking." The first article is available at pondurance.com/blog/the-quantum-clock-is-ticking.