Read full version
Gennady Detinich
IBM, Vodafone and GSMA members published a policy document that outlined the most important ways to protect telecommunications companies from cyber threats of the quantum age. And although the group does not expect a potentially dangerous quantum hacking system to appear until 2032, for a number of areas the threat has ceased to be illusory. Information for long-term storage classified as “Secret” and personal data of citizens are already under attack. We must act immediately.
A document Post Quantum Telco Network Impact Assessment on assessing the impact of quantum technologies on telecommunications networks can be downloaded at this link. This 57-page expert text provides an in-depth analysis of the quantum security threats that the industry is already facing and will soon face even more, as well as a detailed step-by-step list of actions and solutions to prepare to mitigate these threats.
In particular, the paper provides an assessment of the business risks associated with quantum cyber threats for specific telecom operators, including four types of attacks that have the greatest impact: data accumulation now, decryption later; code signing and digital signatures; as well as history modification and attacks on key managers. For example, attackers can already today accumulate information protected to the point of impossibility of hacking in a reasonable time, with the hope of decrypting it after the advent of quantum platforms.
It will be possible to counter future threats only with the adoption of new security standards, which, by the way, are already being developed by the same company IBM. This applies not only to protocols and encryption algorithms, but also to SIM cards, public key infrastructure, digital certificates, and much more. Considering the general inertia of all bureaucratic structures, reasonable fears arise that in ten years it will be either impossible or extremely difficult to seriously change something.
“The advent of this technology [квантовой киберугрозы] requires immediate preparation as some forms of attack can be retrospective (eg “store now, decrypt later”). Motivated attackers can collect and store data now in order to decrypt it when certain quantum computing capabilities become available. According to the report, such entities may do so to “undermine the security of long-term data, such as corporate IPs, government secrets, or individual biodata,” – said in a press release from IBM.