Quantum computing will soon have the power to break conventional encryption methods used by financial institutions to protect their data, posing new risks to the security and privacy of financial systems and transactions, a new report finds.
Most of today’s encryption methods use algorithms that might break only after thousands of years of nonstop processing by the world’s largest conventional computers. However, experts now realize that quantum-based computers will have the power to break those codes in seconds.
Some estimate that the majority of data protected with conventional encryption techniques could be vulnerable to hacking within the next decade, the Depository Trust & Clearing Corporation (DTCC) says in its latest white paper, Post-Quantum Security Considerations for the Financial Industry.
Ajoy Kumar, DTCC managing director and chief information security officer, comments: “We recognize that the quantum technology threat is coming. With some experts estimating that the industry’s protected data could become vulnerable within the next decade, the time to act is now.”
Quantum computing leverages the principles of quantum physics to perform certain types of calculation many orders of magnitude faster than conventional binary computing. Its capabilities are simply unachievable for any number of traditional computers.
As such, quantum computing will deliver new ways to analyze and solve complex problems, and therefore carries the potential to disrupt industries. Early adopters of quantum computing will be equipped to leap ahead of their competitors.
On the other hand, the technology will also grant greater capabilities to bad actors, including criminals, terrorists, and rogue governments. “This creates real risk for every organization because all organizations presently rely on encryption methods that will be vulnerable when quantum computers achieve greater levels of power,” the white paper warns.
Given that quantum computing will compromise much of the cryptography that protects today’s digital information, the New York-based post-trade services provider suggests that firms begin to assess and respond to this security threat by:
- Sizing up the effort by identifying systems and encryption mechanisms in scope for remediation;
- Strengthening cryptography practices by centralizing the management of keys and certificates, instilling standards for encryption mechanisms, and implementing change management for new encryption solutions;
- Developing and exercising a playbook that details the steps needed to replace an encryption platform while ensuring the plan can be executed on time;
- Modifying and separating systems, as needed, to facilitate work to come; and
- Beginning organizational change management efforts to build a strong risk culture and risk-based mindset within organizations.
The firm also suggests closely monitoring activities taking place within the regulatory community that address topics like standardization, including the National Institute of Standards and Technology’s focus on post-quantum cryptography (PQC) standards. As a discipline within the field of cryptography, PQC aims to keep existing “public key” infrastructure protected once quantum computing is broadly available to both good and bad actors.
“We look forward to partnering with the industry to continue this critical dialogue and to prepare for the emergence of PQC standards,” Kumar adds. “Collaboration and preparation will be key to ensuring that the security, privacy, and integrity of the financial industry is preserved.”