《FCA&WEF：2024金融部門的量子安全：為全球監管方法提供依據白皮書（英文版）（22頁）.pdf》由會員分享，可在線閱讀，更多相關《FCA&WEF：2024金融部門的量子安全：為全球監管方法提供依據白皮書（英文版）（22頁）.pdf（22頁珍藏版）》請在三個皮匠報告上搜索。

1、Quantum Security for the Financial Sector:Informing Global Regulatory Approaches W H I T E P A P E RJ A N U A R Y 2 0 2 4In collaboration with Financial Conduct Authority(FCA)Images:Getty Images 2024 World Economic Forum.All rights reserved.No part of this publication may be reproduced or transmitte

2、d in any form or by any means,including photocopying and recording,or by any information storage and retrieval system.Disclaimer This document is published by the World Economic Forum as a contribution to a project,insight area or interaction.The findings,interpretations and conclusions expressed he

3、rein are a result of a collaborative process facilitated and endorsed by the World Economic Forum but whose results do not necessarily represent the views of the World Economic Forum,nor the entirety of its Members,Partners or other stakeholders.ContentsForeword 3Executive summary 4Introduction 51 C

4、urrent landscape 72 Guiding principles 83 Industry-regulator journey to a quantum-secure economy 11Conclusion 17Appendix 18Contributors 19Endnotes 21Quantum Security for the Financial Sector:Informing Global Regulatory Approaches2ForewordQuantum technology has the potential to revolutionize financia

5、l services,improving computation,modelling and fraud detection,but it also poses significant cybersecurity risks.To fully benefit from the sectors transition to the quantum economy era,it is key to address these challenges that could undermine the digital security and foundational elements of the fi

6、nancial sector.These potential systemic disruptions underscore the need for a unified,global and cross-industry approach to quantum security for the financial sector.Shaping the development of the quantum economy,globally,has been one of the key priorities of the World Economic Forums Quantum Econom

7、y Network since its inception.The network has been fostering public-private cooperation and driving action on key topics such as quantum governance and security.Balancing innovation with consumer protection is paramount for the Financial Conduct Authority(FCA),as we seek to not only keep pace with t

8、echnological advances but shape them for maximum benefit while mitigating risks.Initiatives such as the Emerging Technology Research Hub,digital and regulatory sandboxes and the Global Financial Innovation Network demonstrate the FCAs proactive approach to informed policy-making.The World Economic F

9、orum,in collaboration with the FCA,has been at the forefront of the international dialogue that has led to this paper,gleaning insights from industry,academia,financial authorities,regulators and central banks.This initiative lays the groundwork and provides guidance for more collaborative,harmonize

10、d and globally informed quantum security strategies.This initial discussion forms an invitation for ongoing collaboration with stakeholders to ensure that the financial sector is adequately equipped to tackle the security challenges posed by the quantum transition.Together,we can ensure a cybersecur

11、e and resilient financial future for all.Jessica Rusu Chief Data,Information&Intelligence Officer,Financial Conduct AuthorityJeremy Jurgens Managing Director,World Economic ForumQuantum Security for the Financial Sector:Informing Global Regulatory ApproachesJanuary 2024Quantum Security for the Finan

12、cial Sector:Informing Global Regulatory Approaches3Executive summary In an era marked by rapid digitalization,the financial sector stands on the brink of a transformation from a digital economy to a quantum economy.Quantum computing promises to revolutionize operations across the financial sector,wi

13、th the potential to disrupt portfolio management and improve risk management.However,it also comes with challenges,as quantum computing could render most current encryption schemes obsolete,threatening consumer protections and the integrity of digital infrastructures and economies.The severity of th

14、ese risks,combined with an uncertain timeline to transition to new security models,requires stakeholders to take proactive measures.Addressing quantum-enabled cybersecurity risks in the financial sector is a complex task,given the sectors legacy infrastructure,the nature of quantum technology,and th

15、e interconnectedness of the industry.The global nature of the financial sector and the common threat posed by quantum technology require close collaboration between industry and regulators.Recognizing the need for a coordinated approach,the World Economic Forum,in collaboration with the Financial Co

16、nduct Authority(FCA),initiated a dialogue to help the financial sector transition to a quantum-secure future.This effort brought together regulators,central banks,industry players and academia for coordinated roundtables and curated discussions.This collaborative approach produced four guiding princ

17、iples along with a roadmap to serve as a blueprint to reduce complexity and align stakeholders activities.These principles,to reuse and repurpose,establish non-negotiables,avoid fragmentation and increase transparency,are overarching and should inform actions throughout the transition to a quantum-s

18、ecure economy.The transition itself is a journey,and this paper provides a four-phase roadmap:prepare,clarify,guide,and transition and monitor.This roadmap will help the financial sector establish a more collaborative,harmonized and globally informed approach,ensuring that the financial sector is we

19、ll-prepared for the security challenges that the quantum transition poses.This paper establishes the groundwork for future discussions between industry stakeholders and regulatory authorities towards a quantum-secure financial sector.This paper presents four guiding principles and a roadmap to infor

20、m global regulatory and industry approaches for a quantum-secure financial sector.Quantum Security for the Financial Sector:Informing Global Regulatory Approaches4IntroductionThe financial sector is on the verge of a transformation as it begins to leverage emerging and frontier technologies.While th

