Quantum-Safe Networks Are No Longer Theoretical

The telecom industry is entering a phase in which quantum security is no longer a laboratory topic but an operational and strategic issue for networks, supply chains, and regulation. According to Zygmunt Lozinski, Quantum Ambassador at IBM Research, for ICTbusiness Media - ICTbusiness.biz, post-quantum cryptography is becoming a necessary foundation for protecting digital infrastructure, and the real challenge is no longer whether the standards will emerge, but how quickly operators and vendors can turn them into products, policies, and deployment plans. 

Lozinski makes the point directly: “post-quantum cryptography is essential to secure our networks and our infrastructure.” In his view, the industry cannot assume it still has unlimited time to react. Work is already underway through GSMA initiatives to define the relevant use cases and requirements for quantum-safe telecom environments, while operators are expected over the next five years to push suppliers to provide products that support post-quantum cryptography. “Between now and 2030, we will see products becoming available,” he says, but only if operators make it clear to the supply chain that this is now a real requirement rather than a future aspiration. 

A central part of the discussion is the “harvest now, decrypt later” threat model, in which attackers steal sensitive data today in the hope of decrypting it once large-scale quantum computers become viable. Lozinski notes that ordinary personal messages may hold little long-term value, but “high value intellectual property” will remain highly attractive. In telecom, he points in particular to the call records of politically exposed individuals and other sensitive operator-held data. That is why he argues operators should already be watching abnormal data movements and signs of exfiltration, not least because the same pattern can also appear in ransomware scenarios. “It’s going to be a multi-year journey,” Lozinski says, and without strong visibility into what is happening across the network, that journey cannot be managed properly. 

That is where IBM’s idea of “cryptographic observability” comes in. As Lozinski describes it, operators need the ability to see which cryptographic algorithms are actually in use across live network traffic and how far they are from their own quantum-safe policy. This matters because the transition is not a single replacement exercise. It is a staged migration that requires continuous oversight, testing, and upgrades across network elements, applications, and security controls. 

One of the most important concepts in that process is “cryptographic agility”. Lozinski defines it as the ability to change cryptography “without having to rip and replace all of our systems”. In his view, that must become a core design principle for commercial and telecom systems. GSMA, IBM Research, operators, and other partners are working on a roadmap for that agility in telecom, intended to provide an early practical framework for vendors and service providers. Here again, Lozinski stresses that the signal must come from both operators and regulators. Without a clear market requirement, the supply chain will not move fast enough. 

He also draws a clear distinction between post-quantum cryptography and quantum key distribution. While PQC offers a way to update current cryptography on existing systems, Lozinski says, “QKD is perhaps best considered currently as a research area.” National technical authorities, he adds, remain concerned about implementation vulnerabilities, which is why “don’t use it as the only form of security.” Instead, he sees it as one building block of a future quantum information network. IBM and Cisco want to demonstrate the basis of such a network, sometimes described as a quantum internet, by 2030, connecting quantum computers and sensors. In that sense, today’s QKD work is not a dead end but part of the groundwork for a broader 2030s infrastructure. 

Lozinski’s broader message to the telecom sector is therefore straightforward. Quantum safety will not arrive as one dramatic overnight shift, but as a sequence of technical, operational, and regulatory decisions that need to start now. The operators that first gain visibility into their cryptography, build in cryptographic agility, and push their suppliers early will be in a far stronger position when quantum-safe requirements move from roadmap language into hard market reality.