0

The threat of harvest now, decrypt later, alongside broader momentum in quantum computing, adds urgency to PQC adoption

For telecommuication operators, the transition to post-quantum cryptography (PQC) is no longer a question of if, or even when, quantum computers will be powerful enough to break today’s cryptographic systems. According to GSMA Senior Director Yolanda Sanz, the industry’s priority now has to be migration readiness.

Speaking during a recent RCR Tech webinar — available on demand here — Sanz framed the issue around three related challenges: the long-term risk posed by quantum computers, the vulnerability of widely used asymmetric cryptography, and the concrete migration timelines now being set by government and standards bodies. While the industry has long discussed whether quantum computers are five or 10 years away from becoming a practical threat, Sanz said that framing is becoming less relevant as migration deadlines come into focus.

“My message today is that crypto migration is necessary regardless of when the quantum computer attacks [are] going to happen,” she said. “We need to have this in mind because we have those clear deadlines.”

The core concern is that asymmetric cryptographic protocols, used broadly across telecom infrastructure and the wider digital economy, could be broken by sufficiently powerful quantum computers. Operators have asymmetric cryptography embedded across many parts of network infrastructure, including protocols used for secure communications, authentication and control. At the same time, the migration away from vulnerable algorithms cannot happen quickly, particularly in an industry that depends heavily on global standards and long-lived network equipment.

Sanz pointed to NIST timelines as a critical forcing function. Current cryptographic algorithms are expected to be deprecated by 2030 and disallowed by 2035. Deprecation means those algorithms will no longer be maintained, which could leave systems exposed if they continue to depend on them. Disallowance, meanwhile, could create regulatory and compliance consequences for organizations still using outdated cryptography.

“You may think that 2030 is still far away, but for a crypto migration, that is nothing,” Sanz said.

That timeline is especially challenging for telecom operators because migration involves much more than swapping out algorithms. Operators need to understand where cryptography is used across their networks, assess which systems are most exposed, prioritize the assets that should be migrated first and ensure interoperability during the transition. This is particularly important in multi-vendor environments and in networks that must continue supporting legacy devices already deployed in the field.

GSMA’s role, Sanz explained, is to help the telecom industry understand what those algorithmic and standards changes mean in operational terms. That includes monitoring work in organizations such as IETF and 3GPP, identifying gaps in telecom standards, developing migration guidance and helping operators prepare for the impact of PQC algorithms on constrained network elements.

PQC algorithms can require longer key lengths, which may create performance, memory and processing challenges for certain telecom systems and devices. Sanz said this reinforces the need for testing, early adoption, shared best practices and coordinated planning across operators, vendors and standards bodies.

GSMA has been building this work through its post-quantum telco network task force, which began in 2022 with a small group and has since grown significantly. The organization has also released a crypto migration roadmap for operators and is working on related topics including crypto bill of materials, automotive sector collaboration and crypto agility for telecom networks.

Her closing message was direct: “So, please don’t procrastinate on the crypto migration.”

For more context on harvest now, decrypt later, PQC and quantum key distribution (QKD), and survey results on operator readiness and sentiment, read this research report: Preparing for Q-Day and the path to quantum-safe networks.

Register to attend the Quantum Safe Networks Forum hosted by RCR Tech on July 14, for a 360-degree view of how operators are protect networks from future threats.