Quantum-Safety Readiness: A call for a collaborative Telecommunications Future

The Third Post-Quantum Network Seminar at MWC Barcelona 2024 was a pivotal event that focused on issues and opportunities presented by the emergence of quantum technologies and the transition to post-quantum cryptography (PQC) within the telecommunications sector. The discussions underscored not only the technical challenges but also the strategic, infrastructural, and regulatory frameworks that industries, especially telecommunications, must navigate in the coming years.

The seminar highlighted the dual nature of quantum technologies as both an extraordinary opportunity and a significant risk. With quantum computing's potential to disrupt existing cryptographic standards, the urgency to transition to quantum-resistant algorithms becomes paramount for securing infrastructure and communications across the telecom ecosystem.

The GSMA's role in fostering collaboration and standardization to safeguard networks and data in the post-quantum era was emphasized, alongside the importance of monitoring the development of standards by bodies such as NIST. The seminar also shed light on the significant financial and operational implications of transitioning to PQC, underlining the necessity for a holistic, industry-wide plan to implement required changes effectively.

Speakers and panelists drew attention to the global reach and impact of quantum threats, advocating for a concerted global response that includes national and international initiatives, industry-led efforts, and comprehensive strategies at company levels. The timelines for preparation and transition, stretching into the next decade, highlighted the need for immediate action — not just in anticipation of quantum computing's maturation but also in response to current data vulnerabilities due to the "store now, decrypt later" phenomenon.

The seminar also provided a forum for discussing the role of governments, international organizations like the World Economic Forum, and industry alliances in raising awareness, building skills, and developing regulations to address the quantum challenge. Highlighting initiatives from various countries, such as South Korea's national master plan for PQC transition, it became evident that a multifaceted approach involving public-private partnerships, education, and regulatory frameworks is crucial for a smooth transition to quantum-safe environments.

Executive Summary (TL;DR)

From the detailed discussions across the different speakers and sessions at the Third Post-Quantum Network Seminar at MWC Barcelona 2024, a unified message emerges, emphasizing the importance of preparedness, collaboration, and innovation in the face of the approaching quantum computing era. Despite the varied perspectives and focal points of each speaker, several common themes can be inferred, illustrating a collective industry stance on the transition to quantum-safe technologies. Here are the key shared messages.

The Urgency of Quantum Safety. All speakers underscored the urgent need for the telecommunications industry and its associated sectors to prepare for quantum computing's potential to break current cryptographic standards. This urgency is driven by the dual nature of quantum technology as both a significant opportunity and a monumental challenge.

Collaborative Efforts Required. There was a clear consensus on the necessity for cross-sector collaboration, involving telecommunication companies, technology providers, policymakers, academia, and standardization bodies. The complexity of the transition to quantum-safe cryptography cannot be tackled by any single entity alone; it requires a concerted effort across the entire ecosystem.

Importance of Executive Engagement and Company-Wide Strategy. Speakers like Taylor Hartley from Ericsson highlighted the critical role of executive engagement and the need for a company-wide strategy that extends beyond the CISO level. The transition to post-quantum cryptography is presented not merely as a technical challenge but as an enterprise-wide endeavor that necessitates thoughtful planning and investment.

Awareness, Education, and Public Policy. The sessions highlighted the importance of raising awareness and educating stakeholders at all levels about the implications of quantum computing. Kelly Richdale’s moderation of the panel, along with discussions on creating public policy and building societal awareness, amplified this message, underscoring the role of education and workforce up-skill in facilitating a smooth transition.

Innovation and Opportunities Ahead. Despite the challenges, speakers also pointed to the significant opportunities that the quantum era presents. From new business models and services for telecommunications companies to advancements in secure communications and beyond, the advent of quantum computing opens up a realm of possibilities that innovators are eager to explore. Although it is clear that there are new technological opportunities at the horizon, the monetization of services that focus on renewed security capabilities is still uncertain for now.

Technical Preparedness and Crypto-Agility. The need for technical preparedness, including developing cryptographic inventories and embracing crypto-agility, was a recurring theme. The ability to adapt to new quantum-resistant algorithms swiftly, efficiently, and cost-effective is crucial for maintaining the security and integrity of telecommunications infrastructures.

Regulatory and Standardization Efforts. The discussions also touched upon the importance of regulatory efforts and standardization in guiding the industry's transition to quantum safety. A coordinated global response, including standardizing post-quantum cryptographic algorithms and regulatory mandates, will play a pivotal role in ensuring a secure transition.

In essence, the unified message from the seminar is a call to action for the global telecommunications industry and its stakeholders to proactively prepare for the quantum era through collaboration, innovation, education, and strategic planning ensuring a future where digital communications remain secure and resilient.

