The Quantum Threat and Opportunity with Dr. Michele Mosca Artwork

The Entropy Podcast

Nibble Knowledge is delighted to bring you "The Entropy Podcast"—hosted by Francis Gorman.

The Entropy Podcast centers on cybersecurity, technology, and business, featuring conversations with accomplished professionals who share real-world knowledge and experience. Our goal is simple: to leave you better informed and inspired after every episode.

We chose the name “Entropy” because it symbolizes the constant flux and unpredictability in cybersecurity, technology, and business. By understanding the forces that drive change and “disorder,” we can create better strategies to adapt and thrive in an ever-evolving technology and geo political landscape.

You can also check out our YouTube Channel here: https://youtube.com/@nibbleknowledge-v7l?feature=shared

Disclaimer: The views and opinions expressed on all episodes of this podcast are solely those of the host and guests, based on personal experiences. They do not represent facts and are not intended to defame or harm any individual or business. Listeners are encouraged to form their own opinions.

All Episodes

The Entropy Podcast

The Quantum Threat and Opportunity with Dr. Michele Mosca

September 02, 2025 • Francis Gorman • Season 1 • Episode 24

In this episode, Dr. Michele Mosca co-founder of the Institute for Quantum Computing, professor at the University of Waterloo, and leading voice in quantum safe cryptography, joins Francis Gorman to discuss the looming risks and opportunities of quantum computing.

He explains how his early skepticism in the 1990s turned into conviction once quantum error correction was discovered, making scalable quantum computers a real possibility. Michele outlines his “Mosca’s theorem,” which frames the urgency of preparing for quantum threats: the time to migrate to quantum-safe cryptography must be shorter than the time it will take for adversaries to weaponize quantum computers.

Key themes include:

Quantum timelines: From early doubts to today’s multi-platform race, he estimates a 10% chance of cryptographically relevant quantum computers within 5 years and 30% within 10.
Quantum risk: The greatest threat is to cryptographic trust, confidentiality, integrity, and authenticity of digital systems potentially destabilizing governments, finance, and infrastructure.
Cryptographic resilience: Organizations must adopt agility and long-term planning, building cryptographic inventories, migration strategies, and centers of excellence, rather than treating it as a lone CISO problem.
Lessons from Y2K and beyond: Unlike Y2K, the quantum threat won’t “break systems overnight” but will erode confidentiality and trust if not addressed early.
Positive opportunities: Quantum technologies also promise advances in materials, energy, healthcare, and new cryptographic tools, but only if societies prepare now.

Michele closes by urging businesses and governments to act quickly, not out of fear, but to ensure resilience and position themselves to benefit from the quantum era.

https://globalriskinstitute.org/publication/an-updated-methodology-for-quantum-risk-assessment/

Francis Gorman (00:01.442)
Hi everyone, welcome to the Entropy Podcast. I'm your host, Francis Gorman. If you're enjoying our content, please take a minute to like and share the show wherever you get your podcast from. Today I'm joined by Dr. Michele Mosca, a founder of the Institute of Quantum Computing, professor in Department of Combinatronics and Optimization at the University of Waterloo, and a founding member of the Perimeter Institute for Theoretical Physics at Waterloo's Cybersecurity and Privacy Institute.

He's a globally recognized for his drive to help academia, industry and government prepare technology systems to be safe in an area with quantum computing. He co-founded Evolution Q-Inc to provide services and products that enable organizations to evolve their quantum vulnerable systems and practice the quantum safe ones. He was the founder of the Etsy IQC workshop series in quantum safe cryptography. His research interests include quantum computation and cryptographic tools designed to be safe against quantum technologies.

Míchele, it's a real pleasure to have you with me here today and thank you for taking time out of your busy schedule to speak with me.

Michele Mosca (01:03.217)
Yeah, it's a pleasure to be here with you and your listeners.

Francis Gorman (01:07.17)
Mikael, you've been in the quantum field for a long time. What first convinced you that quantum computing wasn't just a theoretical curiosity, but something that would become a practical reality within our lifetimes?

