Cybersecurity in Critical Infrastructures: A Post-Quantum Cryptography Perspective
Javier Oliva del Moral, Antonio deMarti iOlius, Gerard Vidal, Pedro M. Crespo, Josu Etxezarreta Martinez
TL;DR
This paper analyzes the challenge of securing CI/OT networks against quantum-enabled threats by surveying post-quantum cryptography (PQC) families and their applicability to industrial environments. It contrasts IT and OT constraints, emphasizes tight latency requirements and legacy hardware, and reviews PQC candidates across hash-, lattice-, code-, multivariate-, and isogeny-based families, plus MPC/graph-based approaches, with attention to standardization efforts. The authors argue that lattice-based PQC currently offers the most practical fit for CI/OT due to favorable key/ciphertext sizes and performance, while highlighting the need for OT-specific benchmarks, hardware-aware implementations, and flexible, region-aware standardization. They conclude with concrete guidelines and research directions to enable resilient, quantum-safe CI in a way that respects legacy constraints, regulatory landscapes, and the critical nature of CI operations.
Abstract
The machinery of industrial environments was connected to the Internet years ago with the scope of increasing their performance. However, this change made such environments vulnerable against cyber-attacks that can compromise their correct functioning resulting in economic or social problems. Moreover, implementing cryptosystems in the communications between operational technology (OT) devices is a more challenging task than for information technology (IT) environments since the OT networks are generally composed of legacy elements, characterized by low-computational capabilities. Consequently, implementing cryptosystems in industrial communication networks faces a trade-off between the security of the communications and the amortization of the industrial infrastructure. Critical Infrastructure (CI) refers to the industries which provide key resources for the daily social and economical development, e.g. electricity. Furthermore, a new threat to cybersecurity has arisen with the theoretical proposal of quantum computers, due to their potential ability of breaking state-of-the-art cryptography protocols, such as RSA or ECC. Many global agents have become aware that transitioning their secure communications to a quantum secure paradigm is a priority that should be established before the arrival of fault-tolerance. In this paper, we aim to describe the problematic of implementing post-quantum cryptography (PQC) to CI environments. For doing so, we describe the requirements for these scenarios and how they differ against IT. We also introduce classical cryptography and how quantum computers pose a threat to such security protocols. Furthermore, we introduce state-of-the-art proposals of PQC protocols and present their characteristics. We conclude by discussing the problematic of integrating PQC in industrial environments.