⚙️ Our free OT PCAP Analyzer has been updated! View PCAP Analyzer v2.0.4 features
Quantum security in OT blog featured image
> > > How Quantum Will Redefine OT Security
Blog

How Quantum Will Redefine OT Security

Dr. Rishabh Das
Dr. Rishabh Das
Critical Infrastructure Cybersecurity researcher at  || Web

Dr. Rishabh Das is an Assistant Professor at the Scripps College of Communication, Ohio University. Dr. Das has over a decade of hands-on experience in operating, troubleshooting, and supervising control systems in the oil and gas industry. Dr Das's research portfolio includes virtualization of Industrial Control Systems (ICS), threat modeling, penetration testing in ICS, active network monitoring, and the application of Machine Learning (ML) in cybersecurity.

When quantum technology is discussed in the context of cybersecurity, there are usually two perspectives from which people approach the topic. 

The first perspective focuses on the computational power of quantum computers, which raises concerns among cybersecurity experts. With such vast computational capabilities, attackers could potentially challenge existing encryption technologies. And this concern is justified, given that current market trends indicate large quantum computers could eventually break today’s encryption algorithms. 

The second lens offers a much more positive perspective. In this context, quantum technology is viewed as an enhancement for the security team. Researchers are witnessing an increased focus on technologies such as quantum communication or quantum key distribution (QKD), post-quantum cryptography (PQC), quantum sensing, and quantum-enhanced analytics and optimization. Quantum technology has the potential to unlock defenses that are currently impossible to achieve.

This article explores how quantum computing can enhance security capabilities within Operational Technology (OT) environments by examining specific security functions.

Encryption and Key Management

At its core, encryption and key management keep data confidential so outsiders can’t read it. In Industrial Control Systems (ICS), that includes protecting everything from remote engineering sessions to control-center communications. Often, these processes must happen across environments where downtime is expensive and devices may be resource-constrained.

Today, most ICS environments rely on familiar “classical” tools such as TLS and VPNs at the perimeter, certificates and PKI where modernization has occurred, and in some legacy zones… little to no encryption at all.

Quantum strengthens encryption and key management in two complementary ways:

  • First, Post-Quantum Cryptography (PQC) improves how we handle cryptography, ensuring key exchange and encryption stay safe from even the most advanced quantum threats. This helps protect us from the “harvest now, decrypt later” worries. 
  • At the same time, Quantum Key Distribution (QKD) offers an exciting new way to create and share encryption keys, with the added benefit of being able to detect if anyone is trying to eavesdrop. In the industry, we do find PQC-based certificates and PQC KEM-based key exchange for RTU to SCADA VPNs.

Maintaining Integrity

Integrity is about ensuring information and commands have not been altered, whether that’s a setpoint sent to a controller or sensor values feeding control logic. Today, integrity is achieved through a mix of cryptography and process using techniques such as signed firmware, checksums, and network protections that attempt to prevent command injection.

The challenge is that many attacks don’t look like obvious “tampering.”

Quantum sensing introduces a really exciting idea. It allows us to check the “reported reality” against the “measured physical reality” using sensing methods that are harder for cyber attackers to manipulate from afar. This makes integrity checks more reliable and not reliant on software alone.

In OT, quantum security is mostly being adopted to address integrity and encryption. PQC-secured digital signatures for control commands and Quantum-enhanced challenge-response for field IEDs are slowly making their way into the OT security modernizing frameworks.

Timing and Synchronization

Timing is a security function that people often overlook until it breaks. ICS relies on time for distributed measurements and sometimes safety logic. Today, plants and utilities depend on GPS, NTP, and PTP with layered defenses.

Quantum brings a genuinely new capability here: higher-stability timing sources and advanced sensing approaches with more robust time-shift anomaly detection. As we continue to explore quantum clocks and validation methods, we may finally be able to ensure “time integrity” in a way that we can actually verify. 

Researchers are already exploring Quantum clock distribution for substations, and Quantum Sensing (QSENS)-based detection of time-shift attacks on grid measurement systems.

Intrusion and Anomaly Detection

This function focuses on spotting malicious activity. Current approaches combine OT-aware passive network monitoring. 

Quantum can strengthen detection along two tracks:

  1. First up, we have quantum-enhanced analytics, which includes techniques like Quantum Machine Learning (QML). This enhanced data helps us recognize patterns more effectively.
  2. On top of that, there’s quantum sensing, which can bring in new “ground truth” signals. This means detection doesn’t just rely on network reports but also considers what’s happening in the physical world around us. 

Quantum Security in OT

The most practical way to think about Quantum in ICS is not as a single replacement, but as a set of upgrades across security functions. Quantum sensing opens a new frontier in defending cyber-physical systems with measurements that are harder to fake from the network. 

If the first quantum story is “attackers get stronger,” the second story is “defenders get smarter and more grounded in physical truth.” Quantum is enabling exciting security capabilities that classical technologies could never achieve on their own.

View additional articles submitted by guest author Dr. Rishabh Das:

Know Your Assets, Know Your Normal: A Practical Guide to OT Baselining

Modernizing OT Security with Human-in-the-Loop GenAI Agents

Monitoring GenAI-driven Data Exposure in Critical Infrastructure

Detecting GenAI Usage in Critical Infrastructure

Back to Blog

You might also like:

OT security consequences blog
February 20, 2026

Understanding Real-World Consequences in OT - IT Org Now OT Curious Part 3

[This is the third blog in our series “IT Org Now OT Curious,” examining the differences between IT and OT cybersecurity....
Read more
Vendor Partner Model
February 12, 2026

Understanding the Vendor Partnership Model - IT Org Now OT Curious Part 2

[This is the second blog in our series focused on IT orgs that are now OT curious, where we examine the differences between...
Read more
February 6, 2026

Are You or Your IT Org Now OT Curious?

If you’ve spent years securing enterprise IT environments and recently found yourself “OT curious,” welcome....
Read more