The Quantum Master Key: Is Your Network Ready for Q-Day?

Imagine your network as a house that you’ve spent billions of dollars building. Now, imagine someone is working to create a master key that can open every door and every window. This is how Mark Mortensen, Ph.D., and Liliane Offredo-Zreik, principal analysts at ACG Research, describe the looming threat posed by advancements in quantum computing.

“We don’t know when they’re going to get their master key,” warns Mortensen. “And you really ought to be thinking about what you’re going to do when somebody shows up with that key.”

This “master key” is a cryptographically relevant quantum computer (CRQC), a machine powerful enough to break the public key encryption systems, like RSA and elliptic-curve cryptography, that underpin modern digital security.

For years, this threat was considered a distant concern, a bridge to be crossed when the time came. But a combination of technological progress, a global quantum arms race, and new industry standards have changed that, and now the quantum threat is moving from the theoretical world into the real world.

“We’ve been talking about quantum computers for a long time: how they’re going to be able to solve problems that conventional computers would take like the lifetime of the universe to solve,” says Mortensen. “They’re getting closer.”

The Ticking Clock

Quantum advances are largely being driven by progress from leading technology companies. In December 2024, Google introduced its Willow quantum processor, which demonstrated significant advances in error correction and qubit coherence. In November 2025, IBM published an updated roadmap targeting a large-scale, fault-tolerant quantum computer by approximately 2029.

“If you’ve been watching quantum over the past few months, you’ve seen there’s been a lot of announcements about a lot of progress made,” says Offredo-Zreik, “Some of the problems that have been plaguing quantum for some time are slowly being addressed.”

Official bodies are also taking note and are developing guidelines and standards. After an eight-year evaluation process, the U.S. National Institute of Standards and Technology (NIST) finalized its first three post-quantum cryptography (PQC) standards in August 2024: ML-KEM for encryption, and ML-DSA and SLH-DSA for digital signatures. These standards are designed to protect against attacks from both classical and quantum computers and to provide a long-term migration path away from vulnerable systems.

The European Union, meanwhile, has recommended that member states begin post-quantum cryptography transitions by the end of 2026 and be ready for specific quantum security tasks by 2030.

Another troubling aspect of the quantum threat is that its danger begins long before the first quantum computer is publicly announced. Malicious actors, particularly state-sponsored groups, are likely employing a strategy known as harvest now, decrypt later (HNDL). These actors are siphoning and storing huge quantities of encrypted data today, waiting for the day they can use a quantum computer to unlock it.

“Any information that is going to be still useful in somewhere between three and 10 years is harvestable now, and later on it is possible to get to the information,” Mortensen explains.

Mortensen warns that the quantum threat does not exist in isolation, and AI advances will make it far easier to exploit decrypted data.

“So the AI advances compound the problem here,” he says. “Once a quantum computer cracks the encryption, the AI is going to help tremendously to sort through that data very quickly.”

While the financial sector is an obvious and attractive target, Mortensen says government institutions are the most exposed.

"We know the Chinese are working on it. We know the U.S. is working on it. We know Korea is working on it," he says. “We know a lot of countries are starting to keep track and just harvest up as much data as they possibly can, stick it in huge data centers, and just keep it for when they can decrypt it.”

Q-Day

The arrival of this decryption capability, often called “Q-Day,” will not be a singular, public event like Y2K.

“Somebody asked me once, ‘When is Q-Day going to happen?’ I said: ‘six months before we find out about it,’” Mortensen says. “The first people who crack this are not going to be announcing that they cracked it. They’re going to be harvesting, and they’re going to be decrypting like crazy.”

Unlike Y2K, wherein loomed a hard deadline that drove action, the ambiguity of Q-Day fosters complacency. As Offredo-Zreik notes, “the fact that we don’t even know the date is actually worse.”

While the quantum threat looms, it’s competing for attention with other priorities.

"I think everybody is like 'let's invest in AI' because there's a FOMO," Offredo-Zreik says. "If you have to do some capital allocation, you're going to please everybody and say 'yeah, we're investing in AI.' We're so far into this whole AI thing that we may be missing some important things."

