Ericsson Gives PQC Progress Report at Mobile World Congress

Telecommunications operators are incorporating post-quantum cryptography (PQC) and quantum-enabled security measures into their networks. A panel hosted by GSMA, the organizer of Mobile World Congress Barcelona, assessed the current status across the industry.

One of the panelists was Taylor Hartley, a network security solutions architect at Ericsson U.S., who offered lessons from Ericsson’s experience that other organizations could benefit from in their own PQC journey. 

“At Ericsson, we've been tracking this quantum threat for quite a while and our research departments have been working on post-quantum cryptography (PQC). But in the U.S. specifically, we have a very strict timeline that's been put upon us to begin this migration to PQC,” she said.  

Hartley’s role has seen her driving executive engagement to get the C-suite on board with the measures they need to take. The most frequent question is whether PQC is “a standards thing or a technical thing,” with a view that if it is just standards, it will work itself out over time, but a technology change needs more investment.

The next step is to create a strategy team of cryptography, security and quantum experts to build a roadmap and ensure internal messages align. Then organizations need to take a complete cryptographic inventory.

Related:AI-Powered Networks Revolutionize Connectivity at Mobile World Congress 2024

“For a large company like Ericsson, we have to create a clear scope. How are we going to attack this? Is it going to be by customer, by product or a little bit of both?” Hartley said. “We have the Ericsson Security Manager cybersecurity tool that does a compliance scan so we can check what protocols we're using, manage our public key infrastructure and get the tools together so we can become more crypto agile.”

Hartley said the biggest challenge to PQC migration, both from the perspective of Ericsson and also from the partners to whom the company provides equipment, is the hardware.

“As we move more into digitization and virtualization, software is going to be a far easier lift. There’s not going to be that much change except bigger key sizes, but I think a lot of use cases are already built to be able to handle larger key sizes,” she said.

“But hardware lacks the crypto agility software has. You won’t have to uplift all your hardware, some of it you can patch once or twice. We call this crypto flexible rather than agile. But the reality is there will have to be an uplift and there will have to be modernization that happens to some hardware, and I think that might be the biggest challenge so far.”