Migration to post-quantum cryptography to prepare for future capabilities of quantum computing has implications for industrial control and operational technology systems. These implications affect how system owners and operators and other stakeholders should prepare for the migration and prioritize mitigation options.
Evaluating Cryptographic Vulnerabilities Created by Quantum Computing in Industrial Control Systems
- What are the important vulnerabilities to quantum computing in ICSs and OT systems — specifically, where might significant harm be caused by an attacker using a quantum computer that could break cryptographic protections?
- Where are protocols using or enabling cryptographic protections employed within ICS networks and the devices or endpoints they protect?
- How could an attacker cause harm through the cryptographic compromise of ICS and OT networks and components?
- What is the overall difficulty in mitigating risk from each of the identified vulnerability archetypes?
Industrial control systems (ICSs) and operational technology (OT) used in critical infrastructure are increasingly converging with enterprise information technology (IT). As this happens, OT systems' security posture must adapt to a new threat landscape and adopt some of the same security controls as those used in enterprise IT, especially cryptographic controls that rely on public-key cryptography, which are ubiquitous in enterprise IT systems. Although many industrial networks are still in the early stages of adopting some of these controls, a new threat to this foundational element of modern information security looms ahead: quantum computing. Quantum computing will eventually be able to break the public-key cryptography algorithms currently used throughout IT infrastructure, undermining foundational tools used to maintain information security across the country's critical infrastructure.
To prepare for the future capabilities of quantum computing, a concerted effort is underway across the United States to migrate to post-quantum cryptography (PQC), but this migration will have unique implications for ICSs and OT systems. Despite the convergence of IT and OT, significant differences remain between IT and OT environments, and the cryptographic vulnerabilities created by quantum computing will not affect IT and OT the same way. These differences have implications both for how OT systems will need to be prepared for the migration to PQC and for mitigation priorities. Thus, this report provides a framework for evaluating quantum computing–related cryptographic vulnerabilities in critical infrastructure ICSs and OT systems to better understand the implications of the migration to PQC and to identify mitigation priorities.
- The highest risks were those that attacked certificates used in signing (authenticating devices and software); targeted roots of trust or privileged users or were at the highest levels (Purdue levels 3, 4, 5, and demilitarized zone) and lowest level (0) of the ICS hierarchy; and tampered with data, denied service, or elevated user privilege on the system (especially at higher Purdue levels).
- Medium risks were those that targeted other levels of ICSs, unprivileged users, identity at other levels of the hierarchy, or broader cyber activities to enable threats.
- The lowest risks were those that affected a single device, session, or user; had limited ability for impact because of other controls; or focused on activities, such as information disclosure, that had limited temporal value.
- The challenges of mitigating vulnerabilities in key exchange were assessed as low, in digital certificates as medium, and in code-signing as high. Code-signing vulnerabilities should be the highest priority for mitigation, especially for signature verification in embedded devices.
- Incorporate quantum computing risk into threat modeling and planning.
- Prioritize vulnerabilities in code-signing.
- Plan for cryptographic agility in embedded devices.
- Assess how new key-exchange mechanism and certificate standards will be incorporated into industrial protocols and into ICS/OT software applications.
- Assess how new key-encapsulation mechanism and certificate standards will affect ICS/OT environments.
- Implement interim mitigation measures where communication confidentiality is a high priority.
Table of Contents
Vulnerability and Threat Assessment
Summary and Recommendations
A Full Accounting of Our Results