Final Considerations

In the dynamic landscape of emerging quantum technologies, momentum is building across various sectors, all pivoting to gauge the expansive implications of the impending quantum paradigm. This multilateral exploration, as underscored by the collective endeavors of diverse industries, underscores an essential truth—collaboration is not just beneficial but imperative.

In the context of planning for quantum-safe migration, to reduce the cost of deployments, the exploration of quantum technologies in collaboration with early adopters allows for companies to efficiently leverage the scarce expertise in the field that has been developed at the early stages of the process. Conversely, at the same time, early adopters can leverage the leadership position in the market to provide transitioning services and drive, according to their needs, timelines and policy regulations that governments around the world.

The seminar, however, did not cover one of the topics that is usually forgotten when it comes to quantum-transitions: how to address the cost of deployment and the inter-dependencies for complex supply-chain when it comes to secondary markets and emerging economies.

Up to today, all major quantum events that focus on the establishment of a quantum-safe economy have not yet extensively addressed the issues related to the inclusion, in the transformative process, of the many different regions of the world where the costs of deployment might be prohibitive, especially for the private sector.

Deploying quantum-safe infrastructures in emergent economies, which include sectors not directly involved in primary quantum research and development, presents a unique set of challenges and considerations. While specific studies on the dangers of supply-chain vulnerabilities and the impact on secondary markets in the context of quantum computing are expected to emerge, the discourse around these issues is still lacking behind.

In my opinion, when considering this topic, some of the major issues and considerations for deploying quantum-safe infrastructures can be summarized in the following seven key points:

1. Lack of Awareness and Expertise: One of the primary challenges is the general lack of awareness and expertise in quantum technologies and their implications. Many organizations, particularly in secondary markets and emerging economies, may not yet fully grasp the potential threats posed by quantum computing to current cryptographic standards.
2. Resource Constraints: Secondary markets often operate under significant resource constraints, including limited funding for research and development in cutting-edge technologies like quantum cryptography. This can hinder the ability to invest in quantum-safe infrastructure and training for local experts.
3. Supply Chain Vulnerabilities: Global supply chains are intricate, with components and services sourced from various markets, including those considered secondary or emerging. The heterogeneity and complexity of these chains can introduce vulnerabilities, especially if parts of the chain lag in adopting quantum-safe practices, potentially compromising the entire system.
4. Policy and Regulatory Frameworks: Emerging economies and secondary markets may lack the robust policy and regulatory frameworks necessary to enforce the transition to quantum-safe technologies. Without these frameworks, it can be challenging to coordinate and standardize efforts across industries and borders. Engaging early in the world setting could avoid regulatory fragmentation that might impact production and services.
5. Access to Quantum-Safe Technologies: The availability of quantum-safe technologies and solutions may be limited in secondary markets, either due to high costs or because primary markets with advanced R&D capabilities are the initial beneficiaries. This access gap can delay adoption and adaptation processes in secondary markets. To address this issue, the availability of low-costs and open-source solutions is paramount to provide the opportunity for international organizations to efficiently address their security needs.
6. Interoperability and Standards: Ensuring interoperability between quantum-safe systems and existing technologies is crucial. Secondary markets may struggle with transitioning in a way that maintains compatibility with international standards and systems, which is essential for global operations.
7. Digital Divide: We cannot end the list without mentioning the impact on the Digital Divide problem around the world. The deployment of quantum-safe infrastructures risks exacerbating the digital divide between developed and developing regions. Those unable to invest in or access these technologies may find themselves at a greater security risk, further widening the gap.

While these issues present significant challenges, they also underscore the importance of global collaboration, knowledge sharing, and inclusive policy-making to ensure a smooth and equitable transition to a quantum-safe future. Efforts by international organizations, governments, and industry coalitions to address these challenges through research, funding, and capacity-building initiatives are crucial steps toward mitigating the risks and ensuring that the benefits of quantum technologies are accessible to all.

In the rest of this article we focus on providing a summary for the different sessions (talks and panels), where more specific information can be found.

Last but not least, tou can access the description of the Cryptographic Demos present at MWC Barcelona 2024 here.

Detailed Summary Of Seminar's Sessions

Welcome Message from GSMA's CTO

Speaker:

• Alex Sinclair, CTO | GSMA

In his introduction to the Third Post-Quantum Network Seminar at MWC Barcelona 2024, Alex Sinclair, the CTO of GSMA, provided a comprehensive overview of the dual nature of quantum technologies as both significant opportunities and potential risks for the telecommunications industry. He emphasized the transformative potential of quantum computers to breach almost all existing cryptographic algorithms, which are fundamental to securing data, infrastructure, and communications throughout the telecom ecosystem.