21、e focus remains on technologies such as artificial intelligence(AI),quantum technologies are the next frontier.They offer disruptive opportunities to enhance the sectors capabilities,but also pose challenges for its operations.Emerging quantum risks and opportunities in the financial sectorQuantum c

22、omputers can handle and solve certain complex mathematical problems significantly faster than classical computers.This technology has the potential for disruption and provides financial organizations with the opportunity for competitive advantage.Investments by the financial sector confirm a growing

23、 commitment to harnessing quantum innovation,with a projected rise from$80 million in 2022 to$19 billion by 2032,1 and to reach up to$850 billion over the next 30 years.2 This surge in investment is underpinned by the sectors pursuit of advancements in Monte Carlo simulations,portfolio optimization

24、and complex derivative calculations,with the potential to add approximately$700 billion in value by 2035.3While the sectors innovators focus on harnessing these opportunities,it is equally important to prepare for potential quantum-enabled cybersecurity threats.4 At the core of this quantum dilemma

25、lies the technologys potential to render some current encryption schemes obsolete,threatening the security of digital infrastructures,communications and data.5 Such a scenario would not only undermine cybersecurity but also erode the foundation of trust and stability upon which financial services op

26、erate.The quantum economy era is fast approaching and we need a global public-private approach to address the complexities it will introduce.We welcome this opportunity to collaborate with the Financial Conduct Authority to chart the roadmap for a seamless and secure transition for the financial ser

27、vices sector to the quantum economy.Sebastian Buckup,Head of Network and Partnerships;Member of the Executive Committee,World Economic ForumThe complexities and impact of quantum technologies on the financial sector require open dialogue between regulatory authorities and industry.Quantum Security f

28、or the Financial Sector:Informing Global Regulatory Approaches5Taking a harmonized approach to quantum security The severity of quantum cybersecurity risks for the financial sector,coupled with the limited time available to prepare,provide the motivation to act and the opportunity for all financial

29、sector stakeholders to take appropriate,proactive measures.Several major financial institutions expect quantum computing to significantly disrupt the sector in the next decade and beyond.6 Furthermore,the emergence of“Harvest Now,Decrypt Later”attack vectors presents a significant current and long-t

30、erm risk to the financial sectors data security.While the timeline is still uncertain,leading experts in the field forecast the quantum threat to materialize within the next decade.Governments are advocating for action now to ensure that the industry is ready for the quantum threat by 2035,7 as high

31、lighted in the United States(US)National Security Memorandum of May 2022.8 This requires action from diverse stakeholders,including industry,regulators,policy-makers and vendors.A recent survey conducted by the FCA highlighted this urgency,as 60%of the respondents from regulatory authorities said th

32、ey anticipated quantum computing to significantly impact the financial sector within the next seven years.Given the existence of both present and future threats and the extensive time required to transition to quantum-secure systems,9 industry and regulators must begin taking proactive steps now.Thi

33、s aligns with recent Forum reports which have emphasized that global regulatory approaches are key drivers to improve cybersecurity towards a quantum-secure transition,10 and are important guardrails to enable the responsible development of quantum technologies.11 Regulatory authorities have also hi

34、ghlighted the importance of ensuring global and harmonized regulatory approaches,with 93%of the mentioned survey respondents agreeing that quantum technologies will have significant implications for their regulatory frameworks.12Bringing together industry and regulatory authoritiesEnsuring global an

35、d interoperable regulatory approaches is a complex task,given the diverse landscape,state of development,and investment and resources available in each jurisdiction.Ongoing collaboration between industry and regulatory authorities is essential to establish clarity and reduce complexity.Such collabor

36、ation fosters alignment to mitigate quantum cybersecurity risks,capture benefits and inform regulatory approaches to ensure security and harness the potential value of quantum technologies.The World Economic Forum,in collaboration with the FCA,initiated an international dialogue,convening regulators

37、,central banks,industry players and academia.This collaborative effort,comprising of coordinated roundtables and curated discussions,brought together industry and regulatory leaders to gather insights and navigate the challenges of transitioning to quantum-secure financial services.Synthesizing the

38、insights from these discussions,this report provides guiding principles to inform regulatory and industry action while charting a roadmap of actions for a transition towards a quantum-secure economy.The journey towards a quantum-secure financial sector is complex and challenging,yet through collabor

39、ative efforts and proactive engagement,it is a journey that the financial sector should embark upon with urgency and resolve.Quantum computing presents considerable opportunities but also threats.The financial sector relies heavily on encryption to protect sensitive information,the exposure of which

40、 could cause significant harm to consumers and markets.Addressing this requires a truly collaborative effort to transition to a quantum-secure future.Suman Ziaullah,Head of Technology,Resilience and Cyber,Financial Conduct AuthorityQuantum Security for the Financial Sector:Informing Global Regulator

41、y Approaches6Current landscape1Emerging misalignment in the regulatory landscape,and challenges in the industry,are limiting actions to embark on a quantum-secure transition.Both public and private sectors are taking initiatives in specific regions,with the US setting a quantum-secure transition mil

42、estone for 203513 and its National Institute of Standards and Technology(NIST)leading international efforts to establish standards and guidance on post-quantum cryptography solutions by 2024.14 While governments,regulators and industry are increasingly cognizant of the quantum threat,a tangible acti

