This article was co-written by Martin Charbonneau, Head of Quantum-Safe Networks at Nokia, and James Knights, Director and Principal Architect at Kyndryl.
Quantum computing will bring both challenges and opportunities, especially for industries that manage mission-critical infrastructure. Yes, it will unlock new capabilities in computing, networking and sensing. But when quantum computers advance far enough (and when, not if, threat actors get access to them), if protections aren’t put in place now, they’ll also be able to crack data confidentiality, integrity and authenticity methods in use today. This includes common security and privacy protections used for health records, financial transactions and sensitive government information. While some industries have recognized the quantum threat and are already implementing quantum-safe network (QSN) solutions, others lag behind — but even those behind may be poised to make big leaps in their quantum readiness in 2025.
#1: Leading the way: Defense
The defense and intelligence community recognized the threat posed by quantum computers well before it was even on the radar of the commercial industry. In February 2016, the U.S. National Institute of Standards and Technology (NIST) released the first draft of Interagency Report 8105, Report on Post-Quantum Cryptography, which discussed the vulnerabilities of asymmetric cryptography and recommended that government agencies use symmetrically encrypted networks to transmit sensitive data. Other agencies around the world have since published their papers and reports on quantum security, including France’s National Cybersecurity Agency (ANSSI).
For reasons of scale and protection for temporary connectivity, such as at the application layer, a quantum-safe public key infrastructure will be required. This triggered the development of post-quantum cryptography (PQC), using mathematics-based asymmetric algorithms. In August 2024, NIST released its first three finalized standards for PQC, with Federal Information Processing Standard 203 being especially relevant to applications. NIST is encouraging the Information and Communication Technology industry to begin transitioning to the new standards as soon as possible. That said, it will take some time for PQC to be integrated into commercial application products, so full-scale adoption won’t happen in the near-term.
PQC at the application layer is just one of the tools that can help achieve a quantum-safe outcome. Ideally, physics-based symmetric pre-shared key (PSK) cryptography, PQC and, possibly, quantum key distribution (QKD) are used together. These are applied across different application and network layers to achieve robust, crypto-resilient defense-in-depth protection. It’s like having a fence, a door deadbolt lock and bright lights to keep intruders out of your home.
#2: Industries poised for a quantum-safe breakthrough
While the defense and intelligence sector and other government networks may be furthest ahead in their awareness and adoption of QSN, mission-critical infrastructure operators in other industries, like finance, utilities, transportation, and more are likely to make significant strides in quantum security in 2025.
The reality is that many mission-critical infrastructure operators can be understandably conservative when it comes to change. However, we are seeing an increase in government standards and directives around cybersecurity, to which these mission-critical infrastructure operators must respond.
We’ve seen this with power utilities, where some directives have emerged requiring data confidentiality, integrity and authenticity. For example, the North American Electricity Reliability Corporation Critical Infrastructure Protection Standards (NERC CIP) includes requirements for data security in US and Canadian power utility networks. In 2021, NIST and NERC published guidelines on how utilities can map the NIST Cybersecurity Framework to the NERC CIP regulations.
Similarly, the European Union’s Network and Information Security (NIS) 2 Directive, which came into force in 2023, sets out mandatory cybersecurity risk management measures and reporting obligations for railways, energy providers, CSPs and other critical infrastructure providers. The requirements of NIS2 have prompted many organizations to embark on ambitious modernization projects to enhance their cybersecurity.
The healthcare and finance sectors, while already highly regulated in terms of data privacy and security, will likely become increasingly aware of the quantum threat in the years to come, possibly leading to more QSN trials. Big banks and large financial services institutions, trading organizations and many more are particularly vulnerable to “harvest now, decrypt later” (HNDL) attacks, in which a threat actor harvests sensitive information today, holding it until it can be decrypted later by a cryptographically relevant quantum computer (CRQC). These organizations need to act now to protect customer information and vital economic data. Investing in quantum-safe networking capabilities not only addresses current regulatory requirements like the Digital Operational Resilience Act (DORA) and the Health Insurance Portability and Accountability Act (HIPAA), and effectively addresses critical aspects such as confidentiality, integrity and authenticity, but also prepares organizations for future regulatory developments.
The list does not stop there. Private industries, manufacturers, research organizations and more – anyone who uses and relies on data for their operation will need enhanced data security and privacy protections that can be deployed working with trusted partners.
#3: Telecom Service Providers are also innovating
Some CSPs are recognizing the quantum threat and seeing QSN as a way to differentiate their service offerings in a highly competitive market. In March 2024, Korea’s SK Telecom joined Nokia and six other companies to create a “quantum alliance” dedicated to exploring joint investment and deployment opportunities. In Korea, Nokia working with SK Broadband enabled a quantum-safe network deployed on behalf of the Korea Hydro and Nuclear Power (KHNG), while in Poland, Netia and Nokia successfully completed a pilot to test QKD for real-world data transmission and quantum key generation between two of the CSP’s live data centers. A similar trial was conducted in Belgium with Proximus, with Nokia being the first in that country to pilot a hybrid quantum encryption key in a live optical network.
These and other providers are working to innovate. By combining leading networking technologies with expert partners who possess deep network and IT knowledge across various industries, CSPs can offer managed, wholesale, or retail services, bringing quantum-safe network outcomes to even more enterprise segments.
#4: The QSN opportunity is now
The rapid development of quantum computing, AI and other technology concurrently in a tense global environment suggests a danger that mission-critical infrastructure operators and service providers of all types need to protect themselves against.
It’s vital to stay one step ahead. With 2025 being the United Nations Year of Quantum Science and Technology, and as the world’s industries continue with digital transformation and modernization projects as we progress into a Quantum Secure Economy, we have an opportunity to put in place quantum-safe networks now that protect against tomorrow’s threats.At this moment, we have the advantage and the opportunity, so now is the time to act.
The views expressed in this article belong solely to the author and do not represent The Fast Mode. While information provided in this post is obtained from sources believed by The Fast Mode to be reliable, The Fast Mode is not liable for any losses or damages arising from any information limitations, changes, inaccuracies, misrepresentations, omissions or errors contained therein. The heading is for ease of reference and shall not be deemed to influence the information presented.
With a career immersed in the evolution of emerging technologies, Martin Charbonneau pioneers Quantum-Safe networking solutions at Nokia. His focus on Quantum-era cybersecurity fosters global collaborations with research and technology leaders in the quantum cryptography sphere, aiming to craft solutions for a dynamic security landscape. Martin partners with critical infrastructure organizations and enterprises, enlightening them about the urgency of securing network infrastructure through comprehensive defense-in-depth strategies. While Martin recognizes the vast potential of quantum computing technologies, his mission is to ensure a continued trust in our data and digital communication infrastructures. This commitment is rooted in a clear understanding of the transformative power of Quantum technologies and the necessity to protect our digital future. A product of Canadian education, Martin attended the Canadian Royal Military College (RMC, St-Jean, Canada). He is currently based in Canada’s capital city, Ottawa.
With over 30 years of telecom expertise spanning across Kyndryl, IBM, and Bell Canada, James has designed and built networks for high-profile sporting events, world-class sports venues, hospitals, financial institutions, connected factories, and government organizations.