Quantum computing is picking up speed with real-word case studies and breakthroughs. And it’s bringing a whole new set of cybersecurity challenges with it.
Host Patrick Moorhead of Moor Insights & Strategy sits down at Mobile World Congress 2025 with experts Lory Thorpe, Quantum Safe Industry Lead at IBM and Vodafone Group’s Luke Ibbetson, Head of Group R&D, for a discussion on their efforts to bolster cybersecurity in the quantum computing era.
Key takeaways include:
🔹The Quantum Threat is Real: Quantum computing could render current encryption methods obsolete, putting everything from financial transactions to critical infrastructure at risk.
🔹Vodafone and IBM to the Rescue: See how Vodafone and IBM are collaborating to develop and implement quantum-safe solutions, including real-world pilots in Vodafone’s SecureNet product.
🔹The GSMA Takes Charge: Learn about the GSMA Post-Quantum Network Task Force and its efforts to drive standardization and collaboration across the industry.
🔹A Call to Action for All Industries: Quantum-safe security is not just a telco issue; it impacts every sector. Discover why it’s crucial to start preparing now.
Learn more at IBM and IBM Data & AI.
Watch the video below at Six Five Media, and be sure to subscribe to our YouTube channel, so you never miss an episode.
Or listen to the audio here:
Disclaimer: Six Five On The Road is for information and entertainment purposes only. Over the course of this webcast, we may talk about companies that are publicly traded, and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors, and we ask that you do not treat us as such.
Transcript:
Patrick Moorhead: The Six Five is On The Road in Barcelona, Spain, here at Mobile World Congress 2025. It’s been a great show so far. I think this is around my 10th or 11th year and I do feel a big sense of optimism. Optimism about AI. What this could mean to the edge, what this could mean for carriers, carrier equipment providers, and of course, systems integrators as well. Now with AI, we’ve seen deep threats increase. The attackers basically have greater tools to come in and steal your data, get your money and basically do nefarious things. One thing that has been very high on the agenda though, is making sure that security systems are quantum safe. So essentially quantum systems get online, attackers will have even greater capabilities. So how do you protect those critical infrastructure and systems? And I am very pleased to have both Luke and Lory here again on the Six Five. It’s been two years.
Luke Ibbetson: Wow.
Patrick Moorhead: And I love it. It’s like a chapter in here. In 2022, the GSMA committee was formed. So this is wonderful. I’m sure there’s been a lot of progress.
Lory Thorpe: There has. Yes.
Luke Ibbetson: Yeah.
Patrick Moorhead: So anyways, thanks for coming on the show again.
Lory Thorpe: Thank you for having us.
Luke Ibbetson: Good to see you again.
Patrick Moorhead: You too. A great place to start. Luke, I’ll start with you, maybe talk a little bit about the partnership with IBM and talk about, you know, what has happened in the last two years?
Luke Ibbetson: I will talk about what’s happened in the last two years and also what’s happened in the last two days. Because we had a very good announcement on Monday regarding the latest step in our collaboration. But Vodafone has been working with IBM on all things related to quantum for probably nearer three or four years, actually looking at both the fantastic capabilities that quantum computers can bring us as a telco operator, once these devices are available at scale, but also working very, very hard to make sure that we can secure our networks against a threat posed by cryptographically relevant quantum computers. So we’ve been working hard to pilot and co develop some tooling that allows us to automate the way that we do cryptographic discovery across our networks. In other words, finding out where we have vulnerable forms of cryptography and then work out ways to remediate and mitigate the threat that that might pose to our systems.
Patrick Moorhead: I know it’s hard to put a number on security, but how would you characterize the threat of a quantum attack? Is there a way to look at it? Is it 10x? 100x? 1000x?
Luke Ibbetson: If you think about the extent to which every single part of your life depends on being able to make secure transactions, whether or not you’re buying a train ticket or doing a banking transaction, or just having, you know, a secure communication with a customer, or inventing something. So if I were to work for a company that is inventing a new clinical trial, developing a new drug, for example, and you want all of your IP to be visible to people a few years time whilst you’re still trying to roll out that product, then it creates a massive issue. For us, of course, we’ve got a very, very complex system to deal with where the ability to secure networks that have been built over successive generations of technology from multiple suppliers operating across multiple different countries is quite daunting. We need to work out, which is what we’ve been doing with IBM, ways to automate and solve this problem now so that we don’t get exposed to this threat.
Patrick Moorhead: Yeah, it’s pretty daunting. Sometimes we forget how vulnerable things could be. But you wonder if somebody just has your password to do everything on your smartphone or in your office building that’s connected to one of your networks and what could happen. This seems really important.
Luke Ibbetson: I will, sorry, we just come back as well because it’s not all scary stuff. I think the announcement that we made earlier this week is taking one of our existing security products. This is called SecureNet. It’s used today with millions of customers across multiple countries. And using some of the techniques that we’ve been developing with IBM, we piloted and incorporated a way of remediating and helping to mitigate the threat in a way that helps us demonstrate how we can bring that into a product even today. So given that it’s going to take the world many years to fully migrate to these new forms of cryptography, what we’ve demonstrated this week is something that allows that capability to be expedited in a very, very meaningful way into some real products. So we’re very excited about the development.