43、on plan to establish global and harmonized regulatory approaches remains elusive.15 Furthermore,the complexity of quantum technologies poses challenges in several other areas,such as skills and knowledge,policy and guidance,long-term cybersecurity priority management,and the high resource-intensity

44、of migrating and upgrading the complex financial infrastructure.16Regulatory perspectiveThe regulatory authorities that have taken part in this dialogue have described the landscape as uncertain,with limited international coordination.In various jurisdictions,a lack of regulatory guidance has led to

45、 uncertainties for industry regarding how to prepare and manage the emerging quantum cyber risks.These uncertainties are further compounded by divergent governmental approaches and early misalignment across regulatory jurisdictions.Different regions are at varied stages of preparedness,and their app

46、roaches to quantum security differ due to size,investment and priorities.This lack of harmonization poses significant challenges for global entities operating in multiple jurisdictions,adding layers of complexity and compliance burdens.On the other hand,it provides the opportunity to prioritize this

47、 issue on the international agenda and to set international guidelines that can be tailored to different jurisdictions to ensure consistency in how different jurisdictions deal with the transition.Furthermore,the interconnected and global nature of the financial sector means that its security often

48、depends on its most vulnerable points.As such,increased emphasis should be placed on supporting emerging markets and smaller organizations in their transition,ensuring that these financial hubs are also adequately prepared to deal with the quantum-enabled risks.The novel and complex nature of quantu

49、m technologies requires further development in knowledge and capabilities across regulators to create the needed understanding to manage this risk.Industry perspectiveIndustry stakeholders highlight challenges stemming from fragmentation and geographical variations in applying global standards.The l

50、ack of regulatory clarity hinders vendors preparedness and reduces investor confidence in the emerging vendor market.The financial sector also faces technological challenges in understanding and implementing various quantum solutions,including post-quantum cryptography and quantum key distribution.M

51、oreover,financial sector organizations often rely on large,complex digital infrastructure with legacy environments,as well as third parties,for a wide range of services,exposing them to supply chain vulnerabilities and increasing the complexity of integrating quantum-secure solutions.The cost and ti

52、me needed for a full transition to a quantum-secure environment is vast,and leaders struggle to balance between the increased cyber risk in a complex threat landscape and the long-term quantum-security risks that are yet to materialize.17 Discussions throughout this work programme have highlighted r

53、egulations as a catalyst for prioritizing and advancing the transition to quantum-secure systems.Balancing short-,medium-and long-term implications of quantum threats requires an approach that avoids excessive regulation while providing clear guidance.Collaboration on an international scale can faci

54、litate the sharing of knowledge,best practices and expertise in implementing different quantum solutions to foster a cohesive approach across jurisdictions.The current conditions in both the industry and regulatory landscapes highlight the urgent need for increased international collaboration to sha

55、re knowledge,expertise and experience.This collaboration should involve industry players,regulators,central banks,standards organizations,third-party suppliers and other stakeholders to ensure a seamless transition to a quantum-secure economy.Quantum Security for the Financial Sector:Informing Globa

56、l Regulatory Approaches7Joint regulator-industry perspectiveThe intricacies of quantum technology and the complexity of the financial sector present challenges for regulators and industry stakeholders.Despite their distinct perspectives,many challenges are shared and require global collaboration to

57、inform early and future regulatory approaches.Industry and regulators must work together to navigate the uncharted territories of quantum computing and quantum-resistant cybersecurity.This pivotal period demands a shared understanding of the challenges and opportunities ahead.Philip Intallura,Global

58、 Head,Quantum Technologies,HSBC,United Kingdom Aligned challenges from regulator and industry perspectives FIGURE 1Regulatory perspectiveIndustry perspectiveLack of quantum awareness,knowledge and capabilitiesLimited collaboration on knowledge and experience sharingNeed to understand regulatory gaps

59、Need for global regulatory clarityClarity in guidance on preparing and managing the transitionGuidance required on solutions and standards to followSource:World Economic Forum and Financial Conduct Authority.Quantum Security for the Financial Sector:Informing Global Regulatory Approaches8Guiding pri

60、nciples 2This section presents four principles to guide and inform global regulatory approaches for a quantum-secure transition.To inform regulatory and industry approaches,this report identifies four guiding principles to create the conditions for collaboration.These principles provide initial guid

61、ance for organizations and regulators,by serving as a foundation to inform global regulatory and industry approaches towards a quantum-secure financial sector.Reuse and repurposeThis principle encourages the exploration and maximization of existing tools,techniques and frameworks to address quantum-

62、enabled cybersecurity risks.It advocates for identifying successful strategies elsewhere and applying them to cryptographic governance.For industry,this means following best practices while reusing processes and tools from areas such as DevOps and vulnerability management.18 For regulators,this mean

63、s clarifying how current regulatory frameworks apply to the quantum threat and cryptographic management more broadly.Soft regulatory mechanisms should be the initial point of departure.Regulators should establish clarity by providing guidance on the application and scope of current regulatory framew

64、orks to cryptographic management across the financial sector.Where there is concrete evidence of gaps in existing frameworks,new regulation should be developed.Four principles for global regulationFIGURE 2Dont reinvent the wheel,rather make best use of existing regulatory frameworks and industry pra

65、ctices to address quantum-enabled cybersecurity risksReuse and repurposeEnsure a standardized approach to mitigating the quantum-enabled cybersecurity threat and for defining cybersecurity requirements Establish non-negotiablesIndustry players must share their strategies,best practices and approache

