Evaluating Cryptographic Vulnerabilities Created by Quantum Computing in Industrial Control Systems

📖 The Scoop

Industrial control systems (ICSs) and operational technology (OT) used in critical infrastructure are increasingly converging with enterprise information technology (IT). As this happens, OT systems' security posture must adapt to a new threat landscape and adopt some of the same security controls as those used in enterprise IT, especially cryptographic controls that rely on public-key cryptography, which are ubiquitous in enterprise IT systems. Although many industrial networks are still in the early stages of adopting some of these controls, a new threat to this foundational element of modern information security looms ahead: quantum computing. Quantum computing will eventually be able to break the public-key cryptography algorithms currently used throughout IT infrastructure, undermining foundational tools used to maintain information security across the country's critical infrastructure. To prepare for the future capabilities of quantum computing, a concerted effort is underway across the United States to migrate to post-quantum cryptography (PQC), but this migration will have unique implications for ICSs and OT systems. Despite the convergence of IT and OT, significant differences remain between IT and OT environments, and the cryptographic vulnerabilities created by quantum computing will not affect IT and OT the same way. These differences have implications both for how OT systems will need to be prepared for the migration to PQC and for mitigation priorities. Thus, this report provides a framework for evaluating quantum computing-related cryptographic vulnerabilities in critical infrastructure ICSs and OT systems to better understand the implications of the migration to PQC and to identify mitigation priorities.

Genre: Business & Economics / Infrastructure (fancy, right?)