Sebi Prepares for Quantum Computing Security Threats, Questions Paper Shareholding
India’s Securities and Exchange Board (Sebi) is proactively preparing for the potential security challenges posed by the advent of quantum computing, with a focus on safeguarding the capital markets against compromised passwords and outdated cryptography.
Speaking today at the annual GFF in Mumbai, Sebi Chairman Tuhin Kanta Pandey stated that quantum computing possesses the capability to break existing password security, necessitating a preemptive overhaul of systems. Sebi has developed an “action plan” to ensure all regulated stakeholders are “quantum ready,” aiming to “discover, prepare and then act” within the next two to four years, targeting a readiness date of 2028 or 2029. This move is critical as quantum computing’s ability to solve complex problems could disrupt current encryption standards, potentially exposing sensitive financial data.
Pandey emphasized the need to move beyond technological neutrality, particularly regarding the continued holding of shares in paper form. “Technology neutrality is actually not feasible,” he said, arguing that maintaining paper shareholding is unsustainable in a largely dematerialized system. He further explained that standardization, similar to the protocols that enable the internet, is essential for technological adoption. For more information on the implications of quantum computing, see the National Institute of Standards and Technology’s quantum readiness resources.
The regulator indicated a preference for embracing new technologies for the benefit of both the industry and investors, and will continue to assess the best technological positions available. Sebi’s focus on quantum-safe cryptography builds on existing efforts to modernize India’s financial infrastructure, as outlined in the Reserve Bank of India’s recent reports. Pandey stated that the industry should adopt and embrace technology for its own good and for the good of the investor community.
Mumbai, Oct 8 (PTI) Advent of quantum computing can lead to big security challenges, and Sebi is engaged in preparing the system to be safe ahead of its adoption, the capital market regulator’s chairman Tuhin Kanta Pandey said on Wednesday.
Pandey said quantum computing has the technological capabilities to make it possible for bad actors to compromise passwords, which were long presumed to be very secure and hence, it is necessary to prepare the system on this front.
Sebi has prepared an “action plan” to ensure quantum readiness of all the stakeholders that it regulates, Pandey said at the annual GFF here.
There is a lot of research which is going into quantum computing, which will rely on principles of quantum mechanics to solve complex problems far beyond the capabilities of classical computers, Pandey said.
The career bureaucrat-turned-regulator said there is a possibility of quantum computing coming and once it comes, the normal cryptography used to set passwords may be the first ones to break.
“We have quantum safe computing (priority) keeping 2028 or 2029 as the date (when quantum comes) on how do we prepare ourselves as an industry to go for quantum-safe cryptography based on an action plan where we discover, we prepare and then we act within the next two-three-four years,” Pandey said.
Meanwhile, answering a query on technology neutrality, Pandey said he does not see the ability to continue holding shares in a paper form continue for long in a system which has transitioned to dematerialization long back.
On the concept of technological neutrality, a hotly contested issue, he chose to go public with his skepticism with a nuanced take.
“Technology neutrality is actually not feasible,” he said, adding that sticking to paper holding of shares will not be beneficial and one has to adopt the best technology position on offer.
Secondly, there is also the aspect of standardization which technologies need to adhere with, Pandey said, adding that the internet would not have been possible without the protocols to connect an entire network of computers.
“You can have technology neutrality only to an extent where multiple technologies which are similar and which can connect,” he said.
“As a regulator, I would say that we should adopt and embrace a technology both for our own good and for the good of the investor community we serve,” Pandey added.
