The G7 Cyber Expert Group (CEG) highlighted the potential cybersecurity risks to financial firms from developments in quantum computing in a recent statement.
The group, chaired by the U.S. Department of the Treasury and the Bank of England, also recommended steps financial authorities and institutions can take to address those risks.
Quantum computers are being built that will be able to solve computational problems that conventional computers cannot solve within a reasonable amount of time. While the potential benefits to the financial system are significant, these computers also carry unique cybersecurity risks. Specifically, cyber threat actors could use quantum computers to defeat certain cryptographic techniques that secure communications and IT systems, potentially exposing financial entity data, including customer information.
“The G7 CEG looks to help support the responsible use of emerging technologies like Cloud, AI, and Quantum in the financial sector while balancing the risks to the global economy,” Treasury Deputy Assistant Secretary for Cybersecurity and Critical Infrastructure Protection Todd Conklin, co-chair to the G7 CEG, said. “Cyber experts across the financial sector have developed internal plans related to quantum innovation and resilience, and it is critical that they obtain the support needed for their successful implementation. The G7 CEG believes that planning for the quantum transition is important to economic security and prosperity, and strongly encourages financial institutions to provide funding and other resources needed to support it.”
While there is no timeline for when these quantum computers will be built, they could emerge within a decade. Thus, the time to start planning quantum-resilient technologies is now.
Recently, an initial set of quantum-resilient encryption standards were released by the National Institute of Standards and Technology (NIST). Additional standards from NIST and other standard-setting bodies are expected in the future.
With the availability of NIST’s standards, some financial entities may be in a position now to start making the needed changes to implement quantum resilient technologies within their systems. Others may need to rely on vendors and third parties to develop implementations of the new standards.
No matter where entities are in their adoption timelines, the G7 CEG recommends that financial authorities and institutions take steps now to build resilience against quantum computing risks. They can do so by developing a better understanding of the issue, the risks involved, and strategies for mitigating those risks. Further, they can assess quantum computing risks in their areas of responsibility and develop a plan for mitigating quantum computing risks.
The G7 CEG was founded in 2015 to serve as a multi-year working group that coordinates cybersecurity policy and strategy across the member jurisdictions. Its membership includes representatives of financial authorities across all G7 countries as well as the European Union. It also acts as a vehicle for information sharing, cooperation, and incident response.