By: Martin Charbonneau

Communications service providers (CSPs) have played a leading role in digital transformation for decades. They have shepherded enterprises through massive technological shifts, from enabling global connectivity to delivering services in the cloud. Now, the paradigm is shifting again, driven by the looming threat of quantum computing that will present entirely new challenges for cybersecurity.

The risks posed by quantum attacks are likely to affect every industry, making quantum defense an immediate national and economic imperative. As the backbone of today’s digital communications, CSPs are ideally positioned to lead that defense. They already play a critical role in protecting sensitive data for governments, banks and enterprises, operating infrastructure at scale and across borders. By enabling a defense-in-depth approach, they’ll be able to extend this expertise into the Quantum Era—and deliver the agility and resilience needed to maintain trust in the networks that connect the world.

The Urgency to Act

Quantum computers can perform tasks exponentially faster than traditional binary computers. They can also carry out multiple processes at once, further increasing their capacity and speed. The potential benefits to society are numerous. However, if they fall into the wrong hands, quantum computers could be used to break most of the encryption methods currently used to protect financial transactions, personal data, intellectual property and other sensitive communications. Although quantum computers that can do this don’t exist yet, they are coming soon—possibly within the next five to 10 years—and the moment of their arrival is known as Q-Day.

But data are already at risk, particularly from a cyberattack strategy called ‘harvest now, decrypt later.’ Cybercriminals are likely already exploiting existing weaknesses and harvesting massive amounts of encrypted data, even if they can't do anything with the data at the moment, knowing they can just hold onto it until quantum capabilities advance enough to decrypt it. In other words, organizations can’t afford to wait for Q-Day before they worry about protecting themselves.

To illustrate, consider Mosca’s Theorem, as shown in Figure 1: If X + Y > Z, a business is at risk. X is how long the company has to hold its data securely. For data that becomes irrelevant as soon as it is used, that number might be close to zero, while other types of data need to be held onto for years. Y is the time it will take the business to deploy quantum-safe cryptography and apply it to all its applications, which can take significant time. Finally, Z is the time until Q-Day—and that number is not static. In fact, it gets smaller every day.

For some organizations, X + Y may not be considerably longer than Z. But consider sectors like healthcare, finance and government. These sectors are often legally required to keep data secure for decades. If they’re not already using quantum-safe cryptography, their data may have already been vulnerable for some time. That means they absolutely must act now.

Governments around the world are also recognizing the quantum threat and have begun enacting laws, standards and regulations for quantum security. In the United States, the National Institute of Standards and Technology (NIST) has identified an initial set of standard post-quantum cryptographic algorithms, which governments around the world—including those of Canada, Japan and Australia—have begun incorporating into their own cybersecurity strategies and standards.To address the quantum threat and meet impending compliance deadlines, organizations must begin planning their migrations now. Fortunately, CSPs are ideally positioned to help.