66、s to provide valuable insights to regulators and other industry participants.Increase transparencyThink global to avoid the potential for regulatory fragmentation across different markets and to ensure harmonized approaches to regulation worldwideAvoid fragmentationSource:World Economic Forum and Fi

67、nancial Conduct Authority.Quantum Security for the Financial Sector:Informing Global Regulatory Approaches9 Establish non-negotiablesThis principle calls for the definition of overarching requirements,shared by industry and regulatory authorities,to address quantum security issues.These non-negotiab

68、le,baseline requirements should ensure that business action and regulation is customer-focused,technologically neutral and outcome-based.The requirements should follow best practices encompassing emerging international standards,an agile approach to cryptography and risk awareness in an evolving lan

69、dscape.Regardless of technological advancements and their own size or location,all industry players should strive to meet these requirements to guarantee the integrity and safety of the financial sector while ensuring consistency and interoperability.Increase transparencyThis principle urges industr

70、y players and regulators to exchange information on their strategies,best practices and approaches as much as possible.They should also be encouraged to share evidence-based,scientific communication about security threats on the one hand,and information about preventive mechanisms on the other.Such

71、open communication is crucial for developing effective regulatory approaches and best practices to enable a quantum-secure transition.Transparency establishes a level playing field where security is recognized as a non-profit-generating activity and a systemic,strategic objective that ultimately con

72、tributes to financial stability.With the global financial sector being only as strong as its weakest link,collective learning and insight-sharing are essential for cybersecurity.Rather than being a competitive arena,cybersecurity is an essential foundation on which the financial sector rests.Avoid f

73、ragmentation This principle calls for a global approach centred on collaboration to avoid regulatory fragmentation across different markets.Fragmentation creates challenges for global entities operating in multiple jurisdictions,adding layers of complexity and compliance burdens.Quantum-enabled cybe

74、rsecurity risks require a globally coordinated,agile approach to regulation and industry action that encompasses both mature and emerging markets,and is adaptive to the evolving risk landscape.This approach requires collaboration and engagement between stakeholders across jurisdictions to understand

75、 the emerging differences in approaches and potential actions to ensure regulatory harmonization and interoperability.Given the global nature of the financial sector,international alignment and cross-border collaboration will boost innovation and bolster security,reducing vulnerabilities between fir

76、ms in any end-to-end transaction.Quantum Security for the Financial Sector:Informing Global Regulatory Approaches10This roadmap guides both regulators and industry in their joint transition to a quantum-secure economy.Industry-regulator journey to a quantum-secure economy3The migration to quantum-sa

77、fe systems is an unprecedented task for all,so it is important for the community to take a holistic approach and consider multiple quantum-safe solutions to achieve defense-in-depth.Charles Lim,Global Head,Quantum Communications and Cryptography,JPMorgan Chase&Co.Quantum Security for the Financial S

78、ector:Informing Global Regulatory Approaches11Overview of the roadmap FIGURE 3The transition to a quantum-secure economy is not just a technological shift but a comprehensive transformation of the financial sectors approach to stakeholder collaboration,cryptographic management and cybersecurity.Towa

79、rds this goal,the roadmap should not be a race,but a strategic journey,with sustained collaboration and focused action among stakeholders across international boundaries.It comprises four distinct phases:prepare,clarify,guide,and transition and monitor.Each phase builds on the previous,addressing th

80、e complexity of the transition in a sequential yet interconnected manner,and many actions span multiple phases.In this sense,the roadmap is sequential,iterative and adaptable for a diverse range of stakeholders.The roadmap serves as a foundational blueprint,fostering a coherent approach to simplifyi

81、ng and managing the intricacies associated with a quantum-secure transition.It aims to catalyse internal and external dialogues within organizations and across the financial sector and to generate momentum on actions to drive the sector towards a quantum-secure future.The roadmap is a tool to guide

82、the transition required to maintain security,integrity and consumer trust in the global financial sector.Quantum computing development is set to accelerate over the next decade and will trigger significant change in the cyberthreat landscape.Acting in anticipation can improve policy effectiveness,an

83、d is of utmost relevance to provide an inclusive transition path accounting for the different economic burden on different countries.Giuseppe Bruno,Director at Economics,Statistics and Research,Central Bank of Italy,Italy Adapt and iteratePrepare1Clarify2Guide3Transition and monitor4Source:World Eco

84、nomic Forum and Financial Conduct Authority.Phase 1.PrepareThe prepare phase marks the first step for the financial sectors journey towards quantum security and modernizing approaches to cryptography.It focuses on raising awareness about quantum risks,understanding the current state of cryptographic

85、 infrastructure,and building internal capabilities.This phase is crucial for financial sector organizations,many of which may already be at or past this stage,as it lays the groundwork for the transition.By establishing a clear baseline,organizations can align their strategies with the emerging quan

86、tum landscape,ensuring they are prepared for action.It is important to raise awareness among firms by providing an overview of how developments in quantum computing may impact business models and processes,including implications for related regulatory considerations.Haimera Workie,Vice-President and

87、 Head,Financial Innovation,Financial Industry Regulatory Authority(FINRA)Key considerationsRaise awareness Raising awareness is essential to clarify the benefits and associated risks of quantum technologies while building and maintaining momentum.Organizations across the financial sector should cons

88、ider tailored education programmes to raise awareness among stakeholders at all levels of their organization,to demystify quantum computing and demonstrate how it could impact daily business operations.Both regulators and industry should consider how to share their perspectives externally to raise a

89、wareness across the sector.Regulators should also focus on sharing knowledge between jurisdictions at this early stage to ensure a level of global awareness of quantum-enabled cyber risks.Understand the point of departureTransitioning to quantum-secure systems is a long-term and strategic operation.