The problem is also compounded by other justifications for inaction.

"Some people will tell you, 'Oh yeah, the standards aren't good enough,'" she says. "We've heard those arguments many times."

“This quantum stuff, it makes people’s heads hurt,” Mortensen adds. “It makes businesses’ heads hurt. You go to the board and say, ‘Oh, we think we might have a horrible problem in the next couple of years.’ And the board says, ‘Well, we have a lot of horrible problems right now. Let’s work on those.’ Nobody really wants to take out that insurance policy.”

Other sectors, namely the financial industry and big tech, are moving faster.

“They’ve already been working on this for several years,” says Mortensen of the financial sector, “and they will be ready pretty darn soon.”

Offredo-Zreik adds that “The big banks—the JP Morgans, the Morgan Stanleys—are spending hundreds of millions of dollars to secure their networks already.”

The investment community is also paying attention: the Defiance Quantum ETF (QTUM), launched in 2018, offers public-market exposure to the sector, and several quantum companies, like IonQ and Rigetti Computing, are now publicly traded.

Tech giants are also ahead of the curve. According to Mortensen, “Google already has an encryption in place that should last them a good 15 or 20 years. They’re already getting ready for Q-Day.”

Others are also making moves. Apple introduced its PQ3 protocol for quantum-secure messaging, and IBM has built a quantum-safe technology stack into its z16 mainframes.

“IBM is one of the top vendors doing a lot of research,” adds Offredo-Zreik. “Toshiba as well. And there are many startups. Companies like IonQ. There’s a very vibrant private company space doing a lot of work as well.”

European and Asian operators have also been public about their preparations. Orange Business launched a commercial quantum-safe networking service in Paris, U.K.-based BT has conducted quantum network trials, and South Korea’s SK Telecom has rolled out Quantum Key Distribution (QKD) infrastructure.

Offredo-Zreik says the vendor community has also been working on it: "We've been talking to a lot of the vendors, and the telecom vendor community has been very, very active in developing."

Among the vendors actively developing quantum-safe network solutions are Cisco, Ciena, Juniper (now part of HPE), and Nokia.

But whether operators are listening is another question.

"I don't know to what extent they've been successful in getting the attention of the operators, especially in the U.S.," she says.

Mortensen offered a stark estimate when asked what percentage of operators are genuinely prepared: “If 20% of them have anything written down other than ‘think about quantum,’ I’d be surprised.”

That said, both analysts acknowledge that operators may be further along than their public posture suggests, with quantum planning happening internally, even where it hasn’t been announced.

Offredo-Zreik also sees a challenge in staffing and strategy, noting the broader difficulty of hiring the right people. “It’s hard to find people with that expertise,” she says.

Both analysts worry that without proactive measures, it could take a catastrophic event to move the industry to action.

“I think that’s what’s going to happen,” Mortensen concedes. “Somebody’s going to really get in and really mess it up.”

He envisions a scenario in which someone has been listening in on FBI phone calls, for instance, or an attacker exploits a vulnerability in an operator's network to cause damage.

Data Theft and Network Collapse

For telecom operators, the risks of a quantum attack are twofold: The first is the confidentiality of customer data flowing over the network. The second is the integrity of the network itself.

“These days it’s all computer-controlled and, in fact, most of it actually runs inside a data center,” Mortensen explains. “So if you get into the data center—if you’re able to crack into it, you can screw with the network. You can do things like listen in to all the NSA stuff that goes over here, or all the bank stuff that goes over there. You could reconfigure the network surreptitiously, or you could even do it maliciously and take down the network, overload networks.”

A threat like this extends beyond telecom to all essential services that rely on network connectivity. “Anything essential can become compromised,” adds Offredo-Zreik. “Energy infrastructure, healthcare—anything.”

Blockchain and cryptocurrency systems are also exposed, as they rely on the same public-key cryptography that quantum computers will be able to break. Wallets, transactions, and the integrity of blockchain networks could all be compromised.

While the initial threat will likely come from sophisticated (and well-funded) state actors, the abilities of quantum computing will not long remain contained.

