The CEO’s of America’s biggest banks and financial institutions—Bank of America, Citigroup, J.P. Morgan, Goldman Sachs, Morgan Stanley, and Wells Fargo –are getting a grilling today up on Capitol Hill. They’ll be asked about why they’ve made so much money during COVID; and why they aren’t loaning out more money to help us recover from COVID; as well as getting the usual questions powerful bankers draw from our politicians, both Republicans and Democrats.
But there’s one question they should be asked, but won’t be: what are they doing to protect their assets and America’s financial industry against future quantum attack? Because getting the big banks to lead the charge in getting America quantum ready is as much a matter of social responsibility as promoting racial equity; and as fundamental to our national security as it is a matter of their bottom lines.
The Colonial Pipeline debacle has revealed how vulnerable our infrastructure is to cyberattack, including a future quantum computer attack. My last column revealed how important it is to use quantum and post-quantum solutions to protect our cyber vulnerabilities, now and in the future. This is even more true of our financial infrastructure, including our leading financial markets, our global payments system, and the Federal Reserve system itself.
Our preliminary econometric research at the Hudson Institute’s Quantum Alliance Initiative indicates that the cost of a quantum computer attack on our financial system would be catastrophic—far more than a successful conventional cyberattack. In February authors Welburn and Strong of the RAND Corporation applied a standard Input-Output (I-O) model to conclude that cyber-attack disrupting JP Morgan Chase’s business operations for a single day would result in over $3.5 Billion in total losses for the American economy.
Unfortunately, that model ignored the network contagion effects within the financial sector. We estimate that a single quantum attack on one of the five largest financial institutions in the U.S. that disrupts their access to the Fedwire Funds Service payment system would cause a cascading financial failure costing anywhere from $730 Billion to $1.95 Trillion. Indeed, a quantum computer attack could impair nearly 60% of total assets in the banking system due to bank runs and endogenous liquidity traps.
We know from conversations with Treasury Department officials that banks and the Fed work closely with the federal government and Treasury on cybersecurity issues. But despite warnings from the last Office of Financial Research report on the quantum risk to financial stability, there’s still a big hole when it comes to confronting the quantum threat. In fact, the big banks’ interest in quantum computers tends to revolve around how those computers’ amazing capabilities will be to serve customers and analyze market trends and risks. Thus far only J.P. Morgan and VISA seem to be thinking about the day when a powerful quantum computer can break the most widespread cryptographic methods currently used in cybersecurity. The fact is, the leadership of all the big banks will be crucial for protecting our economy from a quantum-induced financial meltdown, or worse.
Therefore, it’s time to propose that the banks join together to create a Quantum Task Force made up of the country’s largest financial institutions, to promote quantum and post-quantum solutions to cyberattacks not just for themselves but throughout the financial system. Recent research from the New York Fed reveals that a cyberattack just one vulnerable mid-sized bank (less than $10 billion in assets, or less than five percent the size of Goldman Sachs) can bring down the whole system. Our preliminary study here at the Hudson Institute’s Quantum Alliance Initiative indicates that the result would be catastrophic.
Offsetting a risk of this magnitude should be a national, as well as industry, imperative. It’s a problem that won’t wait until 2024 when NIST is expected to begin the roll out of its post-quantum cryptography standards. The array of tools currently available, from quantum-resistant algorithms and double encryption to quantum key distribution for the most vital corporate communications, can protect institutions today and tomorrow, against a quantum attack or the conventional threats that are already lurking out there.
It will no longer suffice to claim that the quantum threat is far off out on the horizon—ten years or more—that we don’t have to worry about it before the next shareholders’ meeting. As my next column will show, the threat may be coming sooner than the experts have predicted.
Fortunately, our biggest financial institutions have the know-how, the resources, and the self-interest to lead us all into the post-quantum era. It is no exaggeration to say that none of us will be truly safe, until they are.
Read in Forbes