Michele Mosca (01:21.223)
Yeah, and I think my initial reaction was much more harsh than that. went through, you know, Schopenhauer's three stages of ridiculing, violently opposing, and then accepting the self-evident. So I initially thought it was science fiction. And then when I realized that people were serious, then I thought, well, they're crazy because of all the obvious reasons, right? Partly I didn't know where experimental physics was even in the mid-90s. And it was further along than I thought.

But when my advisor and Oxford basically forced me to meet the physicists who were saying that a quantum computer could break the cryptography I was working on, I realized they were only half crazy and they actually kind of knew what they were talking about and that fundamentally the laws of physics would allow a quantum computer

And that was part of it. they're not actually crazy. They're actually really impressive physicists who working on this. And several of them have won Nobel prizes in the meantime. And then probably the clincher for me was that by 96, they'd figured out how to do quantum error correction. Because if you couldn't do that, there was no way we'd ever scale this thing. Even classical computing and communication, you're in...

If you're trying to do large scale computations or large communications through even moderately, mildly noisy environments, it's not going to scale for very long. So you really do need some form of error correction. And when I realized that people had resolved at least fundamentally how to do that, even if it was impractical back in 96, it went from being impossible as far as we knew to just extremely challenging.

And over the past, so back in 96, I remember I was asked, know, when are we gonna have a quantum computer that could break these codes? And I was, after trying to avoid the question, I said, look, not really more than 20 years, but in 20 years, we'll have about 20 qubits, 20 quantum bits, and the path will be clear. Then we could start making educated guesses, but definitely not for 20 years, which is a bit...

Michele Mosca (03:43.976)
I don't know, or, you know, suggest it's going to be a 0 % chance in 20 years, but I really didn't see the pathway, you know, even having the tools to build the tools to build a quantum computer back in 96. And by 2016, indeed, we're in 10 to 20 qubit land, and error correction matured tremendously. So the assumptions underlying quantum error correction had gone down dramatically. It was a much more practical proposition.

And on the other side, the technologies for achieving it had advanced tremendously. But it was really in 96 that I realized this is eventually going to happen. Again, it would take more than two decades, but that's when the switch flipped for me from this is crazy, why are these people wasting my time, to this is gonna work and I need to understand when is this going to happen?

and what will be secure in the quantum era. So that sort of became my passion in 1996.

Francis Gorman (04:50.292)
And Michael, can you explain Moscow's theorem to me in plain language and why it matters for businesses and governments in that vein?

Michele Mosca (04:58.449)
Yeah, so my early work was actually in regular cryptography, right? And that's, I was trying to use classical, regular computers to break the codes. We were just starting to use, right? Because in the 80s, the few people like, in the 80s, by the early 90s, less than 1 % of the world was even connected, you know, and the systems you were protecting were very few and largely with manually pre-shared keys and really primitive symmetric key systems.

But by the early 90s to mid 90s, we started using these public key methods to secure the internet. And I was lucky to work with pioneers in making that a reality, right? And in taking one of the most widely used methods known as elliptic curve cryptography, and it was better than the initial, than the first method known as RSA, it's...

generally we felt it was more secure and much more efficient. And I worked with the pioneers and I watched them take over a decade, close to two decades to take it from an idea, a mathematical academic idea into a globally deployed product. So I was very intimately aware of the migration time. And I'd seen people try to, even back then where they were just struggling, even though the systems are much simpler, it was a long struggle to migrate.

Cause you want it, have to trust the new stuff and that takes many, many years for many, many reasons. It's at many different layers in the stack. takes time to build that trust. So I knew of the migration time and I knew of, well, some information needs to be kept secure for a long time. so those are two. So you're not just racing against and I knew that, you know, the time or quantum computers to get into the hands of adversaries while it was still a few years away, wasn't that many years away.

And but we weren't, that wasn't the deadline. Like the timeline to start wasn't when is the threat gonna be real? Because it was quickly becoming, the cryptography that quantum computers would threaten was quickly becoming not just a curiosity, but the basis for protecting the whole economy, the digital economy, which is now underpinning pretty much the whole economy. So we needed to get ahead of this.