“The really bad actors, probably the governments, are going to get it first,” Mortensen predicts. “And then later on, it’ll become more democratized and other people get a hold of it too. So, the second-level bad actors and third-level bad actors will eventually gain access to these tools.”

Changing the Locks

For securing customer data in transit, new PQC encryption schemes based on the NIST standards will be sufficient. But for securing the core of the network itself, Mortensen stresses that operators are going to need QKD.

It won’t be easy to implement these solutions either. The new algorithms demand more processing power, and Offredo-Zreik explains that "some of the existing servers and systems cannot process this amount of bits."

In many cases, that means hardware replacements instead of software patches.

"The biggest problem actually is finding out where the stuff is and what vintage it is," Mortensen says. "In most cases, that's going to have to call out a unit from the rack and stick a new unit in there with the new encryption schemes in it."

Despite the complexity, Mortensen lays out a clear, three-pronged strategy for operators to prioritize over the next few years:

1. Secure the Customer Network: “Start securing their own network—the information that their customers use as part of the network. Develop a plan that gets all the new encryption schemes out there.”
2. Secure the Internal Network: “Operators need to start looking at their own security inside their own network, for managing their network.”
3. Explore the Opportunity: “Third, they should look at the opportunities for managed security services in a post-quantum world.”

Telecom operators are uniquely positioned to offer quantum-safe managed security services to their enterprise customers, and Mortensen believes the opportunity could be as big as SD-WAN.

“The telecom operators have missed out on so many opportunities,” Mortensen says. “They just watch them. They just watch these opportunities go by.”

But quantum security could be different if operators act now, and Mortensen predicts that, in hindsight, they’ll regret not acting sooner.

“They’re going to say they should have been doing more earlier,” he adds.

Industry research reinforces the size of this opportunity. According to McKinsey & Company’s 2025 Quantum Technology Monitor, the quantum communication market was valued at approximately $1.2 billion in 2024 and is projected to reach $10.5 billion to $14.9 billion by 2035. McKinsey also projects that the telecom sector will account for 16% to 26% of overall spending on quantum communication products by 2035. The broader technology market, which consists of computing, communication, and sensing, could reach $97 billion by 2035 and nearly $200 billion by 2040. 

Beyond Security: The Quantum Internet

The threat isn't the whole picture, though. The same technologies that pose a risk today will also give rise to a quantum internet: a network connecting quantum computers and a new generation of quantum sensors.

These sensors, Mortensen explains, use quantum physics to achieve sensitivity far beyond what exists today.

"You should be able to make these sensors a thousand times, maybe 100,000 times more sensitive," he says. "And then when you start networking them together using a quantum network, you're starting to pick up probably a million times more sensitivity."

The applications range from super-sensitive radar for military purposes and breakthroughs in astronomy to oil exploration and mineral detection.

Mortensen, who is working with the Quantum Economic Development Council (QEDC) to prepare for this future, sees a massive opportunity on the horizon. He estimates the quantum internet represents at least a $100 billion opportunity for telecom operators.

"It's going to be a whole new thing," he says, predicting it will start to have a real impact between 2035 and 2040.

This will also reshape the data center itself. Offredo-Zreik foresees "a new form of data centers that are more quantum. Or hybrids of classic and quantum."

"We've had the 8086 stuff, and then we had the graphics, the GPUs, now the DPUs," says Mortensen. "There's going to be a QPU also — a quantum processing unit."

Mortensen acknowledges the quantum opportunity won't rival AI in scale. "It's not going to be as big as AI, but it's going to be 20% as big as AI," he says.

Offredo-Zreik adds that “quantum is not going to be as big as AI because it's not a consumer thing. But behind the scenes, it's a very, very powerful technology that actually can affect AI in a big way."

For now, though, the focus must be on the security risks, because someone is working on the quantum master key, and Q-Day may already be behind us.

Stay Connected with ISE Magazine 

Subscribe to our newsletters and magazine for the latest telecom insights, explore the current issue for in-depth features and strategies, and register for upcoming webinars to learn directly from industry leaders.