A smart meter installed today has a 15-year service life. A medical device implanted this year may still be transmitting data in 2040. An industrial sensor bolted into a factory floor will be there long after the engineer who commissioned it has moved on.
The certificates you issue to those devices today are signed with ECDSA or RSA. Those algorithms are secure against classical computers. They are not secure against a sufficiently large quantum computer running Shor's algorithm. NIST's own timeline puts cryptographically relevant quantum computers within a 10 to 15 year window — which lands squarely inside the service life of the devices you're deploying right now.
This is not a theoretical concern. It's a lifecycle mismatch.
The attack you're not thinking about
The threat model for most IoT security discussions is an attacker who breaks in today. Patch fast, rotate keys, monitor traffic. Classical defenses.