Michele Mosca (07:23.909)
It's okay to be a day early, but we could not afford to be a day late. But we had to take into account, how many years will it take us to actually, even if somebody handed to us a code that was secure, which they hadn't, but how many years would it take us to develop this, build the confidence, and deploy it? I called that y, parameter y, the migration time. Plus, those last few encryptions need to be secure for

some number of your X years, right? And you want the collapse time, the time before threat actors are able to exploit quantum computers to attack these systems, break the confidentiality and so on, to be less than the sum of those two numbers. So that's sort of the Moskva equation and it became the foundation of quantum risk management or cryptographic risk management more generally. And it motivated...

the first people to take it into account were those who were worried about long-term confidentiality and the so-called Harvest Now Decrypt Later attack, where we're assuming that information is being recorded, not necessarily everything, but we're assuming some information is being recorded. Adversaries won't tell us which information they're recording and how, but we know it's happening. Our governments are telling us it's happening. So that was sort of the initial motivator.

But at this point, I'm honestly, it's really not clear if the migration time, I forget about long-term confidentiality, will the existing systems still be able to operate reliably? Can we even trust our systems in real time? Are we gonna get that migration done before the threat becomes real? And I don't know anymore. There's a significant risk that Y is greater than Z.

that the migration time is greater than the threat timeline, not even factoring in the number of years of confidentiality you want.

Francis Gorman (09:28.462)
I think that brings me nicely. you've 96, you looked, you said 20 qubits for we're even near any kind of risk form here. And that's going to take us 20 years as we approach 2026. And I suppose the date of Q day as we're calling it as an industry term is still an unknown quantity. But as you sit here looking into 26, do we have another 20 years? Do we have five? Do we have 10? What's your take?

Michele Mosca (09:58.984)
Yeah, I mean, and to the cynics who say, oh, it's always 20 years in the future, that's just provably false. You can go over all the past statements and it went from 0 % chance in 20 years down up to now it's over 85 % chance. So back in 2015, I started being more public with my risk estimates because the risk was starting to become material within timelines. We were not on track to, you know.

to address. then 2015, I said there's a one in seven chance of this happening by 2026. So to be clear, I said probably not. Like I'm very aware of how hard it is. I've been working very closely in quantum computing, many levels of the stack and with the leaders and building them and programming them. So I knew that probably not by 2026, but I didn't think it was a high confidence probably not. I really thought there was a one in seven chance.

that there were unforeseen advances to make it happen. We have one year left. I would say the chance is now less than one in seven, which is usually what happens when something has a one in seven chance. It eventually goes to zero. And with six, seven chance, that probability goes to one. But I also said it was a 50 % chance by, I think, 2031. I've been updating those numbers. And I've also now...

It was a lot easier to make this prediction back in 2015 because most of the probability was concentrated on one of the front runner platform, the superconducting quantum bits. And there's a few other platforms, but maybe it added a 25 % to the core probability. But now we have six to seven families of platforms and three of them

are well into this era of quantum error correction I alluded to earlier. And it was a hypothesis in 90s, a very speculative hypothesis in 90s. I knew it would work and a few believers knew it would work, but now it's been a validated hypothesis by three different platforms and soon before. And there's two others, know, these spin-based approaches that are coming up from behind as well. And that's not even counting the Microsoft Myron Affirmation approach. So regardless of your views on that one.

Michele Mosca (12:23.228)
That's not what's materially moving these probabilities I'm talking about. So it's much harder to, it was hard enough to kind of have a view on superconducting qubits, but now trying to juggle in what about these other three or four neutral atoms and ion traps and so on, different ways of trying to harness quantum information in a scalable, know, physical platform. So I've turned to my friends around the world who are pioneers and leaders.

and making it happen and asking them the same question. So it's not just my view, but we have the view of several dozen other thought leaders who really have the big picture view and are really wanting to neither overestimate nor underestimate the likelihood. Bottom line, when you boil this all together, my personal assessment is, and this was my assessment about 10, 11 months ago, I'll be updating it shortly later this autumn.

So this is actually conservative, but 10, 11 months ago, my view was there's a 10 % chance of all the pieces coming together in five years and a 30 % chance in 10 years. And it's gone up actually non-trivially in the last 12 months, but I don't, I want to stick with my last year numbers and update them in a few weeks this autumn as I get sort of the last few bits of insight and data, but it's gone up. There's been really impressive advances in the last few years.

