Banking regulators have put the financial industry on notice that they must begin immediately developing plans for mitigating quantum computing risks.
A report by the G7 Cyber Expert Group (CEG) - chaired by the US Department of the Treasury and the Bank of England - highlights the potential cybersecurity risks associated with developments in quantum computing and the steps that must be taken for financial authorities and institutions to address those risks.
One of the most serious threats highlighted is the ability of superfast computers to break the current cryptographic encryptions mechanisms used to protect customer data and IT systems.
"While the exact timeline for developing quantum computers with these capabilities is uncertain, there is a real possibility that such capabilities could emerge within a decade," the report notes. "These quantum computers would not only put future data at risk, but also any previously transmitted data that cyber adversaries have been able to intercept and store with the intent of decrypting later with quantum computers. Due to the potentially long lead time needed to put in place quantum-resilient technologies, the time to start planning is now."
An initial set of quantum-resilient encryption standards was released by the National Institute of Standards and Technology (Nist) last month, with more in the pipeline. Financial institutions are urged to maintain the agility required to incorporate new encryption standards in a "timely and appropriate manner" as they become available.
With new standard coming onstream, some financial entities may be in a position now to start making the needed changes to implement quantum resilient technologies within their systems, states the report. Others may be dependent on vendors and other third parties to incorporate the necessary safeguards.
Either way, the G7 CEG strongly expects banks to develop a better understanding of the issues, the risks involved, and strategies for mitigating those risks.