90、Both industry and regulatory authorities must critically examine their current states of quantum readiness to inform their approach to transitioning.Financial sector organizations should consider conducting comprehensive reviews of their cryptographic infrastructure to generate a clear understanding

91、 of their current states.This can include creating a cryptographic inventory,identifying the most vulnerable aspects of their digital and data infrastructure systems and prioritizing parts of their organization that handle sensitive data or are integral to operational stability and the provision of

92、critical business services.It is also important to engage ecosystem partners at this stage,including technology providers and the supply chain that supports the industry.Setting achievable timelines for these assessments and publicizing these plans can enhance industry-wide awareness and foster a co

93、llective approach to quantum readiness.Build internal capabilitiesFinancial sector organizations should build internal capabilities and upskill workforces to transition to quantum-secure systems and prepare for a quantum-enabled economy.Collaboration will be critical to ensure that the sector builds

94、 a holistic knowledge base and the necessary technical skills to transition.Regulators and industry should consider partnering with academic and quantum-focused research institutes to create new training programmes to build quantum-relevant skills and knowledge.Industry,regulators and academia could

95、 also collaborate on initiatives such as secondment programmes and workshops,focusing on bridging the quantum knowledge gap,and sharing domain expertise.Phase 2:ClarifyThe clarify phase provides organizations in the financial sector the opportunity to refine their understanding and approach towards

96、the quantum-secure transition.This phase is about fostering collaboration among global financial stakeholders to gather evidence,identify existing gaps and crystallize both regulatory and industry understanding of the transition.It is particularly important for organizations that have laid their fou

97、ndational groundwork and are now ready to comprehensively understand the complexities of the transition.It is vital for financial regulators and institutions to monitor ongoing quantum computing developments that may pose cybersecurity risk to the financial sector,and work collaboratively to explore

98、 possible risk mitigation measures.”Monetary Authority of Singapore Key considerationsFormalize engagement and collaborationFormalizing engagement between regulators,industry and broader stakeholders is crucial for a coherent and aligned approach to quantum threats.This involves promoting unified me

99、ssaging across industry stakeholders,governments,national security agencies and regulators.These stakeholders should seek to establish cybersecurity as the collective responsibility of the sector,focusing on its non-profit-making nature and its collective benefits for the stability and integrity of

100、global financial markets.Industry may wish to take the lead in establishing formal working groups to share insights and build partnerships towards transitioning.Identifying an industry organization with wide support to lead these working groups is key.These working groups could include regulators an

101、d other stakeholders as observers to ensure that insights are disseminated across the sector.Regulators and other government stakeholders should ensure that international forums discuss the transition to quantum security,and that countries align on a cohesive agenda for quantum security.Map current

102、regulationsIt is not yet clear if and to what extent existing regulatory frameworks are adequate for regulating quantum computing.Both regulators and industry should engage in a comprehensive review of existing frameworks to understand how they capture quantum risks and identify potential gaps.Colla

103、boration should be central to these efforts,ensuring that regulators and industry openly share insights and alternative perspectives.These mapping exercises should also apply a global lens that analyses the similarities and differences in approaches across jurisdictions.This international dynamic ca

104、n help to reduce the risk of regulatory fragmentation,avoiding compliance complexities and vulnerabilities in the global financial sector.Understand the transitionTo successfully navigate the transition to quantum security,financial sector organizations need robust evidence of the cost of transition

105、ing and a comprehensive overview of the underlying complexities.Industry stakeholders should begin modelling the costs and time frame of transitioning,while also analysing the financial implications of inaction.Supplementary,industry-wide impact assessment will also help to build consensus on the ac

106、tions required.Industry stakeholders should simultaneously open discussions with their cybersecurity supply chain partners and critical third parties to gather insights on their approach,development timelines and adoption plans for quantum-secure systems.Regulators could consider bringing together v

107、endors and industry stakeholders in collaborative workshops,sandboxes or hackathon-style events to develop a common set of priorities and early action plans.Regulators could also conduct a cost-benefit analysis of different approaches to quantum risks to understand the financial impact on markets an

108、d the potential regulatory burden,so as to take decisions accordingly.This understanding will help in planning and executing a transition that is both efficient and financially viable for the entire sector.Quantum Security for the Financial Sector:Informing Global Regulatory Approaches14Phase 3:Guid

109、eThe guide phase shifts the focus to key considerations that steer the financial sector towards a successful transition.It involves harnessing the power of regulatory and industry efforts and collaboration to effectively address any regulatory gaps and translate technical standards into practical,ac

110、tionable implementation plans.For organizations,this phase is about moving beyond preparation and clarification to actively shaping and guiding their transition strategies.It focuses on actively developing global industry and regulatory best practices.Global guidelines can help to shape the transiti

111、on to a post-quantum world.Internationally aligned standards for quantum-safe protocols and encryption will ensure smooth and secure communication channels,which is crucial for the stability of the globally interconnected financial market.Petra S.Haefliger,Senior Risk Manager,Swiss Financial Market

