Workshops Government Critical National Infrastructure Quantum Risk
Government Full Day Workshop

Critical National Infrastructure Quantum Risk

This workshop helps CNI operators and government security leads assess quantum risks to energy, water, transport, finance, and telecommunications infrastructure and plan prioritised cryptographic upgrades across IT and OT boundaries.

Full day (6 hours + Q&A)
In person or online
Max 30 delegates
Commission This Workshop View Agenda

Proud to recommend our expert members

Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside
Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside

Workshop Description

Critical national infrastructure faces quantum cryptographic risks that differ fundamentally from enterprise IT. OT systems in energy, water, and transport have 15-30 year asset lifecycles, safety certification constraints that make cryptographic upgrades expensive and slow, and legacy industrial protocols (Modbus/TCP, DNP3, IEC 61850) with limited or absent native encryption. The IT/OT convergence trend means that enterprise network compromises can expose OT environments to harvest-now-decrypt-later data collection. CNI operators cannot simply swap cryptographic libraries and redeploy; they must navigate safety re-certification, operational continuity requirements, and sector regulator expectations simultaneously.

The regulatory framework is tightening. The NCSC Cyber Assessment Framework (CAF) Objective B and NIS Regulations 2018 create obligations for operators of essential services to protect against foreseeable threats. Sector regulators (Ofgem, Ofwat, CAA, ORR) are beginning to incorporate quantum readiness into their compliance expectations. This workshop provides CNI operators with a structured risk assessment methodology that accounts for the unique constraints of industrial environments, maps the specific cryptographic dependencies across IT and OT boundaries, and develops sector-appropriate migration strategies with realistic timelines and cost models.

What participants cover

  • OT protocol cryptographic dependencies: Modbus/TCP, DNP3-SA, IEC 62351, and the cryptographic agility gap in legacy industrial controllers
  • NCSC CAF alignment: how Objective B and Indicator B4 will incorporate PQC requirements for operators of essential services
  • NIS Regulations 2018 and NIS2 Directive: quantum risk as a "foreseeable threat" triggering operator obligations
  • Sector-specific migration: energy (IEC 62351, SMETS2/GBCS), transport (ERTMS/ETCS, V2X PKI), telecommunications (5G-AKA chain)
  • IT/OT convergence risk: how enterprise TLS termination points create HNDL collection vectors for OT data
  • CNI procurement: specifying PQC requirements in Crown Commercial Service frameworks and IEC 62443 security levels

Preliminary Agenda

Full Day Workshop structure with scheduled breaks. Content is configurable to your CNI sector, operational technology environment, and regulatory jurisdiction.

# Session Topics
1 The Quantum Threat to Critical National Infrastructure Why CNI operators face different quantum risks than enterprise IT
2 Operational Technology Cryptographic Exposure SCADA, ICS, and industrial protocol vulnerabilities
  • OT protocol cryptographic dependencies: Modbus/TCP (no native encryption), DNP3-SA (HMAC-SHA256, quantum-resistant for authentication but not for key exchange), IEC 62351 (RSA/ECDSA for IEC 61850/GOOSE/MMS)
  • SCADA system upgrade constraints: 15-30 year asset lifecycles, safety certification re-validation costs, and the cryptographic agility gap in legacy industrial controllers
  • IT/OT convergence risk: where enterprise TLS termination points expose OT networks to harvest-now-decrypt-later collection via compromised IT perimeters
Break, after 50 min
3 Regulatory Framework for CNI Quantum Migration NCSC, NIS, and sector-specific obligations
  • NCSC Cyber Assessment Framework (CAF): how Objective B (protecting against cyber attack) and Indicator B4 (system security) will incorporate PQC requirements
  • NIS Regulations 2018 and NIS2 Directive: operator of essential services obligations, incident reporting thresholds, and quantum risk as a "foreseeable" threat
  • Sector-specific regulators: Ofgem (energy), Ofwat (water), CAA (aviation), ORR (rail) compliance expectations for quantum readiness
4 Interactive Demonstration: CNI Quantum Risk Assessment Full-day format only
  • Mapping a CNI operator cryptographic inventory across IT and OT boundaries using the NCSC CAF structure
  • Prioritising migration by sector risk: which CNI sectors have the longest data sensitivity windows and shortest upgrade cycles
  • Modelling the cost of early PQC migration versus the cost of a late-stage mandate-driven rush
Break, after 60 min
5 CNI Sector-Specific Migration Strategies Energy, water, transport, finance, and telecommunications
  • Energy sector: IEC 62351 upgrade path, smart meter PKI (SMETS2/GBCS) quantum vulnerability, and the BEIS/DESNZ grid modernisation quantum readiness requirement
  • Telecommunications: 5G-AKA cryptographic chain exposure (covered in detail in the dedicated 5G workshop), fixed-line and backhaul TLS dependencies
  • Transport: ERTMS/ETCS signalling system authentication, connected vehicle V2X PKI (IEEE 1609.2), and aviation ACARS/ARINC 664 cryptographic dependencies
6 Supply Chain and Vendor Assessment for CNI PQC Evaluating vendor quantum readiness for critical infrastructure procurement
  • Crown Commercial Service G-Cloud and DOS framework: how to specify PQC requirements in government procurement
  • IEC 62443 Security Level alignment: mapping PQC capability to SL-1 through SL-4 for industrial control system procurement
  • Vendor PQC roadmap assessment: what to ask OT vendors about their cryptographic agility plans
7 Q&A and Migration Roadmap Planning

Designed and Delivered By

Workshops are designed and delivered by QSECDEF in collaboration with sector specialists. All facilitators have direct experience in both quantum technologies and critical national infrastructure security.

QD

Quantum Security Defence

Workshop design and delivery

QSECDEF brings world-leading expertise in post-quantum cryptography, quantum computing strategy, and defence-grade security assessment. Our advisory membership spans 600+ organisations and 1,200+ professionals working at the intersection of quantum technologies and critical infrastructure security.

CI

CNI Security Partners

Domain expertise and operational validation

CNI workshops are co-delivered with OT security specialists who have direct operational experience in critical infrastructure environments. This ensures workshop content is grounded in the safety, regulatory, and operational constraints specific to CNI sectors.

Commission This Workshop

Sessions are configured around your CNI sector, operational technology environment, and regulatory jurisdiction. Get in touch to discuss requirements and schedule a date.

Contact Us
Government Workshops All Consulting Services All Workshops