The FS-ISAC whitepaper, "Building Cryptographic Agility in the Financial Sector," aims to guide financial institutions to address the imminent risks posed by quantum computing. The paper emphasises the urgent need for cryptographic agility—a strategy designed to ensure data security as traditional cryptographic methods become vulnerable.
Michael Silverman, chief strategy & innovation officer at FS-ISAC, stressed the importance of proactive measures: “The financial services industry must take a leadership position in cryptographic agility, ensuring the sanctity and safety of data as threats continue to evolve.” He highlighted that the transition to crypto agility is essential for maintaining trust within the sector and ensuring uninterrupted business operations.
The whitepaper outlines a comprehensive framework for implementing crypto agility, addressing the challenges organisations may face and offering governance insights for a successful transition. Authored by FS-ISAC’s Post-Quantum Cryptography Working Group, which includes experts from major global financial firms, the document serves both business and technical audiences, making the case for viewing crypto agility as a long-term necessity rather than a one-time fix.
The guidance is divided into two main sections:
- Necessity of Crypto Agility: This section details the security and business rationale for adopting a crypto-agile approach, including the need to test current systems and develop frameworks for replacing insecure algorithms.
- Implementation Strategies: This portion discusses adapting cryptographic schemes and the governance processes necessary for effective implementation.
Peter Bordow, chair of FS-ISAC's PQC Workgroup, emphasised, “Cryptographic agility is a critical success factor in the long-term journey to protect the world’s data from quantum and other emerging threats.” He noted the collaborative effort behind the whitepaper, which integrates insights from over 30 experts.
Jamie Gómez García from Banco Santander added, “Now is the time to anticipate future threats and embrace crypto agility, ensuring resilience in the face of evolving challenges.”
As quantum computing poses new risks, FS-ISAC's guidance represents a significant step toward safeguarding the financial sector, aligning with broader initiatives like the G7 Cyber Expert Group’s focus on quantum risks.