Financial Firms Advised to Prepare for ‘Q-Day’ Cybersecurity Risk

 

Members of the Quantum Economic Development Consortium (QED-C) have warned of the quantum threat to the secure financial sector data in a new report.

The Quantum Technology for Securing Financial Messaging report explores the potential impact of quantum computing, networking and communications in the finance industry.

It also recommends near-term remedies for governments and companies to avoid "potentially exposing all financial transactions and much of the existing stored financial data to attack."

QED-C is an association of global quantum technology leaders formed by the U.S. government. Industry members include IBM, Wells Fargo, JPMorgan, AWS and Toshiba.

The report includes actionable insights for minimizing risks posed by the harvest now, decrypt later threats, combining technologies that increase security and using third-party service providers to help ensure timely risk mitigation by smaller institutions.

Key recommendations include:

  • Federal agencies should support migration to post-quantum cryptography (PQC) algorithms by sharing information and resources with financial institutions and by providing grants to help institutions implement the new algorithms.

  • The financial industry should grow in-house quantum expertise to raise awareness of the benefits and risks of quantum technologies, along with hiring quantum networking and security experts to assist with conducting an inventory of quantum-vulnerable cryptographic assets and implementing QC standards.

  • Quantum key distribution (QKD) and PQC should be used in combination to drive higher levels of security than employing either approach on its own. Financial services, telecommunications, quantum and government stakeholders should collaborate to advance combined approaches.

“The advent of quantum computing creates a new cybersecurity challenge for financial institutions, as they will one day become powerful enough to break many of the cryptographic algorithms currently used to protect data and communications,” said QED-C executive director Celia Merzbacher.

“I am grateful to all of the QED-C members and industry leaders who collaborated on this very timely assessment and for the wealth of information this report provides for those making critical security decisions in the financial sector.”

The report originated from a QED-C use cases technical advisory committee workshop held in February that included stakeholders from finance, quantum technology, government and academia, including Accenture and ID Quantique.

Participants identified use cases for applying quantum-resistant technologies including more secure cross-border transactions, security-enabling physical infrastructure, third-party validation of financial institutions’ quantum security posture, post-quantum transport layer security and quantum communications service providers.

Comments