Workshops Cyber Defence Incident Response and Recovery Planning
Cyber Defence Deep Dive Session

Quantum Incident Response and Recovery Planning

This session prepares incident response teams to detect, triage, and recover from quantum-enabled cryptographic compromise scenarios.

Half day (3 hours)
In person or online
Max 30 delegates
Commission This Workshop View Agenda

Proud to recommend our expert members

Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside
Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside

Workshop Description

Most incident response playbooks assume that cryptographic primitives hold. A quantum-enabled adversary breaks that assumption. When RSA and ECDH key agreement can be broken, the failure mode is not a single compromised key but a potential cascade: every key hierarchy built on those algorithms is exposed simultaneously. CA signing keys, VPN tunnel authentication, database encryption key wrapping, and code signing certificates all become vulnerable in the same event window.

This session addresses the specific incident response challenges that quantum cryptanalysis creates. Participants work through two scenario types: pre-CRQC incidents (detecting harvest-now-decrypt-later collection activity and responding to it as a current threat) and post-CRQC incidents (responding to mass cryptographic compromise after a quantum computer breaks deployed key agreement algorithms). The session covers detection indicators for each scenario, triage decision trees that distinguish classical from quantum-enabled compromise, and playbook design for key revocation at scale, CA trust chain reconstruction, and hybrid PQC deployment failure handling. Participants leave with a tabletop exercise framework they can run within their own organisations to test quantum incident response readiness.

What participants cover

  • Quantum-era breach scenarios: how cryptographic compromise creates cascading failures across key hierarchies, certificate authorities, and encrypted data stores
  • Pre-CRQC detection: indicators of harvest-now-decrypt-later collection activity including anomalous data exfiltration patterns and targeting of key exchange metadata
  • Post-CRQC triage: distinguishing classical cryptographic failures from quantum-enabled compromise and escalation criteria for CISO and board notification
  • Key revocation at scale: emergency rotation procedures for HSMs, cloud KMS, and certificate authorities with time-to-revoke estimates per architecture type
  • CA compromise response: OCSP/CRL scaling, trust chain reconstruction, and cross-signed certificate fallback procedures
  • Business continuity updates: revised RTOs for re-encryption, regulatory notification requirements (GDPR, NIS2), and a tabletop exercise framework for quantum IR testing

Preliminary Agenda

Half-day session structure. Content is configurable to your incident response maturity, existing playbook framework, and regulatory notification obligations.

#SessionTopics
1 Quantum-Era Breach ScenariosHow cryptographic compromise changes the incident response landscape
2 Detection and Triage for Cryptographic CompromiseIdentifying quantum-relevant incidents before and after CRQC availability
  • Pre-CRQC indicators: anomalous data exfiltration patterns consistent with harvest-now-decrypt-later collection (bulk encrypted traffic capture, targeting of key exchange metadata, unusual interest in archived data)
  • Post-CRQC indicators: sudden access to previously encrypted data, mass key compromise signatures, certificate authority trust chain failures following quantum cryptanalysis
  • Triage decision tree: distinguishing classical cryptographic failures (implementation bugs, key leaks) from quantum-enabled compromise. Escalation criteria for CISO and board notification.
Break, after 50 min
3 Playbook Design for PQC-Related FailuresBuilding quantum-specific incident response procedures
  • Key revocation at scale: procedures for emergency rotation of compromised key hierarchies across HSMs, cloud KMS, and certificate authorities. Time-to-revoke estimates for different infrastructure architectures.
  • Certificate authority compromise response: what happens when a CA signing key is broken by quantum attack. OCSP/CRL scaling, trust chain reconstruction, and cross-signed certificate fallback.
  • Hybrid mode failure scenarios: incident response when a PQC hybrid deployment fails (ML-KEM implementation bug, interoperability failure). Rollback to classical-only and re-migration procedures.
4 Business Continuity and Recovery PlanningUpdating BCP for the quantum threat environment
  • Recovery time objectives: how quantum-enabled compromise changes RTOs for re-encryption of data at rest, certificate reissuance, and VPN tunnel re-establishment
  • Communication protocols: regulatory notification requirements (GDPR 72-hour, NIS2, sector-specific) when cryptographic compromise affects personal or classified data
  • Tabletop exercise framework: a structured scenario for testing quantum incident response readiness. Participants receive the exercise framework for use in their own organisations.

Designed and Delivered By

Workshops are designed and delivered by QSECDEF in collaboration with sector specialists. All facilitators have direct experience in both quantum technologies and incident response operations.

QD

Quantum Security Defence

Workshop design and delivery

QSECDEF brings world-leading expertise in post-quantum cryptography, quantum computing strategy, and defence-grade security assessment. Our advisory membership spans 600+ organisations and 1,200+ professionals working at the intersection of quantum technologies and critical infrastructure security.

CY

Incident Response Partners

Domain expertise and operational validation

Incident response workshops are co-delivered with specialists who bring direct operational experience in SOC management, CSIRT operations, and business continuity planning for critical infrastructure. This ensures workshop content reflects the operational realities of detecting and responding to cryptographic compromise at enterprise scale.

Commission This Workshop

Sessions are configured around your incident response maturity, existing playbook framework, key management architecture, and regulatory notification obligations. Get in touch to discuss requirements and schedule a date.

Contact Us
Cyber Defence Workshops All Consulting Services All Workshops