The United States applies defense-in-depth as a foundational principle in nuclear deterrence, missile defense, cyber architecture, and critical infrastructure protection. In each of these domains, the nation stakes its security on layered protection rather than concentrating all resilience on a single assumption. Quantum-era cryptographic resilience is the conspicuous exception.
Current US policy concentrates all critical infrastructure protection against the quantum cryptographic threat on a single class of mathematical assumption: Post-Quantum Cryptography (PDQ). PQC is the right answer for the overwhelming majority of CI links. The NIST standards are sound. The migration frameworks are structurally coherent. For enterprise, cloud, and operational technology environments where the risk is harvest-now-decrypt-later exposure on traffic with finite confidentiality horizons, PQC is dramatically more cost-effective and scalable than any alternative.