Europol has issued a warning to Europe’s financial services sector, urging them to begin planning for the transition to quantum-safe cryptography due to the increasing risk of “store now decrypt later” (SNDL) attacks. The policing group raised this concern at its Quantum Safe Financial Forum (QSFF) event held recently.
Quantum computers are anticipated to have the capability to break public key cryptography, which is currently the foundation for securing global financial transactions, authentication processes, and digital contracts. While these quantum computers are still estimated to be at least a decade away, SNDL attacks pose a significant threat by compressing this timeline. Threat actors could potentially be stealing sensitive data now with the intention of decrypting it later when quantum capabilities become available.
Moreover, the emergence of “cryptographically relevant quantum computers” (CRQCs) could be accelerated with increased funding and scientific breakthroughs in the field. This further emphasizes the need for organizations to prepare for the transition to quantum-safe cryptography.
In response to these potential threats, Europol’s QSFF outlined five recommendations in its concluding Call to Action document. These recommendations include prioritizing the transition to quantum-safe cryptography, improving coordination among stakeholders, establishing a voluntary framework between regulators and the private sector, adopting a forward-looking approach to cryptography management, and enhancing cross-border collaboration and knowledge sharing between public and private sector entities.
The US National Institute of Standards & Technology (NIST) has already taken steps in this direction by announcing the first three “quantum-safe” algorithms as official post-quantum cryptography standards. The UK’s banking industry has also acknowledged the threat posed by CRQCs and has recommended government intervention to initiate the journey towards quantum safety.
Financial services institutions are particularly vulnerable to cyber threats, with a recent report revealing that a significant number of banks have experienced destructive attacks, resulting in data loss. As organizations await the emergence of CRQCs, they are advised to implement new encryption standards alongside traditional ones to ensure a seamless transition.
Overall, the urgency expressed by Europol and other industry experts underscores the importance of proactively preparing for the challenges posed by quantum computing. By taking steps now to transition to quantum-safe cryptography, financial institutions can better protect themselves against potential cyber threats in the future.