Sinclair highlighted the proactive steps taken by the USA a year prior, with the establishment of the first telecom industry group dedicated to preparing for the post-quantum era. This group aims to build skills and awareness among stakeholders in the telecom industry about the threats posed by quantum computing and the importance of post-quantum cryptography. Additionally, it focuses on understanding how cryptography is currently integrated within telecom systems, which is more complex than it might seem at first glance.

The intent, as Sinclair elaborated, is to support telecom operators in evaluating risks and prioritizing the protection of the most vulnerable data and systems. He pointed out the need for new protocols and algorithms to be standardized to ensure the safety of networks and data in the post-quantum era. While GSMA itself does not engage in standardization, Sinclair underscored the importance of monitoring developments in standards by other entities, notably mentioning the efforts of standardization bodies and some pre-standardization implementations, including those by Apple.

Sinclair concluded by stressing the significance of not only focusing on the technical aspects of the transition but also considering the strategic implications, as this transition will heavily impact infrastructure and require careful planning and investment. The regulatory landscape, according to Sinclair, is likely to evolve alongside the technical advancements, thus necessitating a holistic plan to implement the necessary changes to mitigate potential legal and financial impacts.

The Importance of Building a Quantum Secure Digital Economy

Speaker:

• Francis Sideco, Partner and Principal Analyst | Tirias Research

Francis Sideco, in his presentation, delved into the considerable implications of post-quantum threats on the digital economy and the critical need for a quantum-secure infrastructure. His talk, centered on "the importance of building a quantum secure digital economy," outlined several pivotal points.

Quantum is not necessarily a matter of if anymore, it is a matter of when and we are getting to the point of quantum utility very quickly.

Sideco began by likening quantum technology to a 'generational technology,' emphasizing its potential to significantly impact not just technology sectors but the global economy at large. Sideco provided an overview of the existing cybersecurity threats and their implications for businesses, noting the substantial costs associated with data breaches. Sideco cited research indicating that the global average cost per data breach is around $4.4 million, with figures even higher in specific regions like the United States where the cost is close to $9M per breach. He highlighted the alarming rate at which cyber crime has been growing, outpacing the growth of the digital economy itself (72% increase in cyber crime between 2022 and 2023).

The presentation highlighted that the threat posed by quantum computing is global, affecting every aspect of human life and business operations that rely on cryptography. Sideco mentioned various international and national organizations that have initiated efforts to mitigate these risks, illustrating the widespread recognition of the issue. Sideco emphasized that, given how integral telecommunications are to every industry and aspect of modern life, the sector is particularly at risk and must be at the forefront of transitioning to post-quantum cryptography. He articulated the potential economic impacts if current cryptographic standards are compromised, estimating the value at stake by 2030 due to quantum computing threats. Sideco stressed that the integrity of cryptography is foundational to the functioning of the global digital economy.

We expect the preparation stage to run until 2027 and the roll out of quantum-safe cryptography starting in 2030 with the possibility of government mandates.

Throughout his presentation, Sideco underscored the urgent need for preparation and argued that with the advent of quantum computing, it's not a matter of if but when current cryptographic measures will be rendered obsolete. He highlighted the importance of starting early, considering the long timelines for standardization, development, deployment, and the iterative nature of security measures. Starting early will allow to spread out the costs in time, HR resources, and financial resources. We expect the preparation stage to run until 2027 and the roll out of quantum-safe cryptography starting in 2030 with the possibility of government mandates.

Concluding his talk, Sideco called for a coordinated global response, encompassing public and private sectors, to develop and implement quantum-safe cryptographic standards. He outlined the expected timelines and stages for preparation, transition, and post-quantum readiness, advocating for a proactive and iterative approach to security in the quantum era. Francis Sideco's presentation laid out a compelling case for the necessity of a global, collaborative effort to secure the digital economy against the looming quantum threat, with a particular focus on the pivotal role of telecommunications in this endeavor.

Quantum-Safe Future Networks

Speaker(s):

• Anita Doehler, Chief Executive Officer, NGMN

Anita Doehler, the CEO of the Next Generation Mobile Networks Alliance (NGMN), discussed the imperative of ensuring Quantum Safe future networks during her presentation at the Third Post-Quantum Network Seminar at MWC Barcelona 2024. Her talk focused on several key aspects essential for the evolution and security of telecommunications infrastructure in the face of quantum computing threats.

