Europol: Financial institutions should switch to quantum-safe cryptography
In view of advances in quantum computing, the cryptographic security of the financial sector is under imminent threat, warns Europol and calls for action.
(Image: robert paul van beets/Shutterstock.com)
Europol has called on financial institutions and policymakers worldwide to prioritize the transition to quantum-safe encryption and deploy solutions. With the rapid development of quantum computing, the financial sector is facing an "imminent threat to its cryptographic security", the police authority emphasized on Friday as part of a Quantum Safe Financial Forum (QSFF) organized by it. – According to Europol, participants at the conference warned of the growing risk of the "store now – decrypt later" attack strategy: Malicious actors could collect encrypted data today in order to decrypt it later using quantum computers.
The reason given by the QSFF for its global call to action is that powerful quantum computers could overcome common encryption methods in a single stroke ("cryptocalypse"). The German Federal Office for Information Security (BSI) assumes a time horizon of ten to 20 years – without unexpected technological breakthroughs –. Europol is talking about ten to 15 years. The search for a replacement for currently used algorithms for public key cryptography is therefore generally in full swing in order to be able to continue to secure e-mails, online banking, medical data, access to control systems and national security tasks.
Europol emphasizes that the pressure to act is particularly high in the financial sector. A successful transition to quantum-safe encryption requires cooperation between banks and other financial institutions, technology providers, political decision-makers and regulatory authorities. Coordination between the various stakeholders is crucial. The industry needs to work with private and public sector players to launch experiments, projects, contact points and other initiatives.
Many financial institutions feel ill-prepared
The QSFF does not see a need for additional legislation. It believes that a voluntary framework between regulators and the private sector should be sufficient to establish guidelines for quantum-safe cryptography and promote standardization between institutions. Europol also points out that the desired change offers the opportunity to improve encryption practices and IT security in general. A future-oriented framework for the handling of cryptography is required.
A survey of 200 financial sector executives in 2023 found that 86% of the organizations represented felt unprepared for cybersecurity following potential breakthroughs in quantum computing. 84 percent assumed that quantum-safe solutions would have to be introduced within the next two to five years. The QSFF emphasizes that immediate action should be taken to protect the industry "from significant risk, financial loss and reputational damage". The forum does not comment on technical details such as approaches for post-quantum cryptography (PQK) or quantum key distribution (Quantum Key Distribution – QKD).
(vbr)