112、Authority(FINMA)Key considerationsAddress regulatory gapsGlobal collaborative efforts between industry and regulators will be essential to address where current regulations might not adequately capture quantum risks.National and international cybersecurity agencies should publish security guidance.R

113、egulators should actively engage with industry to understand their practical experiences and perspectives to evaluate the diverse tools at their disposal and respond accordingly.Regulators should leverage both“soft-regulatory approaches”such as signalling through public speeches,and,where required,“

114、hard-regulatory approaches”such as formal regulatory activities.Given the time required to develop and implement regulatory changes,regulators should not seek to reinvent the wheel,but consider new regulation only where essential.Regulators should also seek to coordinate across jurisdictions to ensu

115、re that any action does not result in regulatory misalignment in approaches to quantum risks and the transition to quantum security in the financial sector.Enact standardsGlobal technical standards and open-source projects are a trigger-point for the transition to quantum-security,but concerted effo

116、rt from industry stakeholders is required to translate standards into practical applications.Technical standards,such as those being developed by NIST,19 will provide the foundation for quantum security,but industry should seek to understand and plan for their implementation across new and existing

117、systems.In doing so,industry should work with vendors to understand and implement standardized approaches in a manner that limits disruptions and minimizes operational inefficiencies.Industry stakeholders should embrace transparency by publicizing their plans for transition and integration to stimul

118、ate progress towards industry best practices.Regulators could support these efforts by working more closely with international standard-setting bodies to align messaging around application of technical standards across the financial sector.Developing a map of the industry dependency on standards and

119、 open-source software will demonstrate where action is required.Industry stakeholders and regulators could consider identifying a suitable independent body to support the testing and benchmarking of different approaches and solutions to help inform industry action.Quantum Security for the Financial

120、Sector:Informing Global Regulatory Approaches15Phase 4:Transition and monitorThis phase focuses on the implementation of strategies developed during the preceding stages,while learning and adapting from the entire transition journey.The emphasis shifts to modernizing cryptographic management and ref

121、ining policy development processes to ensure long-term agility and resilience.This phase marks the transition from adaptation to innovative action,ensuring the sectors resilience and readiness for quantum computing challenges.Organizations should enhance their cryptography practices now,as they did

122、with vulnerability management before.Industry-regulator collaborations can help establish coordinated transition roadmaps.Jaime Gmez Garca,Head of Quantum and Architecture at Crypto&Blockchain CoE,Banco SantanderQuantum computing shines light on the systemic risk created by our profound dependency o

123、n digital platforms without resilience-by-design.Michele Mosca,Chief Executive Officer,evolutionQKey considerationsModernize approaches to cryptographyThe quantum-enabled cybersecurity risk has highlighted the pressing need for the financial sector to modernize its overall approach to cryptography a

124、nd cryptographic management.To remain resilient and secure against potential future risks,it is essential to modernize approaches to cryptographic management,such as the deployment of post-quantum cryptography.Organizations should also consider how to update their cryptographic management to align w

125、ith contemporary DevOps,seeking to repurpose and reuse existing practices,tools and processes.This means industry shifting its focus from a one-size-fits-all approach to a cryptographic agile approach.Such an approach would incorporate an inventory of systems,solutions and security protocols that fi

126、rms could easily switch between to remain resilient in the long term.Future cybersecurity threats may materialize quicker than the present quantum threat.To mitigate this risk,industry could also consider adopting a resilient-by-design approach to current and future systems.These considerations are

127、crucial in ensuring that the financial sector can respond effectively to the evolving threat landscape,maintain the trust and confidence of its customers,and uphold the integrity of the global financial sector.Iterative regulatory developmentThe emergence of quantum computing demonstrates the increa

128、singly dynamic nature of innovation across the financial sector;to remain effective,regulatory approaches should iterate to keep pace and continuously monitor developments.By engaging earlier with industry,regulators could adopt an inherently iterative approach by picking up early innovative signals

129、 and understanding the potential regulatory implications ahead of time.This will help regulators maintain a forward-looking approach that focuses on outcomes and is flexible enough to adapt effectively to technological advancements across the sector.For transitioning to quantum security,regulators c

130、ould also consider the potential merits of incentivizing the transition in the event of a market failure,taking an approach mindful of the resources and capabilities of smaller firms.Quantum Security for the Financial Sector:Informing Global Regulatory Approaches16ConclusionAll stakeholders must col

131、laborate towards a cybersecure financial sector in the quantum economy.In an era when the potential of quantum computing looms large,bringing with it immense opportunities and profound challenges,the financial sector must act with foresight and agility.By initiating early discussions between industr

132、y,technology providers and regulatory authorities across the globe,this work programme and final report have highlighted the intricate interplay between the industry and regulatory landscapes,highlighting the challenges that impede the sectors transition to post-quantum security.To address these cha

133、llenges,this report crystallizes insights from collaborative discussions between industry and regulators to provide guiding principles and a phased roadmap for the transition to a quantum-secure economy.The principles and the roadmap are strategic tools to catalyse dialogue,guide decision-making,gen

134、erate momentum and inform global regulatory approaches towards the quantum-security transition.As the financial sector embarks on this journey,it is imperative to remember that the transition to quantum security is not a destination but an ongoing process of adaptation and evolution.This requires a

135、multistakeholder approach across public and private sectors,including governments,regulators,international technical standards,industry players and vendors.The financial sector must remain vigilant,adaptable and united in its approach to harnessing the transformative power of quantum computing while

136、 mitigating its risks.This work programme and report outline a starting point for continued stakeholder collaboration to ensure that the financial sector transitions to a secure,stable and trusted financial ecosystem in the quantum era.Post quantum security is a challenge we cant solve individually.

