NewsCryptocurrencyCyber SafetyPress ReleaseTaxonomy

FS-ISAC Urges Financial Firms to Embrace Crypto Agility Now to Stay Ahead of Quantum Computing Threats

Seminal whitepaper highlights the importance of cryptographic agility and its role in building trust across the financial services sector

FS-ISAC, the member-driven, not-for-profit organisation that advances cybersecurity and resilience in the global financial system, today announced the release of a seminal whitepaper designed to help financial services institutions understand the challenges, elements and processes of building cryptographic agility in the face of emerging threat vectors like quantum computing.

The paper, titled Building Cryptographic Agility in the Financial Sector, is the first to define cryptographic (crypto) agility holistically for both business and technical audiences, with the goal of helping stakeholders across the sector grasp the necessity of crypto agility and define an approach that works for their institutions. The move to crypto agility must begin immediately because quantum computing is likely to make a commonly used class of cryptography algorithms insecure in the next few years, creating a risk of exposed data transmission or storage that would break the way business is conducted today.

“The financial services industry must take a leadership position in cryptographic agility, ensuring the sanctity and safety of data and storage as threats continue to evolve,” said Michael Silverman, Chief Strategy & Innovation Officer, FS-ISAC. “The goal of crypto agility is simple: to enable business continuity when existing cryptography is compromised or weakened. The transition to crypto agility is vital in maintaining the trust upon which the financial services sector is built and ensuring the safety of business operations in today’s complex, ever-evolving computing environment.”

The paper focuses on three key concepts: a framework for implementing crypto agility, an explanation of the challenges organisations may face implementing crypto agility and how to overcome them, and a set of insights on transition governance and architecture. Authored by FS-ISAC’s Post-Quantum Cryptography Working Group, composed of quantum subject matter experts from some of the largest global financial firms, the whitepaper explains that as the pace of technological change accelerates, crypto agility must be viewed as a long-term strategy, not a one-off implementation, in order to keep financial services firms secure and compliant for the long term.

The guidance is broken into two main sections:

  • Why a Crypto Agile Approach to Infrastructure Change is a Security and Business Necessity, which defines and builds on prior work for a new comprehensive approach to crypto agility, testing crypto agility capacity, challenges of crypto agility migration and frameworks for successfully replacing insecure algorithms.
  • Implementing Crypto Agility, which discusses the financial sector’s vision for adapting cryptographic schemes, implementation and governance considerations and process guidelines.

“Cryptographic agility is a critical success factor in the long-term journey to protect the world’s data from quantum and other emerging threats,” said Peter Bordow, FS-ISAC PQC Workgroup Chair & Distinguished Engineer / Managing Director of Quantum Security, Wells Fargo. “This paper is an extraordinary collaboration, combining the knowledge and experience of more than 30 quantum and security subject matter experts from the financial services sector, into a single artefact for both business and technical audiences.”

Jamie Gómez García, Banco Santander, Quantum Safe Financial Forum, added, “The transition to quantum-safe cryptography offers organisations a unique opportunity to strengthen their cryptographic management. Now is the time to anticipate future threats and embrace crypto agility, ensuring resilience in the face of evolving challenges.”

“The FS-ISAC cryptographic agility paper is an important steppingstone towards a successful transition from legacy cryptography to post-quantum cryptography,” stated Steve Stevens, Executive Director, Accredited Standards Committee X9 Financial Services. “This fits nicely into ASC X9’s work on the long-term sustainability of post-quantum cryptography standards.”

With the release of this paper, FS-ISAC continues to lead the charge in advancing cybersecurity and resilience in the global financial system, aligning its efforts with cross-border initiatives like the G7 Cyber Expert Group’s recent call to action on quantum computing risks, in which it urged the financial sector to monitor developments in quantum computing, promote collaboration among public and private stakeholders, and begin planning for potential risks posed by the emerging technology.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *