A G7 cyber-security group wants financial services firms to think twice about quantum computing.
Grygo is the chief content officer for FTF & FTF News.
Quantum computing via cutting-edge hardware and algorithms is coming and there will be more hype as it gains ground in financial markets.
First, a definition from IBM: “By taking advantage of quantum physics, fully realized quantum computers would be able to process massively complicated problems at orders of magnitude faster than modern machines. For a quantum computer, challenges that might take a classical computer thousands of years to complete might be reduced to a matter of minutes.”
Yet there is time to prepare for this next wave of technology and the G7 Cyber Expert Group (CEG), which advises G7 finance ministers and central bank governors on cybersecurity policy, has stepped forward to help us think it through.
CEG officials say they see “quantum computing as an area of both potential benefit and risk to the financial system.”
In a statement issued last month, CEG officials acknowledge that “Quantum computers … are expected to be able to solve computational problems currently deemed impossible for conventional computers to solve within a reasonable amount of time. Financial institutions may benefit from the computational speed that quantum technology enables through the optimization of market trading, investment processes, including those for risk management, internal operations, and prediction strategies.”
In addition, the CEG statement says that quantum computing could support a “more efficient payment processing as well as dynamic optimization of portfolio holdings. Technologies such as quantum key distribution may also help organizations to better secure their digital communication systems.”
However, the CEG highlights some important concerns: “Financial institutions will need to prepare to manage the potential risks of these new quantum applications as they are deployed. In addition, the introduction of quantum computers may provide an opportunity for nefarious actors to exploit the technology for malicious purposes in a way that creates both organizational and systemic risks in the financial system.”
For instance, quantum computing may be too smart for its own good regarding cyber threats.
“In the future, cyber threat actors could use the unique properties of quantum computers to solve some of the mathematical problems that underpin conventional encryption, and, hence, defeat certain cryptographic techniques used in secure communications, potentially exposing financial institution data including customer information,” according to the statement.
“Threat actors” may be playing the long game as they expect large-scale quantum computing to become widely accepted. Once that’s the case, threat actors could pursue a “harvest now, decrypt later” scheme “to intercept confidential data now with the intent of decrypting it once quantum computers become more capable and widely available.”
All is not lost as “post-quantum cryptography (PQC)” is emerging to focus on “efforts to develop cryptographic systems that are secure against quantum computing risks to encryption algorithms and that can interoperate with existing communications protocols and networks,” according to the statement. “There are several ongoing PQC efforts across government and industry at the national and international levels, with a particular focus on the development of security and interoperability standards.”
CEG officials are making some recommendations. They want firms to begin:
- Developing a better understanding of quantum computing, the risks involved, and strategies for mitigating those risks;
- Assessing quantum computing risks in their areas of responsibility; and
- Developing a plan for mitigating quantum technology risks.
You can access the full statement here: https://bit.ly/3zXYIRj
Need a Reprint?