137、Thanks to the World Economic Forum and FCA for bringing together a broad range of stakeholders and setting a bold ambition to drive a quantum secure economy.Sabrina Feng,Chief Risk Officer for Technology,Cyber and Resilience,London Stock Exchange Group,UKQuantum Security for the Financial Sector:Inf

138、orming Global Regulatory Approaches17AppendixMethodologyFor this paper,the World Economic Forum in collaboration with the Financial Conduct Authority(FCA)gathered insights from five sources throughout 2023.These included:Regulator-only discussions:Two sessions gathered 24 global financial-sector reg

139、ulatory authorities.The first was an education session with leading academics to ensure a base-level understanding among regulators on quantum security.The second was a roundtable discussion that convened regulators to collect perspectives and actions to forge a path towards international collaborat

140、ion on quantum security.Regulatory survey:Conducted by FCA as part of pre-regulatory discussion,the survey was anonymous and non-attributable to the respondent and institution.It contained nine questions with key challenges on the topic to better understand the state of regulators.It collected a tot

141、al of 15 responses from 20 regulatory authorities across different jurisdictions,including Asia,Australia,Europe,the Middle East and North America.Industry-only discussions:Two roundtable discussions convened close to 40 industry stakeholders active in the financial sector ecosystem,to gather insigh

142、ts on adoption trends,challenges regarding quantum security and expected actions towards international regulatory collaboration.Joint industry-regulator discussion:An in-person roundtable gathered 27 industry and global regulators from the financial sector ecosystem to discuss,align and collect insi

143、ghts to define the guiding principles to inform action in global regulatory collaboration.Bilateral interviews with regulatory authorities were also conducted to gain further insight into the current landscape.Teams from the World Economic Forum and FCA consulted 24 financial regulators and nearly 4

144、0 industry stakeholders from across the world.All the discussions were held under Chatham House rules;consequently,no information in this report is attributed to a specific member.Quantum Security for the Financial Sector:Informing Global Regulatory Approaches18ContributorsWorld Economic Forum Filip

145、e BeatoLead,Centre for CybersecurityGiulia MoschettaResearch and Analysis Specialist,Centre for CybersecurityFinancial Conduct AuthorityPavle AvramovicManager,Emerging Tech&Research,Data Technology&InnovationCharlie MarkhamSenior Associate,Emerging Tech&Research,Data Technology&InnovationAcknowledge

146、ments This paper was co-created by diverse stakeholders in the World Economic Forums quantum security working group,part of the quantum computing network,and global financial regulatory authorities.The authors thank them for sharing their insights at workshops and consultation sessions,particularly

147、the following individuals:Bushra AlBlooshi Dubai Electronic Security Center Hoda Al Khzaimi New York University Abu Dhabi Ibrahim Almosallam Saudi Federation for CyberSecurity and Programming Mansour Alsaleh Saudi Central BankJaya Baloo Rapid7,Inc.John Beric MastercardArvinder Bharath International

148、Monetary Fund(IMF)Guiseppe Bruno Central Bank of ItalyDaniel Clemens ShadowDragonDaniel Cuthbert Banco Santander Michael Daniel Cyber Threat AllianceReena Dayal Yadav Institute of Electrical and Electronics Engineers Jrme Desbonnet CapgeminiStefan Deutscher Boston Consulting GroupAli El Kaafarani PQ

149、ShieldSabrina Feng London Stock Exchange Group Benjamin W.Flatgard JPMorgan Chase&Co.Tommaso Gagliardoni Kudelski Security-Kudelski GroupJaime Gmez Garca Banco Santander Roger A.Grimes KnowBe4Petra S.Haefliger Swiss Financial Market AuthorityPhilip Intallura HSBC Holdings Duncan Jones QuantinuumIsaa

150、c Kohn DeloitteRebecca Krauthamer Quantum ThoughtAntia Lamas-linares Amazon Web ServicesQuantum Security for the Financial Sector:Informing Global Regulatory Approaches19ProductionMichela Liberale Dorbol Designer,World Economic ForumMadhur Singh Editor,World Economic ForumCharles Lim JPMorgan Chase&

151、Co.Michele Mosca evolutionQToni Pesonen IQM Quantum ComputersMarkus Pflitsch Terra Quantum AGAna Predojevic Stockholm UniversityKelly Richdale SandboxAQArunima Sarkar World Economic ForumRoland Scharrer AXATamara Scott US Department of StateVikram Sharma QuintessenceLabsJacob Sherson University of A

152、arhusColin Soutar DeloitteRick Switzer US Department of StateSalvador E.Venegas-Andraca Tecnolgico de MonterreyMira Wolf-Bauwens IBM CorporationHaimera Workie Financial Industry Regulatory Authority(FIRA)Suman Ziaullah Financial Conduct Authority The Forum also wishes to acknowledge contributions fr

