IBM Quantum Safe is helping organizations prepare for the quantum future today.
Emerging quantum technologies present both an exciting opportunity and a potential risk for the telecommunications industry. Today, cryptography is used across all telco systems to protect data, infrastructure, and communications.
As quantum computers mature, they could tackle some of the world’s most complex problems. However, a cryptographically-relevant quantum computer could also be used to break the encryption algorithms currently used. New algorithms and security protocols are needed to ensure telco data and networks remain secure in the quantum era.
The security standards and specifications in the telco network space rely on many standards bodies and working groups, including organizations such as 3GPP, ETSI, IETF, and GSMA, that define security algorithms, protocols, and architectures. These cryptographic algorithms and protocols have evolved over decades, with each new generation of technology bringing improvements to security capabilities and performance.
Typically, operators will have numerous technology and business domains, underpinned by multiple technology generations (for example, in many countries mobile networks include 2G, 3G, 4G, and 5G capabilities), and potentially hundreds of offerings and thousands of vendors, across the network and the IT landscape. Data in telco systems includes sensitive data on subscribers, payment details, device information, network equipment, as well as information related to emergency response and law enforcement. Often the data is distributed across systems in different environments, and across public and private clouds, providing a broad attack surface for cyber threat actors.
This complexity, coupled with a requirement to maintain service continuity, security, interoperability and regulatory compliance, means that communication service providers (CSPs) and the wider telco supply chain will require careful planning and ecosystem coordination to support the journey toward quantum cyber resilience. Without proper preparation, telcos could be vulnerable to current and future quantum risks, including:
- “Harvest now, decrypt later” attacks – stealing sensitive now with the goal of decrypting it with a future cryptographically relevant quantum computer.
- Fraudulent authentication – falsifying code signing certificates and digital signatures to tamper with software updates.
- Digital signature forgery – manipulating legal history by forging digital signatures.
- Key management attacks – targeting key management to compromise data that is stored for a long time.
Quantum technology is evolving at a rapid pace. Governments, regulatory bodies, and organizations around the world are already establishing guidelines for the transition to quantum-safe cryptography.
For example, the U.S. National Institute of Standards and Technology (NIST) announced the selection of four quantum-resistant encryption algorithms for standardization, three of which were developed by IBM researchers, with a view to finalizing the standards in 2024. In the telecoms industry, the GSMA Post-Quantum Telco Network Taskforce — a consortium of over 50 companies and more than 20 operators, initiated by IBM and Vodafone to prepare telcos for the quantum era — recently released the “Guidelines for Quantum Risk Management for Telco.”
The objective is to support telecoms companies in the evaluation and management of quantum risks, as part of the post-quantum cryptography migration, using some of the most common risk frameworks, with steps such as building skills and awareness on post-quantum cryptography; inventorying applications and systems to understand where and how cryptography is used; performing a cryptography risk assessment to prioritize vulnerable data and systems; and creating a quantum-safe transformation strategy.
IBM developed IBM Quantum Safe, a comprehensive set of technologies, services, and infrastructure that equips organizations to plan and execute an efficient transition to quantum-safe cryptography.
Powered by three core technology capabilities, IBM Quantum Safe is built on IBM’s industry-leading expertise in quantum, cryptography, security, and telecommunications to enable telco clients to discover, observe, and transform their cryptography and build crypto-agility. IBM Quantum Safe empowers telco organizations with the knowledge and tools to begin the transition to post-quantum cryptography.