The Accredited Standards Committee X9 announced the publication of a new report, “Post Quantum Cryptography Financial Readiness Needs Assessment.” The goal of this document is to provide a high-level view, targeted to managers and executives, of options, alternatives and guidance on how to mitigate the cybersecurity threats posed to the financial services industry by quantum computers.
The new report was developed by the X9F Quantum Computing Risk Study Group, one of the two X9 groups working on quantum computing issues.
X9 seeks to educate financial industry management on how to identify, analyze, prioritize and manage the significant risks posed by future quantum computers and to offer guidance on how the industry can migrate to post-quantum cryptography (PQC) to protect sensitive data and networks against quantum-enabled cyberattacks. Besides the financial industry, government agencies and any other organization facing the quantum challenge will find this report useful.
The transition to PQC may not be quick or inexpensive. Following the guidance in the new report, implementing a companywide program to investigate internal security issues related to quantum computing and the creation of plans to address them provide the best opportunity for reducing migration expenses, creating an environment secure against quantum attack and reducing the probability of failing to identify weaknesses. This approach also offers the opportunity to correct long-standing problems.
The report details how migrating to PQC will require significant work in many areas, such as:
- Educating personnel on the issues related to how quantum computers can break cryptography
- Creating a cryptographic asset inventory to identify all cryptographic systems in use
- Prioritizing current systems for remediation based on a risk assessment
- Developing and implementing a plan to migrate to PQC solutions where required
- Working with vendors to develop and deploy PQC solutions in third-party products
- Using the PQC migration as an opportunity to investigate and incorporate features of an agile architecture, where appropriate
Areas addressed in the report include:
- Cryptography policy management
- Design tradeoffs
- Implementations and interoperability
- Compliance assurance
- Deployment guidelines
“Our new report will be a vital resource for the financial industry to understand and prepare for the paradigm shift in cryptographic standards brought about by the advent of quantum computing,” said X9 executive director Steve Stevens in a statement. “The insights the industry can glean from this needs assessment report will be instrumental in building secure and resilient cryptographic infrastructures that protect against the uncertainties of the quantum-powered future.”