153、om Mark Barwinski,as well as participation of all the following financial regulatory authorities:Authority for the Financial Markets of the NetherlandsAustralian Securities and Investments Commission(ASIC)Bank of EnglandBank of IsraelBank for International Settlements(BIS)Central Bank of FranceCentr

154、al Bank of ItalyDanish Financial Supervisory Authority Deutsche Bundesbank(Central Bank of Germany)European Securities and Markets AuthorityFederal Reserve Board of Governors Financial Industry Regulatory Authority(FINRA)Italian Companies and Exchange Commission(CONSOB)Monetary Authority of Singapor

155、e,SingaporeOffice of the Superintendent of Financial Institutions(OSFI)Saudi Central Bank Securities and Exchange Board of India(SEBI)South African Reserve Bank(SARB)Swiss Financial Market Authority(FINMA)Swiss National BankUS Securities and Exchange Commission(SEC)World BankQuantum Security for the

156、 Financial Sector:Informing Global Regulatory Approaches20Endnotes1.Deloitte,“Industry spending on quantum computing will rise dramatically.Will it pay off?”,2023:https:/ 2.Jean-Francois Bobier et al.,“What Happens When If Turns to When in Quantum Computing?”,BCG,2021:https:/web- 3.McKinsey&Company,

157、“Quantum Technology Monitor”,2023:https:/ 4.UK Finance,“Minimising the risks:Quantum technology and financial services”,2023:https:/www.ukfinance.org.uk/policy-and-guidance/reports-and-publications/minimising-risks-quantum-technology-and-financial5.World Economic Forum,“Transitioning to a Quantum-Se

158、cure Economy”,2022:https:/www3.weforum.org/docs/WEF_Transitioning%20to_a_Quantum_Secure_Economy_2022.pdf 6.Bank for International Settlements,“Project Leap:quantum-proofing the financial sector”,2023:https:/www.bis.org/publ/othp67.htm 7.The White House,“National Security Memorandum on Promoting Unit

159、ed States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems”,4 May 2022:https:/www.whitehouse.gov/briefing-room/statements-releases/2022/05/04/national-security-memorandum-on-promoting-united-states-leadership-in-quantum-computing-while-mitigating-risks-to-vu

160、lnerable-cryptographic-systems/8.Michele Mosca and Marco Piani,“2021 Quantum-Threat Timeline Report”,Global Risk Institute,January 2022:https:/globalriskinstitute.org/publications/2021-quantum-threat-timeline-report/9.World Economic Forum,“Transitioning to a Quantum-Secure Economy”,2022:https:/www3.

161、weforum.org/docs/WEF_Transitioning%20to_a_Quantum_Secure_Economy_2022.pdf10.World Economic Forum,“Global Cybersecurity Outlook”,2023:https:/www3.weforum.org/docs/WEF_Global_Security_Outlook_Report_2023.pdf;World Economic Forum,“Quantum Readiness Toolkit:Building a Quantum-Secure Economy”,2023:https:

162、/www3.weforum.org/docs/WEF_Quantum_Readiness_Toolkit_2023.pdf11.World Economic Forum,“Quantum Computing Governance Principles”,2022:https:/www.weforum.org/publications/quantum-computing-governance-principles/12.The survey was conducted by FCA as part of this paper.For detailed information,see Method

163、ology13.Tandem,“Financial Institutions&Quantum Computing:A Cybersecurity Compliance Timeline”:https:/tandem.app/blog/financial-institutions-quantum-computing-a-cybersecurity-compliance 14.NIST,“Post-Quantum Cryptography”:https:/csrc.nist.gov/projects/post-quantum-cryptography 15.Digital Regulation C

164、ooperation Forum(DRCF),“Quantum Technologies Insights Paper”,2023:https:/www.drcf.org.uk/_data/assets/pdf_file/0027/262674/DRCF-Quantum-Technologies-Insights-Paper.pdf;Bank for International Settlements,“Project Leap:quantum-proofing the financial sector”,2023:https:/www.bis.org/publ/othp67.htm 16.F

165、INRA,Quantum Computing and the Implications for the Securities Industry,2023:https:/www.finra.org/rules-guidance/key-topics/fintech/report/quantum-computing 17.Jean-Franois Bobier,Cassia Naudet-Baulieu,Matt Langione,Brett Thorson,Jaroslav najdr and Stefan A.Deutscher,“Are You Ready for Quantum Commu

166、nications?”,BCG,2022:https:/ Economic Forum,“Transitioning to a Quantum-Secure Economy”,2022:https:/www3.weforum.org/docs/WEF_Quantum_Readiness_Toolkit_2023.pdf18.World Economic Forum,“Quantum Readiness Toolkit:Building a Quantum-Secure Economy,2023”:https:/www3.weforum.org/docs/WEF_Quantum_Readines

167、s_Toolkit_2023.pdf19.NIST,“Post-Quantum Cryptography”:https:/csrc.nist.gov/projects/post-quantum-cryptography Quantum Security for the Financial Sector:Informing Global Regulatory Approaches21World Economic Forum9193 route de la CapiteCH-1223 Cologny/GenevaSwitzerland Tel.:+41(0)22 869 1212Fax:+41(0

168、)22 786 2744contactweforum.orgwww.weforum.orgThe World Economic Forum,committed to improving the state of the world,is the International Organization for Public-Private Cooperation.The Forum engages the foremost political,business and other leaders of society to shape global,regional and industry agendas.