So again, we've had some of the largest IT companies in the world, state aggressive roadmaps in terms of moving into hundreds of these sort of corrected, error corrected quantum bits in the late 2029, like by 2029. One company even says 2028, 29. And there's a handful, there's several very, very well capitalized serious companies saying we'll be...

within striking distance, if not at cryptographic relevance in the 2020s still, like before 2030. So you could say, well, 10%, let's hope for the best. Or 30%, let's hope for the best. But the stakes are far too high. So for some systems, sure, you can accept that risk. But when the impacts are catastrophic, that risk needs to be mitigated and really urgently.

Francis Gorman (14:51.36)
And Amiga, that's great insight. I thought I was going to get a get an inside track there on the new numbers. I was was waiting with anticipation, but I won't I won't hold it against you for not letting it slip until you've all of the data data together. And when I look at the guidance coming out of Europe and I look at the mobilization efforts, I see them two fronts. I see it. Governments and financials are kind of where that momentum is is building at the moment. But many organizations are still waiting and it's a kind of a.

it's a next year problem or it's a, it's an ex-guys problem. When you talk about a quantum relevant cryptographic computer and you talk about scale, the day this problem gets cracked, is that the day we need to worry or is it the day this problem gets cracked and that compute power is scalable at a commercial level? Is there, is there a differentiator there?

Michele Mosca (15:45.577)
even the first state is material, right? Because then, you know, those first few threat actors who will use it, they will still go after really things that are very fundamental to our freedom and sovereignty and prosperity, right? Because some people might say, well, they're not going to come after my bank account. Sure, but if they go after your bank or your central bank or your government, these indirectly, you

profound impacts on citizens. It will impact the cost of living and so on in our safety and security. Even if those threat actors aren't necessarily going to go after any one individual, they'll go after really critical systems that we rely on indirectly. And the other thing I would point out is the gap between those first

the first available and second available, where maybe it's heavily controlled or we don't even know about it to being, you know, that's gonna, I mean, these large IT companies are not building quantum computers so they can hide them, right? There's a growing number of business cases for how this technology can create real commercial value, real economic impact, like geo, like really material.

geopolitical shifts based on who can harness the power of quantum computing. And you're not going to do that if you're hiding it, right? So, I mean, just think back to the British, they developed Colossus, right, to break the fish codes during the Second World War, but then they kept it classified, they dismantled it, kept it classified. They didn't develop a computing industry. They sat and watched the United States do that, right? As, you know, obviously the...

global role of the UK diminished and that of the United States continued to rise not only for that reason but that was a certain part of it. So nobody's gonna want to hide. They're gonna want to use it. Of course they're gonna control it and have a know your client but it's not gonna work right adversaries are gonna get in gonna get on those platforms as if there's if the good players have access adversaries will get in and the more you try to restrict them the bad folks

Michele Mosca (18:09.576)
getting access, the harder you make it for us to create value with it, because it becomes very expensive and impractical and slow for us to develop all these other sectors, advanced materials, energy, healthcare, and so on. So I don't think there's going be a multi-year time lag, like there are many years of time lag between those first few actors and getting into the hands of negative adversaries. And it's something, you know...

could go very rapidly and it's largely out of our control. So we just have to not be afraid, but just be ready. We actually know how to create the photographic resilience. So if we want to benefit from AI and quantum and all these things, we don't need to fear their code breaking capabilities. We just have to architect our systems to be resilient against them.

Francis Gorman (19:03.374)
And I think that message of cryptographic agility has come through. was talking to a few people lately and I think yoga was referenced in terms of agility for your cryptography stack and a couple of analogies like that to try and bed it into the non-technical folk in terms of being able to flex your cryptographic muscles within your organization. You've talked a bit about when this happens, there could be...

Michele Mosca (19:13.159)
Ha ha ha.

Michele Mosca (19:16.978)
Yeah.

Francis Gorman (19:30.946)
catastrophic type events off the back of it. When I think back to Y2K, we had a deadline and we had an impact. The impact was after this date, everything that uses these underlying systems will just stop working.