After an overview of the NGMN Alliance, emphasizing its role as an operator-driven organization focused on defining the future of mobile broadband network, Doehler highlighted the alliance's commitment to cooperation with various stakeholders across the telecommunications ecosystem to ensure the successful development and implementation of next-generation network technologies. While we are still learning about 5G, we already need to drive alignment for 6G requirements.

A key point she spoke about is the challenges and risks associated with network disaggregation, particularly in the context of security. As networks evolve with disaggregated components (such as in Open RAN architectures), ensuring the quantum safety of these components becomes increasingly crucial. Similarly to the other speakers, Doehler also stressed the need for crypto-agility in future networks and the importance of collaboration among industry stakeholders, including operators, vendors, system integrators, and research institutions, to address the quantum threat. Doehler called for global industry alignment on quantum security standards and practices to mitigate risks effectively.

Doehler also touched upon NGMN's efforts in setting high-level requirements for the next generation of mobile networks, including 6G. She mentioned the organization's focus on incorporating quantum security and robustness into the foundational design of future networks, ensuring they are inherently secure against quantum threats.

In summary, Anita Doehler's presentation on Quantum Safe future networks underscored the significance of preparing telecommunications infrastructure for the post-quantum era. By prioritizing quantum security, promoting collaboration, and embracing innovation, Doehler highlighted a path forward for the industry to ensure the resilience and security of future mobile networks against emerging quantum threats.

Panel Discussion on Policy and Regulation Perspective

Moderator:

• Zygmunt Lozinski . Senior Technical Staff Member and Quantum Ambassador, IBM.

Panelists:

• Sebastian Buckup , Head of Network and Partnerships; Member of the Executive Committee, World Economic Forum
• Gary Trotman , Head of Technology Solutions, Digital Catapult
• Darren Ennis , Leads Vodafone Group’s EU public affairs team & Brussels office, Vodafone
• Keundae Kim, Director General, South Korea Institute of Information and Communications Technology Planning & Evaluation

Lozinski opens the panel by highlighting the significance of quantum computing's advancement and the critical need for quantum-safe solutions across industries. He sets the stage for a multidimensional discussion on readiness, collaboration, and the strategic approaches necessary for a successful transition to a quantum-safe future.

Buckup emphasized the role of global cooperation in tackling the quantum threat, drawing on his experience at the World Economic Forum. He discussed the importance of cross-sector collaboration, international standard-setting, and fostering an inclusive dialogue that considers the socio-economic impacts of quantum technologies.

Similarly, Ennis outlined Vodafone's approach to advocating for a coherent regulatory and policy framework within the EU to address quantum computing challenges. He stressed the need for harmonized standards and guidelines that facilitate a smooth transition for telecommunications and other critical sectors, ensuring Europe's competitiveness and security. Advocating for a proactive stance from policymakers and regulators signifies an urgent call to action, aimed at fostering an environment that supports rapid and cohesive adoption of quantum-safe standards.

Additionally, Trotman pointed to the complexity of the transition, the need for industry-wide collaboration, and the importance of starting early preparations. The emphasis on collaboration across sectors and borders underlines a shared sense of urgency, though recognizing that full readiness will be an iterative process extending over years.

The panelists also covered the satus of the global response to the quantum threat, with different sectors and countries at various stages of preparation and transition. Keundae Kim's insights into South Korea's national strategy suggest a structured, decade-spanning plan toward achieving a quantum-safe state by 2035, emphasizing a methodical but urgent progression.

In summary, while all panelists agree on the immediate necessity of transitioning to quantum-safe solutions to protect against the looming quantum threat, there are differences in their highlighted timelines for adoption. These differences reflect the various stages of readiness across industries, the iterative nature of technological and standard development, and the strategic approaches to integrating quantum-safe technologies into existing and future digital infrastructures.

The consensus underscores a shared recognition of the urgency, advocating for immediate, collaborative efforts to prepare for a quantum-resilient future.

An Update from the PQTN Task Force

Speakers:

• Lory Piccirilli Thorpe , Global Solutions & Offerings, Industry Partner Telecommunications, IBM
• Luke Ibbetson , Group Head of R&D, Vodafone

Luke Ibbetson from Vodafone and Lory Thorpe from IBM provided the latest updates on the progress made by the Post Quantum Telecom Network Task Force. Formed 18 months prior, the Task Force, with its 57-strong company membership, spans the full spectrum of the telecom ecosystem. Its creation was catalyzed by the recognition of quantum computing's double-edged sword: an unparalleled potential for processing power and an unprecedented threat to current cryptographic defenses.

The heart of the Task Force's mission? Education, awareness, and meticulous preparation.

