Workshops Power & Energy Risk Assessment for Nuclear and Energy Facilities

Power & Energy Deep Dive Session

Quantum Risk Assessment for Nuclear and Energy Facilities

This specialist session equips nuclear operators, large utilities, and energy infrastructure owners to assess quantum threats to safety-critical systems and build a governance framework for quantum risk at board level.

Half day (3 hours)

In person or online

Max 30 delegates

Commission This Workshop View Agenda

Proud to recommend our expert members

Workshop Description

For risk, security, and compliance teams at nuclear operators and energy infrastructure owners. Covers quantum threat modelling for safety-critical systems, NRC 10 CFR 73.54 and IAEA NSS-17-T compliance, consequence analysis for cryptographic failures in reactor protection and safety instrumented systems, and board-level governance for quantum risk.

Nuclear facilities operate under regulatory frameworks that require cryptographic protection of safety-related digital assets, yet the quantum threat to these cryptographic foundations is not yet reflected in most facility security plans. Reactor protection systems, safety instrumented systems (SIS), and emergency core cooling controls rely on RSA and ECDSA for authentication and integrity verification. A cryptographically relevant quantum computer would invalidate these protections on assets with operational lifetimes of 40-60 years. The harvest-now-decrypt-later threat is particularly acute for nuclear facilities: classified design documentation, safety system telemetry, and fuel cycle data have intelligence value that extends well beyond the typical IT data retention horizon. This session provides a structured methodology for assessing quantum risk within existing nuclear safety governance, mapping cryptographic dependencies to safety significance classifications, and preparing a regulatory engagement strategy before quantum-specific compliance requirements become mandatory.

What participants cover

Quantum threat timeline: CRQC development estimates, harvest-now-decrypt-later exposure for nuclear data classifications, and nation-state threat modelling for facility-level risk assessment
NRC 10 CFR 73.54 compliance: cryptographic requirements for safety-related digital systems and gap analysis for quantum-vulnerable algorithms in current implementations
IAEA NSS-17-T integration: incorporating quantum threat assessment into existing nuclear security plans and computer security programmes
Safety system dependency mapping: identifying RSA/ECDSA/AES usage across reactor protection, SIS, ECCS, and digital I&C platforms with safety significance classification
Consequence analysis: classifying cryptographic failure modes by nuclear safety category (safety-related, important-to-safety, non-safety) and regulatory notification thresholds
Board-level governance: integrating quantum risk into nuclear safety committee reporting, investment case preparation, and proactive regulatory engagement strategy

Preliminary Agenda

Deep Dive Session structure with scheduled breaks. Content is configurable to your facility type, regulatory jurisdiction, and safety system architecture.

#	Session	Topics
1	Quantum Threat Landscape for Nuclear and Energy Facilities Cryptanalytic timeline, harvest-now-decrypt-later, and safety system exposure	Cryptographically relevant quantum computer (CRQC) timeline estimates: lattice RSA-2048 break horizon and impact on nuclear facility planning cycles Harvest-now-decrypt-later (HNDL) threat to safety system telemetry, reactor instrumentation data, and classified design documentation Nation-state threat modelling for nuclear facilities: intelligence value of safety system parameters, fuel cycle data, and emergency response protocols
Break, after 45 min
2	Regulatory Framework and Compliance Obligations NRC, IAEA, and national regulatory requirements for quantum risk	NRC 10 CFR 73.54 (cyber security for nuclear facilities): current cryptographic requirements and implications of quantum-vulnerable algorithms in safety-related digital systems IAEA Nuclear Security Series NSS-17-T (computer security): integrating quantum threat assessment into existing nuclear security plans National variations: ONR (UK) security assessment principles, ASN (France) digital I&C guidance, and ENSI (Switzerland) requirements for nuclear cyber security
3	Risk Assessment Methodology for Safety-Critical Systems Structured quantum threat modelling for nuclear and energy infrastructure	Safety system cryptographic dependency mapping: identifying RSA/ECDSA/AES usage in reactor protection systems, safety instrumented systems (SIS), and emergency core cooling system (ECCS) digital controls Consequence analysis framework: classifying cryptographic failures by nuclear safety significance (safety-related, important-to-safety, non-safety) and regulatory notification thresholds Board-level governance model: integrating quantum risk into existing nuclear safety committee reporting, investment case preparation, and regulatory engagement strategy
Break, after 45 min
4	Discussion and Action Planning Prioritising quantum risk mitigation within existing nuclear safety programmes	Migration priority sequencing: which cryptographic dependencies in safety systems require immediate assessment and which can follow the standard asset lifecycle Vendor and supply chain engagement: incorporating PQC requirements into nuclear-qualified equipment procurement and digital I&C platform upgrades Regulatory engagement strategy: preparing for quantum-related regulatory queries and proactive engagement with NRC, IAEA, or national regulator on PQC transition plans

Designed and Delivered By

Workshops are designed and delivered by QSECDEF in collaboration with sector specialists. All facilitators have direct experience in both quantum technologies and power & energy systems.

QSECDEF brings world-leading expertise in post-quantum cryptography, quantum computing strategy, and defence-grade security assessment. Our advisory membership spans 600+ organisations and 1,200+ professionals working at the intersection of quantum technologies and critical infrastructure security.

Power & Energy workshops are co-delivered with sector specialists who bring direct operational experience in power & energy organisations. This ensures workshop content is grounded in regulatory, operational, and technical realities specific to the sector.

Commission This Workshop

Sessions are configured around your facility type, safety system architecture, regulatory jurisdiction, and organisational governance structure. Get in touch to discuss requirements and schedule a date.

Power & Energy Workshops All Consulting Services All Workshops