The quantum threat to public key encryption is accepted and well recognized but often difficult to quantify. In a new report from the Hudson Institute’s Quantum Alliance Initiative, researchers use econometric calculations and established modeling techniques to detail the potential consequences of a future quantum computer attack on the Federal Reserve, specifically the Fedwire interbank payment system.
The report titled, “Prosperity at Risk: The Quantum Computer Threat to the US Financial System,” estimates a quantum-enabled attack on Fedwire, or any other real-time-gross- settlement (RTGS) system, would result in a direct loss of 10-17% GDP and between $2 and $3.3 trillion in indirect losses, potentially propelling the country into a catastrophic economic event much the Great Depression.
The report warns, “The high degree of interconnectivity within the financial sector can accelerate financial contagion and spread systemic risk. Consequently, a cyber disruption to Fedwire can ignite a chain effect in which the initial halt in interbank transaction processing can swell into liquidity crises in the financial system at large.”
Hudson QAI stresses that the system-wide adoption and implementation of quantum-safe security measures begin now. The report concludes with four specific recommendations for policymakers:
- Fedwire migration to NIST post-quantum cryptography (PQC) standards.
- The Federal Reserve chair should host a gathering of the country’s largest banks and financial institutions to encourage quantum-safe planning.
- Congress must get involved, setting a deadline for all 12 Federal Reserve banks to be quantum-secure.
- A quantum security taskforce at the Federal Reserve should be established to oversee the timeline for replacement of legacy encryption systems.
The threat of quantum decryption, often referred to as harvesting attacks, is also cause for alarm within the global banking community, prompting the nonprofit Financial Service Information Sharing and Analysis Center (FS-ISAC) to promote a proactive approach to quantum-proof encryption to protect any data that might still be useful to hackers years after they collect it, as outlined in the March 2023 report, “Preparing for a Post-Quantum World by Managing Cryptographic Risk.”
The FS-ISAC report reads, “Regardless of our ability to predict the exact arrival of the quantum computing era, we must immediately begin preparing our information security systems to resist quantum computing capabilities that fall into the wrong hands.”
The group strongly encourages banks to begin by cataloging all instances where they are using classical encryption today so that they can identify their greatest opportunities for mitigating quantum risk.
The newly launched CipherInsights from Quantum Xchange allows financial institutions, government agencies, and commercial enterprises to do just that. Acting as a passive listener on the network, traffic is analyzed as it passes by, providing insights within 90 minutes of deployment. Users are presented with a risk dashboard and an ability to drill down into individual connections to discover unencrypted protocols, issues in the certificate chain, and non-compliant applications.
The network monitoring tool provides the necessary cryptographic discovery, risk assessment, and audit trail needed to begin quantum-secure preparations. Download the data sheet to learn more.