Quantum won't stop systems working, but it'll break confidentiality. It'll break trust. What you see as the biggest problem for companies, businesses, governments that don't act now, that don't build in that agility at this point.

Michele Mosca (20:02.536)
One of the reasons I tend not to use the y2q term is while there are some valid parallels with y2k, there's a lot of things that are very different. So it can, I mean, it can help, but it can also confuse. Cause it will be something that just gradually ramps up. And I'm more honestly more worried about, I'm very worried about the known code breaking capabilities and we might not get ahead of them in time. And I'm even more worried about the next one.

unless we architect for resilience. And agility is a fundamental part of resilience. And it was a buzzword in the technical community for over a decade. And now it's in this documents and all the high level guidance is providing it. Now, I guess another thing that is worth noting that's changed because fundamentally, people don't change their behavior because they see the light. They change their behavior because they feel the heat.

Now there's the heat caused by your systems collapsing, but we don't want to wait for that. But I think there's a lot of heat already in that regulators and authorities and customers even, you know, are asking, they want, they want, if you want them to trust you, you better have, you better be, better be quantum safe. I'll have a really compelling story that you're going to be in time. So, and that actually drives businesses to act, right? It's more the,

I don't like the checklist compliance approach, but people need to be compliant to be able to continue operating and maintaining their customer base. So you're seeing all these signals that you have to do this. You better at least pretend that a plan and you better quickly come up with an actual plan. And I still see some of the largest FIs in the world where they're like, we're not, we're still figuring out who's in charge of this, which worries me a lot. Now, most I would say have somebody in charge and

And it worries me if it's one person as well. I mean, this is a multifaceted team that cuts across all the business lines. Anyway, so the biggest threats, again, we can talk about all the different terrible, like, so let me break it up into two. So I've kind of outlined all the risks of not being compliant, of not maintaining trust. Like you lose customers, you lose, you know.

Michele Mosca (22:27.753)
You're customer based. You'll lose market share if you're a lagger here. Your Christmas bonus might go down. Your short-term career is at stake. And these are the things that generally motivate people more, people more. But in terms of, and on the cyber risk side, of course, it's not just about confidentiality being leaked and maybe paying some fines. Your systems might not work.

If you compromise the authenticity and integrity of auto updates, example, like in the zero trust world, like we still need strong cryptography. That's what it allows you to distinguish malware from a legitimate update. And you need the updates because otherwise you don't fix critical security flaws. But if the updates are malware, then your system can go down. again, especially in the financial sector, people...

Even if the system is fine, but people don't trust it, it goes down. How many times have you told people how cybercrime works and they have this panic look in their face and they're saying, should I take out all my money and put it under my mattress? And you're like, no, don't do that. That's not the answer either. So you need people to retain trust in our systems and our institutions. there's real material risks.

If cyber attackers have these capabilities and it's on the integrity side, you have IOT like, know, financials who are less concerned about, you know, driverless cars or connected, you know, or drones and whatever. But if you are in the IOT space, you could lose control of these devices as well. So there's a wide range of risks beyond confidentiality as well that one really needs to worry about. I do want to just elaborate on one thing you said because things, know,

goes much from the technical side, we tend to highlight the technical buzzwords, like you need agility, you need PQC, and so on. And I think the business world says, like, do I really? Like, I don't think so. Resilience? Yeah, I guess. And that's almost too high level. But I need to maintain the trust of my customers. I need business continuity. I need to maintain my market. These are things I need. I need interoperability.

Michele Mosca (24:55.049)
all my key stakeholders and so on. That, so we need to do a better job of translating. And, know, of course in the technical world, we were like, well, yeah, of course you want that, but to deliver it, you need agility, you need defensive depth, need to think you see, and so on. So we need to do a better job of translating, connecting the dots between the technical solutions to enable that resilience and the business needs and also prioritize them. But I do think that...

And you know, agility's, I think we're pushing, we're trying to clarify that the ultimate game is resilience. Agility's an important part of that. But agility's not helpful, it's only, like the event, like we have to be ready for an unexplained, unforeseen, unannounced break of our cryptography. That's the only way to proceed in the modern era with AI and quantum and all the dependencies we have. And so agility's great if it's a recoverable event, right? So you need.

a combination of agility and defense and depth and for information assets with a long shelf life then you need to do the old school symmetric key stuff which banks and governments still do today and we need to look at ways of making them more scalable and to fit in elegantly and simply with all the other more public key approaches we leverage now.