Patrick Moorhead: Yeah, it seems very important and I don’t know, Lory, if you wanted to comment on the threat level. I mean, this is what you do. And I know it’s very hard to measure how big a threat is, but any comments on that?
Lory Thorpe: Well, I think there are two angles to look at. One is ultimately the increasing value and reliance that we have as a society on connectivity. So connectivity underpins digital society, digital economy. And this is why ultimately this isn’t a telco problem. This is a problem that extends across sectors. The other aspect I would say is around security. There are many security threats and we need to be looking at Quantum as one of many security threats that can ultimately compromise our digital society and our digital economy. So when we think about the cost of a breach, for example, it’s very, very significant in this space. And depending on what the motivations might be, this could be anything from somebody that wants to steal something for economic gain, but also somebody that wants to disrupt the fabric of society. So there’s a lot at stake. And maybe I haven’t given you the number you were looking for.
Patrick Moorhead: But like I said, I prefaced it with: it’s really hard to quantify this, but it’s almost like, hey, what’s the value of keeping our roads, our bridges, our first alert folks, our consumers, and as connected as we are today.
Lory Thorpe: Exactly. So think of logistics, think of defense, all of these areas that are really fundamental to. So this isn’t a telco problem, is what I would say. And we shouldn’t be looking at it exclusively as a telco problem.
Luke Ibbetson: No. It makes it sound like a troublesome child. No, but just to kind of build on what Lory said regarding the criticality of the infrastructure. So we talk about critical national infrastructure. So systems operated for governments or on behalf of the country, such as electricity grids or the way that we meter water or the way that we meter energy. These also are intrinsically connected these days. And if we have a threat that can impact the way that energy or water or gas or the road infrastructure is monitored and controlled, then clearly this has a very, very big impact on life in general.
Patrick Moorhead: I appreciate you commenting on this. Just sometimes our audience might take this for granted. So I thought that’d be a good place to start.
Luke Ibbetson: Yeah, it’s a good one to raise.
Patrick Moorhead: So, Lory, can you tell us more about the partnership you have with GSMA on the post quantum network task force?
Lory Thorpe: So really excited because in the last couple of days we’ve run a couple of events that have gained huge traction, so hugely oversubscribed. But more importantly, the content that we actually saw was really exciting. So we saw real progression from when we started, when we last spoke, the task force was new. We were still trying to figure out what was the role of the task force and what is it that we needed to focus on. Since then, we’ve published a number of documents that have started to explore what does post quantum cryptography mean for telco, what do the telcos and the wider telco ecosystem need to do to prepare for this important transition. And I think now what we’ve seen is first of all, we’ve collected an amazing group of people that are looking at this from different angles. So we’ve got the point of view of the operator, which is obviously very, very important, the point of view of the telco, of the telco technology providers, but also from government and policy. So bringing all of that together has been first of all very interesting, but I think really important to ensure that there is an executable plan in how we implement post quantum cryptography. Over the next sort of 10, 20 years. Yesterday we had our seminar. One thing that we’ve seen that has evolved is that the people in the task force, the companies that are part of the task force have started doing some actual work and they brought the demos to MWC. So we’ve seen some really exciting demos that show that there is actual work going on, that there are solutions that are being made available, solutions that are evolving. And I think that’s probably one of the most exciting aspects of what the task force has brought because it’s fostering that collaboration that is going to be a really important element of successfully implementing post quantum cryptography.
Patrick Moorhead: Yeah. So my guess is part of this would be, okay, here’s why we’re doing this. Kind of like the beginning of the conversation we had, I guess there would be some standards, evolution of the standards, maybe even a how to, like, well, where do I start? What should I do?
Luke Ibbetson: Which is very much the type of collateral we’ve been building within the task force actually is exactly to address that challenge. Daunting otherwise, if you look at it from given everything we said about the scale of the threat and the scale of what can go wrong if we don’t address it, we have started to provide some very systematic deliverables over the past two years since we launched this initiative to give people some real insight into how to consider the risks, how to build an awareness of where the vulnerable cryptography is. And also we had some very, very good perspectives from adjacent parts of our industry as well. So we had a deliverable looking at how it impacts IoT. We’re doing collaboration with the automotive industry. We have some great perspectives from the financial services industry as well. All trying to use the same now standardized NIST algorithms that were published in August last year, which again is another development since we last spoke.
Lory Thorpe: Yeah, I was about to say that since we last spoke, one of the key milestones has been the publication of the first set of NIST standards. And that’s been a real catalyst that has created a lot more momentum behind the whole quantum safe topic. So we’ve seen a lot more. I guess this is becoming more real than maybe it would have been when we talked two years ago.
