Workshops Manufacturing PQC Migration for ICS
Manufacturing Deep Dive Session

PQC Migration for Industrial Control Systems

This workshop equips OT security leads, plant managers, and IT/OT integration teams with a practical PQC migration plan for industrial control systems, sequenced by Purdue model level to maintain production continuity.

Half day (3 hours)
In person or online
Max 30 delegates
Commission This Workshop View Agenda

Proud to recommend our expert members

Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside
Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside

Workshop Description

For OT security leads, plant managers, and IT/OT integration teams. Covers the specific cryptographic exposure of PLCs, SCADA, DCS, and IIoT devices, and how to sequence a PQC migration without disrupting production continuity. Includes a working cryptographic inventory methodology for industrial environments using the Purdue model as the organising framework.

Industrial control systems present unique PQC migration challenges. PLCs running Modbus/TCP have no native encryption and rely on network segmentation; OPC UA uses X.509 certificates with RSA/ECDSA that require algorithm replacement; PROFINET uses challenge-response authentication vulnerable to quantum attack; and IIoT edge devices often run on 8-bit or 32-bit MCUs with constrained RAM that cannot accommodate ML-KEM key sizes without firmware redesign. The NIST PQC standards (FIPS 203 ML-KEM, FIPS 204 ML-DSA, FIPS 205 SLH-DSA) are finalised, but IEC 62443 has not yet incorporated PQC requirements into its security levels. This creates a gap: organisations that wait for IEC 62443 updates risk falling behind on migration timelines, while those that move early must make algorithm choices without full standards alignment. This workshop addresses both paths with a pragmatic, Purdue-model-based migration sequencing approach that prioritises by exposure level and operational impact.

What participants cover

  • ICS cryptographic exposure by Purdue level: which protocols at each level (Level 0 sensors through Level 4 enterprise) use vulnerable RSA/ECDSA/DH and how harvest-now-decrypt-later applies to each
  • FIPS 203/204/205 algorithm selection for OT: ML-KEM key sizes versus constrained device RAM, ML-DSA signature sizes versus OPC UA certificate chains, SLH-DSA for long-lifetime firmware signing
  • Protocol-specific migration: OPC UA certificate replacement, PROFINET authentication upgrade, Modbus/TCP encryption overlay options, MQTT/TLS 1.3 with PQC cipher suites for IIoT
  • Purdue-model migration sequencing: starting at Level 3.5 (DMZ) and Level 4 (enterprise), then Level 3 (site operations), deferring Level 0-1 (process control) until vendor firmware supports PQC
  • Hybrid deployment strategies: running classical and PQC algorithms in parallel during transition to maintain interoperability with legacy equipment and supply chain partners
  • IEC 62443 zone and conduit model applied to PQC: mapping cryptographic boundaries to security zones and defining PQC requirements per conduit

Preliminary Agenda

Deep Dive Session structure with scheduled breaks. Content is configurable to your ICS architecture, installed base, and protocol stack.

# Session Topics
1 ICS Cryptographic Exposure Assessment Mapping vulnerable protocols across the Purdue model
2 Protocol-Specific Vulnerability Analysis OPC UA, PROFINET, Modbus, MQTT, and IIoT edge protocols
  • OPC UA: X.509 certificate chains with RSA-2048/ECDSA-P256, security policy migration to PQC-compatible profiles
  • PROFINET: challenge-response authentication and real-time communication integrity under quantum threat
  • IIoT protocols: MQTT over TLS 1.3, CoAP/DTLS, LwM2M security, and constrained device (8-bit MCU) PQC feasibility
Break, after 40 min
3 FIPS 203/204/205 Algorithm Selection for OT Choosing the right PQC algorithms for constrained industrial devices
  • ML-KEM (FIPS 203): key encapsulation sizes versus device RAM constraints, performance benchmarks on ARM Cortex-M class processors
  • ML-DSA (FIPS 204): signature sizes and verification times for OPC UA certificate validation and firmware authentication
  • Hybrid classical+PQC schemes: maintaining backward compatibility during multi-year OT migration windows
4 Migration Sequencing and Governance Purdue-model-based deployment prioritisation
  • Level 3.5/4 first: enterprise and DMZ systems where standard IT PQC migration applies
  • Level 3 site operations: historian, MES, and SCADA server TLS migration with production continuity constraints
  • Level 0-2 deferral strategy: managing risk for process control devices pending vendor PQC firmware availability
5 Discussion and Action Planning

Designed and Delivered By

Workshops are designed and delivered by QSECDEF in collaboration with sector specialists. All facilitators have direct experience in both quantum technologies and manufacturing systems.

QD

Quantum Security Defence

Workshop design and delivery

QSECDEF brings world-leading expertise in post-quantum cryptography, quantum computing strategy, and defence-grade security assessment. Our advisory membership spans 600+ organisations and 1,200+ professionals working at the intersection of quantum technologies and critical infrastructure security.

MA

Manufacturing Sector Partners

Domain expertise and operational validation

Manufacturing workshops are co-delivered with sector specialists who bring direct operational experience in manufacturing organisations. This ensures workshop content is grounded in regulatory, operational, and technical realities specific to the sector.

Commission This Workshop

Sessions are configured around your ICS architecture, installed base of PLCs/SCADA/DCS, protocol stack, and vendor ecosystem. Get in touch to discuss requirements and schedule a date.

Contact Us
Manufacturing Workshops All Consulting Services All Workshops