Francis Gorman (26:18.222)
It's a fascinating perspective. And when I was listening to you earlier in the conversation describing the Moscow Terum, it was coming to my mind, you're the CEO at the side of a desk. Someone tells you about this quantum thing and you go, what does that mean for us? What does that mean for our organization? And then you look at your technology landscape and you've got cloud, you've got third party vendors, you've got private cloud, you've got physical infrastructure.

over here, you've got different service lines. And as the CEO, go, okay, what's the impact? And the guy looks back at him and goes, well, we don't know yet. That length of time to prepare, people are going to have to build inventories, they're going to have to do architectural dependency mapping. And the cost is going to be significant because you're going to have to refactor applications and all sorts of things. Your routers and switches may not be able to handle the quantum resilient protocols, et cetera, that they may need to be.

changed out or beefed up, et cetera. So if you're that CEO sitting at the desk and you've just heard about this problem, you have a stepped approach to quantum readiness that you could give some insights on?

Michele Mosca (27:32.101)
step zero because again technology people will tend to jump right in you got to start your crypto inventory which I think

is a critical part, I think one should actually start it right away, but the zero step is do a very quick strategic assessment of your posture. And what do I mean by that? Because, I mean, there's a technology component to getting to the other side of this one threat and really emerging more, because we're really, really lucky that we had 30 over 30 years advanced warning. We need to be much more ready. So you wanna address this known threat.

And when you're done doing that, know that if this ever happens again, you know, we'll be, we'll, we'll be okay. Not saying it'll be easy and there won't be any negative impacts, but we'll at least have a recovery plan. Um, so you need to get there and the technology side is just one of the work streams. There's several other work streams and you can very quickly, and there's guidance that's out there and there's, you know, my team can help and there's teams out there that can help, but you want to do this quick. This is a few weeks exercise.

This isn't some super expensive long term, in a very short number of weeks you can quickly assess what your strengths and weaknesses are in order to get ready and start assembling, coming up with a real strategy that integrates, and you have to adapt it to your business. We can give you the building blocks of a strategy, cryptographic resilience strategy. You can quickly adapt it to your organization.

And then prioritize your next steps. And inevitably, one of those steps is start more proactively managing your cryptography with things like your cryptographic inventory. And depending on the nature of your organization, there's several ways to do that. But I think before that or in parallel with that, I would do a very rapid assessment of your organization to understand how do you govern cryptography today?

Michele Mosca (29:40.137)
and so on. You need to understand what's your migration time as an organization. You have to very quickly assess how your organization currently manages cryptography to assess how long it will take you and what your weaknesses are that you need to start in a prioritized way addressing.

Francis Gorman (30:01.07)
And I think that will mean for a lot of organizations having to build competency back up in the cryptographic space. I think cryptography is one of those areas that if it's not broken, don't fix it. And it has been in security for a long time. So I think a lot of organizations are going to look at this problem and go, just the guy who managed that thing is 65. He's retiring next year. Who's going to take it over? Do we need to start building up apprenticeships in this space and getting

Michele Mosca (30:15.049)
Yeah.

Michele Mosca (30:21.694)
Yeah.

Francis Gorman (30:29.048)
getting more staff skilled up in the cryptographic? What's the quickest way to get your organization cryptographically aware and build up niche skills in these areas? Because it's quite a dense field to get into at the start.

Michele Mosca (30:46.698)
the answer is you're a cryptographic center of excellence. That's kind of a sweet spot versus this isn't some lone wolf operation that just gets it done and you give him or her an award at the end. You do need a broad team. You need a center of excellence that is connected to

the key pillars of your organization, the business pillars of your organization to get you to the other side. And I think it's important to don't take the, like I wouldn't do a boil the ocean approach. I would, so some people made the mistake in, you now we're saying we told you so, but they're saying, oh no, like the steps are first I do a cryptographic inventory.

right and then they looked at all these technological means fancy you know some are fancier than others and and their heads are down great I gotta get my inventory and then I'll start assessing my risk and my migration path right and it's like no you can you can immediately because you can ask yourselves what are my most critical systems that depend on IT and all your systems depend on IT and you can with a couple conversations

Like we do this in six weeks and most of that is waiting, scheduling meetings, right? You can figure out where your most vital cryptographic dependencies are based on what you already know without even scanning your systems. And you can start doing something about those systems right away in parallel with, you know, more, cause you do want to get to the other side of this where things are, you can have a more automated way to know that you've mitigated and convince other people that you've mitigated and so on.

