The BIS's Quantum Roadmap For FinServ: Secure Against Risk NOW!
Quantum is an "imminent threat to the financial system."
This is my daily post. I write daily but send my newsletter to your email only on Sundays. Go HERE to see my past newsletters.
HAND-CURATED FOR YOU
The BIS looks at quantum computing and sees that its “ability to break today’s cryptographic algorithms represents an imminent threat to the financial system,” and requires “urgent action.“
At a time when AI and stablecoins are disrupting finservs, they are also getting hit with the threat of quantum, which is triggering yet another system-wide audit.
I never dreamed I’d write these words, but I do feel some pity for bankers!
What makes quantum so potentially lethal is that trust in the financial system is fundamentally tied to the trust provided by cryptography. This cuts to the very core of public trust in finserv, and it will only take one mistake to lose it.
A recent survey of experts indicates that 27% expect the emergence of a cryptographically relevant quantum computer (CRQC), i.e., a computer capable of compromising current public key cryptography, to occur within 10 years, and 50% expect it within the next 15 years.
While that may seem like a long way off, consider a bank building or buying systems to manage stablecoins. Would the foundational system be expected to have a life of over ten years? That’s likely, and why quantum-readiness is key.
Even more terrifying is the thought that data is being harvested now with the intent of decrypting it later. This sounds like the stuff of James Bond because it is.
Ironically, just like AI, quantum-resilience isn’t a single program to add to a bank’s tech stack. Instead, like AI, it requires a thorough audit of digital systems in order to understand how to secure them.
To give readers an idea of how deep the audit must go, the BIS list includes: smart cards, routers, switches, firmware in IoT devices, cryptographic kernels within an OS, file systems, network services, VPNs, browsers, email, code databases, and all databases.
The list goes on, and includes virtually every part of our digital world.
Compounding the difficulty of the effort is that changes cannot be made unilaterally and must include agreements between digital counterparties. While central banks can support and offer guidance, there will be a lot for banks to work out.
The BIS says it best: “The time to act is now.”
Will banks beset by AI and stablecoins listen?
👉The Roadmap
🔹 Obtain Engagement
The transition requires broad collaboration across different participants in the financial system, the first phase consists of obtaining engagement across the relevant stakeholders. This includes educating stakeholders and the general public. A crucial next step involves assessing the risks represented by quantum computers on a systemic level.
🔹 Plan
Participants in the financial system translate the jointly agreed priorities and requirements into a system-level migration timeline and a set of common technical choices. Individual organisations can take their migration steps separately but major cornerstones of the transition need to be agreed across multiple actors due to the interconnectedness of the financial system.
🔹 Execute and Monitor
Participants in the financial system will execute transition plans, while central banks and supervisors will play a key role in monitoring progress. Regular follow-up and continuous alignment will help to ensure that the plans are executed in a timely manner.
If you know someone who would like this newsletter, please share it with them and help grow our Asia, CBDC, and AI aficionados community!
