More than 3 billion people will use internet banking this year safe in the knowledge that cryptography, highly complex algorithms that convert data into an unreadable format, will keep their personal and financial information safe. However, current encryption standards could soon become obsolete, and Santander is among the leaders of a global effort to push online security to a new level of sophistication.
The advent of quantum computers, with their ability to solve some problems too complex for classical ones, could result in systems powerful enough to defeat the current generation of cryptographic algorithms. The technology is still in its infancy, yet there is a need to anticipate the beginning of a new world.
Santander’s Quantum Threat Group (QTG)
The Quantum Threat Group at Santander is a multidisciplinary initiative formed by several experts from different areas within the bank. “We are actively monitoring the quantum technologies space since 2019. We created the Santander QTG as a joint effort between Cybersecurity Research and the Crypto & Blockchain Center of Excellence. In 2022, the QTG defined the Santander Quantum Threat Program, a long-term roadmap to transition to quantum-safe cryptography”, according to Jaime Gómez García, Head of Quantum Technologies at Santander. “We are making progress to secure a timely transition.”
Santander is at the forefront of international efforts to respond to this cryptography challenge and has established a Quantum Threat Group (QTG) to develop new ways of countering the challenges and protect its systems and customer data.
What is cryptography?
Cryptography is the guardian of every internet user’s online experience. Algorithms ensure all digital information – every bank transaction completed, message sent, and online purchase made – is kept safe from unauthorized access, interception, or manipulation.
However, sensitive data it can protect today might become vulnerable in the future against the processing power available to quantum cyber hackers. Developing new protections for all parts of the digital world is key – and cannot be delayed. Post-quantum cryptography are systems that are secure against both quantum and classical computers.
Changing cryptographic algorithms is a complex task that has, historically, taken several decades. That is why governments and regulators are already establishing deadlines to secure a timely transition to quantum-safe cryptography.
Santander is working with several partners to help shape global standards to counter the threats and develop new security measures that are resistant to future quantum computer attacks while maintaining the security of traditional systems.
Working with US Cybersecurity Center of Excellence
Santander is collaborating with the National Cybersecurity Center of Excellence (NCCoE) of the US National Institute of Standards and Technology (NIST) on the Migration to Post-Quantum Cryptography project.
The goal is to raise awareness of the issues involved in the transition to post-quantum cryptography and develop best practices to ease the future migration tasks for organizations.
“With the advent of quantum computing and its potential to compromise many of the current cryptographic algorithms, it is critical that organizations begin to plan for many of the technological and operational challenges that a migration to post-quantum cryptography will present,” says William Newhouse, Cybersecurity Engineer & Project Lead at NIST NCCoE. “This project aims to help organizations in that effort.”
Santander's involvement in this initiative is acknowledgement of its commitment to digital security. “Our Quantum Threat Group is helping define detection tools and guidelines for quantum-vulnerable cryptographic algorithms,” says Daniel Cuthbert, Global Head of Cybersecurity Research at Santander.
Santander, GitHub and Microsoft alliance focused on the future
Santander is also working with GitHub, a platform at the forefront of software development and security, to tackle the challenges presented by the quantum cryptography world.
The companies, along with Microsoft, created CodeQL a powerful tool designed to assist developers in identifying vulnerabilities that could be exploited by hackers.
Santander was instrumental in developing a Cryptography Bill of Materials, called Cryptobom-Forge, which leverages GitHub's CodeQL output and enables developers to dissect and understand the components of their software. This gives them an unprecedented level of insight into their vulnerability to quantum attack.
Santander is involved in other collaborations with the World Economic Forum and the Spanish chapter of the European Quantum Communications Infrastructure project. It is also part of the Caramuel project, a consortium of Spanish companies led by Hispasat aiming at providing quantum-based secure communications supported by a geostationary satellite.
While the arrival of these next-generation super computers poses a challenge to the security of digital communications, the standardization of new quantum-safe cryptography will guard sensitive information.
Crucially, it will allow people to continue navigating the Internet securely and help banks protect their customers’ personal data and financial information.