Patrick Moorhead: Well, the great part is scale here. I mean, I like to joke that, okay, I’m an industry analyst today, but I used to have a real job. I sat on a lot of industry forums where we create standards to leverage across the industry. And like, you still have your day job, okay, that, you know, you very much still have to drive your network forward. Part of your world is in today, but it’s also into the future. So there is a lot of work there. So we talked about scale, right? It’s great that everybody’s getting together to scale and share the wealth of knowledge and experience across everybody because this is a very serious topic for all the reasons we talked about. Lory, we just talked about what you’re doing in telecommunications. But what other verticals or industries, maybe even horizontals, is this important? And Luke, you know, you had even talked about automotive and IoT but from your point of view, what are some other sectors that you’re involved in?
Lory Thorpe: So this is a problem that will be relevant across all sectors and all geographies. So it knows no boundaries. So we use public key cryptography everywhere. No vertical is exempt. Having said that, the verticals that the sectors that are maybe a little bit more advanced in this awareness process and in starting to look at what is going to be needed, I would probably say financial services and telco and I think for very good reasons because you mentioned earlier the standards, telcos and financial services rely on interoperability, backward compatibility and that is delivered by having standards in place. Now that process we talked about the NIST standards. The NIST standards are just the beginning because then we need to take those NIST standards and we need to implement them into the security protocols that we all use into the sector specific protocols like 3GPP as an example. And that process is very much ongoing and that will take time. If we don’t stop, start doing that now, then arguably it’s going to be, we’re going to have a gap in the capabilities. We have a dependency on standards and if we’re not addressing those dependencies then we won’t be able to execute.
Luke Ibbetson: And I guess just building very briefly on that and making it pragmatic from a telco perspective, we need to be specifying the correct requirements within our supply chain. So this impacts the way that we procure equipment going forwards. We need to be making sure that the boxes that we buy, the stuff that we build networks out of, have got the right capability in terms of the cryptography and also this notion of being agile in the future because we know that this is an evolving threat. The NIST standards that were published are the first of a number of new post quantum crypto standards that are likely to come along and we need to make sure that the equipment that we start to use within our network has got a level of agility that allows us to continuously update those algorithms as this space emerges.
Patrick Moorhead: Very pragmatic.
Lory Thorpe: Yeah, well I mean we need to be looking at this as a, this is the next generation of cryptography. So post quantum is maybe the catalyst for it, but it’s the next generation of cryptography and the capabilities that are going to be required to manage the next generation of cryptography, including things like automating some of the things that maybe we don’t automate as well as we would like today. That is very much part of the work that needs to be done.
Patrick Moorhead: Yeah. So I mean this is really an entire technology industry thing. Public cloud, private cloud, mainframe, cloud, server, mobile, carrier, every network intermediary in there. This is great stuff and this really shows the value of collaboration. I know some people are like oh great, another committee. But it’s like no, no, We need shared knowledge, shared learning and implementation standards. Even back to the pragmatic. I need to buy equipment that complies with this, that’s agile too to be able to do what I need to do and be quantum safe.
Lory Thorpe: Maybe on a more positive note rather than just saying you need to do this. But early preparation is important also because it gives us.. insecurity. We don’t always have the advantage of somebody calling us up 10 years in advance to say this is going to be broken in 10 years time. So how do we leverage the fact that we do have that time to do it and starting early allows us to do it a lot more efficiently so we can leverage our technology, our normal technology refresh cycles, we can prepare the standards, we can do all of these things that, you know, normally when something happens you don’t always get advance warning of it.
Patrick Moorhead: That’s right.
Lory Thorpe: Rarely you get advanced warning of it.
Luke Ibbetson: Yeah, good point.
Patrick Moorhead: Yeah. Luke, Lory, thank you so much. Congratulations on the progress.
Luke Ibbetson: Oh, thank you. I mean I’m very proud.
Patrick Moorhead: Again, I’ve been on committees, I’ve been on standard. I mean it’s like, it’s hard because you have your day job and you’re charting out defense of the unknown in a way which is even harder. Right? Then just let’s say a bus interface standard or something like that. So thanks for coming back on the Six Five and I don’t know, maybe a year or two years from now we can do this again to see where we are.
Luke Ibbetson: Absolutely. We’ll see, we’ll see what we’ve achieved then. Thank you very much. Thank you.
Patrick Moorhead: This is Patrick Moorhead from Moor Insights and Strategy on The Six Five talking about crypto safe technologies in carrier equipment and with carriers. Tune into all of our IBM content and go back and look at two years ago at the interview we did with IBM and Vodafone, and you gauge for yourself the progress that has been made. I’m sure you’ll agree with me: there’s been a lot of progress. So thanks for tuning in and take care.
Author Information
Six Five Media is a joint venture of two top-ranked analyst firms, The Futurum Group and Moor Insights & Strategy. Six Five provides high-quality, insightful, and credible analyses of the tech landscape in video format. Our team of analysts sit with the world’s most respected leaders and professionals to discuss all things technology with a focus on digital transformation and innovation.
