Quantum Computing Explained: Latest X9 Report Now Available

The latest resource on quantum computing is now available, prepared by the Accredited Standards Committee (ASC) X9 Inc. Quantum Computing Risks to the Financial Services Industry provides background on the principles of quantum computing, the current state of quantum computing as it pertains to the financial services industry, quantum's threat to current cryptography, and timing predictions — and offers guidance on actions that organizations can take now to identify, prepare for and mitigate risks. 

The report is written and maintained by the X9 Quantum Computing Risk Study Group, including ISARA’s Philip Lafrance, CISSP, editor of the report. Accredited by the American National Standards Institute (ANSI), ASC X9 has the mission to create and maintain voluntary consensus standards for the financial services industry, both in the U.S. and internationally. Its efforts aim to improve payments and securities transactions, protect data and facilitate information exchange.

"With the new X9 report, we wanted to create a reader-friendly, thorough resource on the quantum threat and how it affects organizations, and more importantly, to offer actionable, practical guidance on how organizations can move forward with their quantum-safe efforts," said Lafrance.

Everything from Q to A
From providing information on the definitions of qubits to assessing and mitigating threats and risks posed by quantum computers, the report’s information is applicable to all industries and answers questions including:

  • What’s the difference between quantum computing and classical computing?
  • What are the quantum computing risks to cryptography? 
  • What is hybrid cryptography? And crypto agility?
  • What are the probabilities of a quantum threat? 
  • What can organizations do now to prepare? 

Quantum computing and post-quantum cryptography is a matter of "when," not "if." It’s recommended that today’s organizations move from simply monitoring its progress to planning for its arrival. According to the report, "the results of such planning will look different for each agency, organization, or company depending on the types of assets they need to protect and the periods of time this protection must survive attacks by both conventional and quantum means. That said, the planning processes for all entities have requirements in common."  

Download the X9 report for a technical review of quantum computers, their development, how they threaten modern-day information security, and how to plan to mitigate the risks they pose — including guidance on performing cryptographic transitions to quantum-safe algorithms. 

"Quantum-safe cryptography is a very complicated and fast-moving field, and information rapidly becomes outdated. It is important that people responsible for critical infrastructure, including critical financial systems, have access to the latest information on the threat that quantum computers pose, and the available methods for protecting against that threat. X9 is providing a great service by collecting and regularly updating this report," said Tim Hollebeek, head of standards development at DigiCert and co-chair of the Quantum Risk Study Group.