Ibbetson and Thorpe took the stage to unwrap the fruits of the Task Force's labor. From initial impact assessments to risk assessment guidelines, culminating in telco use cases, each document represented a step deeper into the quantum quandary facing the industry. The latest work provides a use-case-by-use-case blueprint for navigating the treacherous waters of cryptography migration.

Yet, as Ibbetson articulated, the journey is labyrinthine. The transition to quantum safety is ensnared by technical complexities, legacy systems, and the cobwebs of global standards. Governance, automation, and what they termed "crypto agility" emerge as the lighthouses guiding this voyage. Governance ensures ongoing vigilance; automation, the efficient navigation of a rapidly evolving landscape; and crypto agility, the readiness to adapt cryptographic defenses as the quantum horizon expands.

The Task Force's vision is grand in scope, yet grounded in pragmatism. It envisions a future where hybrid cryptographic approaches bolster the industry's defenses, where public key infrastructure is overhauled for the quantum age, and where a culture of experimentation demystifies quantum-safe practices.

Beyond the technical feats lies a foundational principle: collaboration. This endeavor, as Thorpe underscores, demands a village. Operators, vendors, policymakers, and practitioners must unite, each lending their expertise to fortify the telecom infrastructure against quantum incursions. As the Task Force continues its work, the industry watches on, ready to embark on this quantum leap together.

Panel Discussion: Technical and Business Barriers and Opportunities

Moderator:

• Kelly Richdale , Senior Advisor, SandboxAQ

Panelists:

• Avesta Hojjati, Ph.D. , VP, Engineering, Head of R&D, DigiCert
• Ryuji Wakikawa , Vice President, Head of Research Institute of Advanced Technology, SoftBank Corp.
• Diego R. Lopez , Senior Technology Expert, Telefonica
• Taylor Hartley , Network Security Solutions Architect, Ericsson

In the last panel session of the day, moderated by Kelly Richdale of Sandbox AQ, experts delved into the complexities of migrating to post-quantum cryptography (PQC). The dialogue, underscored by insights from Avesta Hojjati of Digicert, Ryuji Wakikawa of SoftBank, Diego Lopez of Telefonica, and Taylor Hartley of Ericsson, explored the intricacies of preparing for a quantum-safe future.

Each speaker brought a unique perspective, painting a multifaceted picture of the journey toward quantum resilience. Avesta Hojjati shared Digicert's tripartite focus on standards, products, and advisory services, emphasizing the dual nature of quantum readiness as both a safeguard and a strategic advantage. Taylor Hartley highlighted Ericsson's executive-level engagements and the tactical challenges of inventorying cryptographic assets within a sprawling global operation. Diego Lopez summarized Telefonica's ventures into quantum-safe protocols and their commitment to navigating the uncharted waters of quantum technologies. Meanwhile, Ryuji Wakikawa shed light on SoftBank’s endeavors in quantum research and the operational hurdles of integrating PQC solutions into existing networks.

The panelists unanimously recognized hardware limitations and the daunting task of cryptographic inventory as pivotal challenges. Yet, amidst these hurdles, opportunities bloomed — from seizing the commercial potential within the financial sector to embedding quantum resistance in devices from the get-go. The discussion veered towards envisioning a quantum-elevated future. Hartley expressed hopes for a quantum-resistant network within a decade, envisioning a fusion of quantum computing and AI.

Hojjati highlighted the transformative potential of quantum computing in solving high-value societal problems, provided the security groundwork is firmly laid. Lopez and Wakikawa both acknowledged the inevitable integration of quantum technologies into the network fabric — a future where quantum contributions are seamlessly interwoven, enhancing security and operational efficiency. In particular, Lopez identified a multi-faceted landscape of business opportunities arising from the transition to quantum-safe technologies, ranging from tailored solutions for large customers and SMEs to innovative service offerings that leverage the broader potential of quantum technologies such as a Quantum Distribution Mesh. ?Hartley discussed how Ericsson is looking into existing products and tools that could facilitate the migration to PQC, aiming for crypto agility and leveraging tools that could help in compliance and protocol updates. Hartley identified key areas for initial focus in the migration process, including Public Key Infrastructure (PKI), firmware updates, and secure boot processes as some of the most critical vulnerabilities and priorities.

As the session drew to a close, Richdale steered the conversation toward the pivotal role of telecommunication companies, not just in fortifying their infrastructures but in extending quantum-safe services to sectors less equipped for this monumental transition.

The panel, adding to the chorus of earlier voices, underscored a collective journey toward a quantum-safe future — a path marked by collaboration, innovation, and a steadfast commitment to securing the digital landscape against the quantum threat.