Building up your cryptographic inventory is a no regret activity, but you immediately start with business risk, your cryptographic risk assessment, starting with your critical business lines. So you gotta start doing, and that gets your risk teams involved. Inevitably they have to talk to different business teams. So you want very quick projects, that you measure in weeks, not years. Start getting things done. Start migrating some systems, even if it's a test system.

Michele Mosca (33:06.708)
So you need a handful of these and then you'll have a more visceral understanding of what this is. Otherwise it'll just remain this abstract problem that you're kind of admiring almost academically. But this is not an academic project. This is a really critical uplift of your organization. the best way to learn is through experiential learning. So start doing some projects.

help people understand what this really means and they start figuring out who they can quickly start making the right partnerships and relationships in the ecosystem. It's engaging with their supply chains. But I would do it concretely. This isn't some abstract thesis, PhD thesis you're writing. You have to really get this done. So I think I would start doing a few things rapidly. And so then you can better plot the rest of your journey.

Francis Gorman (34:04.844)
I think that's really good advice. Kind of get a fail fast approach in, know, test your waters, see, that will build competency as well. There's one thing you said earlier on, Michael, and it was around, this is not a one person problem. And I worry when it is. what I see when I look at the industry is this has become the problem of the CISO in most organizations. Where do you think this should sit in an organization or where would it fail if it doesn't have that top down, bottom up support?

Michele Mosca (34:08.821)
Yeah.

Michele Mosca (34:35.083)
This season is obviously a critical player in this, but they need a team approach. I don't, I every organization's different. You need to structure the team in a way and the accountability in a way that works for your organization. But you can't give them the responsibility to get it done, but not the power and the tools to get it done. So like our first few quantum risk assessments,

Often it was for a risk team or cyber team, but then we'd have to go talk to other teams, the business side, and they were often too busy and they didn't report up to this person and they didn't want to share this. And we were very, very sensitive to that. they said, look, we don't need to touch your systems. you know, so even then it was really hard because it wasn't a whole of company effort. So they're going to need the endorsement from the top. mean, the CEO has to...

make it clear we need to do this. The CEO doesn't need to do most of the lifting, but it needs support all the way up to that level and the board risk committee and so on. And they need to work closely with their CIO or CTO depending, of course in smaller organizations, they might all be the same person even, but they do need high enough support where they're plugged in to the key business lines and have the support there. So it's not viewed as just a technology problem.

why didn't you get this done for me? It's really critical to the success of the business. So you need enough business support to be able to prioritize it and get the essential features done. But I mean, the CISO, you can't be the person in charge of firefighting and fire prevention at the same time, you without a lot of help there. And, you know, this can't be something you get done in your spare time. It's got to be a critical KPI.

Francis Gorman (36:16.334)
I think that's really good.

Michele Mosca (36:32.873)
and it's got to be shared in some effective way with other elements of the company.

Francis Gorman (36:38.99)
I fully agree. It's going to be dedicated resources and attention and it's potentially going to de-prioritize and break stuff along the way that it's going to need a team come in mind, you know, picking up the pieces. So it's definitely going to be quite transformational for a lot of organizations. Mikael, that was really insightful and a lot of good insights there for listeners to take away on. Before we finish up, outside of Quantum's ability to break modern day cryptography, is there anything that...

really excite you in the field in terms of its application.

