The Monetary Authority of Singapore (MAS) has cautioned financial institutions on the cybersecurity vulnerabilities introduced by the advent of quantum computing.
Quantum computers, which leverage the principles of quantum mechanics, promise to revolutionise various industries by processing certain mathematical problems much faster than today’s computers.
However, they also pose a significant threat to the integrity of widely-used encryption methods, putting financial transactions and sensitive information at risk.
Experts predict that the cybersecurity challenges posed by quantum computing will become a reality within the next decade.
The introduction of cryptographically relevant quantum computers (CRQCs) could render current asymmetric cryptography obsolete and necessitate larger key sizes for symmetric cryptography to maintain security.
In response, the National Institute of Standards and Technology (NIST) has initiated a global effort to standardise post-quantum cryptography (PQC), which includes identifying quantum-resistant cryptographic algorithms compatible with existing communication protocols to safeguard against CRQC threats.
Additionally, research into Quantum Key Distribution (QKD) technology is underway, aiming to create secure methods for distributing encryption keys.
To mitigate these quantum-related cybersecurity risks, MAS advises financial institutions to develop crypto-agility—the ability to transition from vulnerable cryptographic algorithms to PQC efficiently without significantly impacting their IT systems and infrastructure.
FIs are also encouraged to explore other quantum security solutions, including QKD, as part of their risk management strategies.
MAS’ advisory outlines several key measures for FIs
• Stay informed about quantum computing advancements and understand the cybersecurity risks they pose.
• Ensure senior management and third-party vendors are aware of the quantum threats and the importance of transitioning to quantum security solutions.
• Work with IT vendors to assess and mitigate supply chain risks associated with quantum technology.
• Collaborate with industry groups and research organisations to collectively address quantum risks.
• Maintain an inventory of cryptographic assets and prioritise the transition of critical assets to quantum-resistant solutions.
• Evaluate existing IT infrastructure for crypto-agility and consider necessary upgrades.
• Enhance staff technical competencies and review internal policies to support the transition to quantum security solutions.
• Develop risk mitigation strategies for assets that cannot be transitioned to PQC.
This guidance is intended to supplement existing MAS notices and guidelines on technology risk management and cybersecurity.
Featured image credit: Edited from Freepik