With quantum computers likely to be much more powerful than today’s computers, financial institutions should prepare by developing an understanding of the technology, the risks involved and strategies for mitigating those risks, the G7 Cyber Expert Group said in a new statement on quantum computing and the financial sector.
The CEG — chaired by the U.S. Treasury Department and the Bank of England — advises the G7 finance ministers and central bank governors on cybersecurity policy matters affecting the financial system. The statement notes that quantum computers are being developed that could solve computational problems currently deemed impossible for conventional computers to solve within a reasonable amount of time. Financial institutions are likely to benefit from the technology through services such as more efficient payments processing. But quantum computing also poses cybersecurity risks, particularly in the potential of the technology to thwart encryption used to protect digital communications and IT systems.
The CEG made three recommendations for financial institutions to address the potential cybersecurity risks posed by quantum computing. The first recommendation was to develop a better understanding of the technology and its risks. The second recommendation was for financial institutions to build a sound understanding of quantum computing risks to their particular areas of responsibility, whether that is an individual company or a jurisdiction. “The goal of this is to identify the level of effort the entity should dedicate toward the issue and the specific area(s) where it should focus,” it said.
The third recommendation was to develop a plan for mitigating quantum technology risks. That plan should identify key stakeholders and their roles and responsibilities. It also should establish milestones for key actions based on the anticipated deployment of a quantum computer able to defeat modern-day encryption, according to the CEG. “[The plan] may also include planning for the orderly replacement of vulnerable technologies with those that are quantum resistant.”
The CEG also noted that earlier this year, the National Institute of Standards and Technology announced a principal set of encryption algorithms designed to withstand cyberattacks from a quantum computer. The three standards unveiled by NIST contain the encryption algorithms’ computer code, instructions for how to implement them and their intended uses.