Cybersecurity in Critical Infrastructures: A Post-Quantum Cryptography Perspective

The machinery of industrial environments was connected to the Internet years ago with the scope of increasing their performance. However, this made such environments vulnerable against cyber-attacks that can compromise their correct functioning resulting in economic or social problems. Lately, an increase of cyberattacks to industrial environments has been experienced. Moreover, implementing cryptosystems in the communications between OT devices is a more challenging task than for IT environments since the OT are generally composed of legacy elements, characterized by low-computational capabilities. Consequently, implementing cryptosystems in industrial communication networks faces a trade-off between the security of the communications and the amortization of the industrial infrastructure. Critical Infrastructure (CI) refers to the industries which provide key resources for the daily social and economical development, e.g. electricity or water, and their communications are a very exposed target to cyberattacks. Furthermore, a new threat to cybersecurity has arisen with the theoretical proposal of quantum computers, due to their potential ability of breaking state-of-the-art cryptography protocols, such as RSA or ECC. The chase of functional quantum computers has resulted in a technological race involving many global agents. Those agents have become aware that transitioning their secure communications to a quantum secure paradigm is a priority that should be established before the arrival of fault-tolerance. In this sense, two main cryptographic solutions have been proposed: QKD and PQC. Nevertheless, quantum secure solutions have been mainly centered from the perspective of IT environments. In this paper, we provide a perspective of the problem of applying PQC solutions to CI and analyze which could be the most suitable cryptography schemes for these scenarios.