Michele Mosca (37:15.295)
Yeah, there may be two things. One is it's forcing us to rethink how we manage cryptography, which honestly, a small handful of visionaries have been saying for a long time, but nobody's listening because there was no real threat. And normally throughout the history of humanity, emerging threats are managed while you wait for to be, know, heat to be turned on versus the light.

to be done. And that doesn't work when the threat is existential or, you know, very least catastrophic. And quantum was this blessing in that the impact, if we're not ready, is in some sense, existential or catastrophic. But it wasn't, you immediate. So it gave us time to really bolster our cyber immune system. And even, you know, give us time to think about how do we create resilience and agility and

How do we scale symmetric key infrastructures to complement these public key infrastructures? How do we harness future quantum networks? And how do you balance the urgent and sort of the more emerging things that also need to be handled? And honestly, in terms of the positive impact of quantum technologies, apart from quantum communication networks being an enabler,

fundamentally new cryptographic tools, which will serve us very well in a zero trust world. And to be thought of as augmenting what we have, not replacing, is often in the weeds people get in this adversarial framework, or what they're doing is the greatest thing ever and everything else is nonsense and it's distracted. Like for the history of cryptography, ever since I've been in it's been like that. It's not very constructive. So obviously quantum networks enable, and there's the ones we know about and there's new ones we're still studying.

So that's an exciting part of the future and it's not there to replace the techniques we have now, it's just meant to augment them. And then in terms of the use cases for quantum computing, five years ago, felt that there was a handful of potential applications of quantum computing in industry and my gut feeling was like...

Michele Mosca (39:39.98)
10 % of them were really ever going to pan out, made a lot of sense, they were likely to work. But that didn't mean it was a bad exercise, because you're trying to harness this new emerging capability that we're still trying to understand. don't be disappointed if your first few attempts don't work. That's part of the process. And back then I said, maybe 10 % of these would work, and it was only a handful of people trying. Now we have many, many more people trying, much more sophisticated trade craft.

looking at many more use cases across many more sectors. And maybe it's 20 % that if I look at it critically, I would think, yeah, this is really going to hold water long term. you know, people, there's a tendency to focus on the 80, you know, the stuff that isn't going to work. It's a, oh, it's hype and nonsense. I don't think that's, I mean, be critical, of course, but don't be cynical or skeptical. Use that as a guide to steer you toward that 20%, which I think will soon be 30 % and 40%.

in a small number of years, especially as the larger and larger fault tolerant platforms become available, so we can actually test things better. So I'm excited about the positive applications of quantum computing. And the point of getting it, of establishing cryptographic resilience while we still can, is to make that a positive day, right? Or a positive, well, emerge, I said I don't want to pick one day, but I mean metaphorically, to make the emergence of more more powerful quantum computers.

So really exciting value creating opportunity. And we manage it like any other HPC is and not like this terrible threat anymore. But if we want that, we do need to architect the cryptographic resilience. We know how to do it. And there's really, you you were referring earlier about the costs and so on. Well, if you get ahead of this and you structure this as part of your regular lifecycle management of your technology,

it won't be that expensive actually. It gets expensive if you procrastinate to the point where you're managing it as a crisis, right? And then you're rushing and then you have to, interoperability is at risk, legacy customers, legacy systems, you might have to just let them go because you can't have both and so on. So you won't have to make these tough decisions.

Michele Mosca (42:06.613)
or won't have to make many of these tough decisions if you're proactive and map this into your technology lifecycle management and your supply chain management and so on. mean, maybe another possibility that might work for some companies is think of this as an extension of vendor concentration risk and supply chain risk. Because they're all using the same cryptographic tools and libraries and so on in many cases. But it's like Uber concentration.

because it's not just one vendor that is being used by 30 % of the world or 50 % of the world. think almost all of those vendors would be susceptible. So think about how to incorporate this into your existing risk management practices, get ahead of it, and focus on the positive applications that quantum and AI and whatever else is emerging will bring.

Francis Gorman (42:58.136)
think you've already got a whole podcast episode without mentioning AI. So you've just broke the duck on that one. It was absolutely lovely having you on. And I think this conversation has been fantastic and really insightful. So I hope people get an awful lot out of it. But it was a real pleasure speaking with you. And thanks for taking time out of your busy schedule to come on the show.

Michele Mosca (43:02.399)
Yeah. Yeah.

People on this episode

Francis Gorman

Host

Dr. Michele Mosca

Guest