Complete a 5G cryptography inventory
Links to official Saudi websites end with gov.sa
All links to official websites of government agencies in the Kingdom of Saudi Arabia end with .gov.sa
Government websites use the HTTPS protocol for encryption and security.
Secure websites in the Kingdom of Saudi Arabia use the HTTPS protocol for encryption.
Registered with the Digital Government Authority under number :
20250519510What is Quantum Computing?
Quantum computing is a new type of computing that helps us solve extremely complex problems. Unlike classical computers, which execute operations sequentially, a quantum computer can evaluate many possibilities at the same time.
Think of a lock with millions of keys:
a normal computer tests them one by one, a quantum computer can test many at once.
Wide Horizons
For certain problems, quantum computing makes the process much faster and opens new opportunities, for example, in vaccine design, it can check huge numbers of molecule shapes at the same time, so promising options show up sooner.
Why Act Now?
Encryption is like a giant puzzle that would take classical computers thousands of years to solve. A sufficiently powerful quantum computer could break it in hours or days, making today’s digital locks unsafe.
Even before such machines arrive, the threat is real: attackers can copy encrypted data now and decrypt it later using future quantum power, a strategy known as Harvest Now, Decrypt Later. This drives the urgent need for Post-Quantum Cryptography (PQC) to protect sensitive data against future quantum attacks. PQC involves developing quantum-resistant encryption methods that remain secure even against quantum-powered attacks.
Similar weaknesses have had real-world impact:
● WEP Wi-Fi (2001–2007)
Many ISP-supplied home routers shipped with WEP by default. WEP used RC4 (an old encryption algorithm, now considered weak and deprecated) plus a short, repeating setup code, so by capturing some traffic attackers could crack the Wi-Fi key in 5–10 minutes. A 2007 retail breach exploiting WEP exposed ~45M payment cards with >$250M in direct costs.
Many ISP-supplied home routers shipped with WEP by default. WEP used RC4 (an old encryption algorithm, now considered weak and deprecated) plus a short, repeating setup code, so by capturing some traffic attackers could crack the Wi-Fi key in 5–10 minutes. A 2007 retail breach exploiting WEP exposed ~45M payment cards with >$250M in direct costs.
● RC4 in TLS (2013–2015)
Still protected ~30–50% of web traffic, yet a 16-character HTTPS cookie could be recovered in ~52–75 hour, enabling account takeover; RC4 was deprecated in 2015.
Still protected ~30–50% of web traffic, yet a 16-character HTTPS cookie could be recovered in ~52–75 hour, enabling account takeover; RC4 was deprecated in 2015.
Illustrative Example: How the Risk Plays Out
Today (Threat)
Near Future (Impact)
Quantum is Loading…
Attacker copies encrypted telco backup: subscriber IDs & numbers, billing records, and payment details.
Data Collecting
Quantum is Ready!
As quantum matures, current encryption can fail, exposing customer credentials and sensitive data.
Enables account takeover, bill/roaming fraud, and trust damage.
Real-World Cases
Web platform (browsers/CDNs)
According to Cloudflare Radar, hybrid post-quantum TLS now protects ~50% of HTTPS traffic globally.
Telecom (5G pilot)
A major telecom operator ran a pilot on a 5G network using post-quantum cryptography to protect customer data. The goal was to reduce “Harvest Now, Decrypt Later” risk and prepare to scale. Service worked as expected; errors were monitored.
The side diagram outlines the journey of a 5G telecom operator pilot, from scoping to expansion.
Classify long-lived data & keys (subscriber data, billing info)
Run pilots to check end-to-end compatibility
Enable hybrid PQC on critical 5G identity/core links
Expand pilots for PQC signatures (dual-sign firmware & SIM/eSIM) and track fallbacks
A SUGGESTED COURSE OF ACTION
01
Identify Long-Term Exposure Areas
- Sensitive data with a long retention period (10+ years).
- Critical infrastructure systems and embedded devices.
- Legacy systems that are difficult to update.
- Cryptographic keys, credentials, and high-value internal assets.
02
Define Strategic Actions
- Define internal capability needs for post-quantum cryptography (PQC) adoption.
- Verify vendors’ ability to shift to post-quantum cryptography (PQC).
- Monitor global guidance (NIST, ETSI, ENISA).
- Integrate PQC into transformation plans.
- Assign quantum risk to your enterprise risk register.
- Map and inventory all cryptographic assets and dependencies.
- Classify and prioritize data by longevity and sensitivity.
03
Drive Readiness Across the Organization
- Ensure quantum risk is addressed through governance oversight and board-level visibility.
- Build knowledge and capability through executive briefings, team training, and awareness sessions.
- Execute pilot projects with post-quantum cryptography (PQC) technologies and evaluate system and vendor crypto-agility.
- Leverage global resources such as the NIST PQC Migration Guide and ENISA briefings.