CRITICAL INFRASTRUCTURE & UTILITIES
The grid runs for decades. Its cryptography has to keep up.
Energy, water and utility systems are built to last a generation — and so are the cryptographic keys inside them. Quantum Sentinel helps operators discover cryptography across IT and OT, and plan a transition where replacing an algorithm can mean replacing hardware.
Why it matters here
Critical-infrastructure assets are among the longest-lived in any industry: power transformers run for thirty to forty years and smart meters for around fifteen, while control systems can operate for decades. Much of that estate was never designed to change its cryptography — keys are embedded in field hardware, availability comes before patching, and legacy protocols often cannot be upgraded in place. That makes operational-technology migration fundamentally harder than IT, and it makes knowing exactly where cryptography lives — before a quantum computer forces the issue — the difference between a planned programme and an emergency.
The regulatory picture
These are the drivers shaping cryptographic governance in critical infrastructure and utilities — not claims that any framework mandates post-quantum cryptography by name.
NIS2
The EU’s NIS2 Directive requires essential entities, including energy, to have policies on the use of cryptography and encryption, backed by strict incident-reporting duties.
NERC CIP
In North America, CIP standards govern the protection of bulk-electric-system information and communications between control centres — controls that rest on cryptography.
IEC 62443 & IEC 62351
The core standards for industrial-control and power-system security define the cryptographic and PKI mechanisms that a quantum transition must eventually update.
US Executive Order 14412 (2026)
“Securing the Nation Against Advanced Cryptographic Attacks” sets federal post-quantum migration deadlines and directs sector risk-management agencies to help critical-infrastructure operators build their PQC migration plans — a clear signal of the direction of travel.
Where cryptography hides in Critical Infrastructure
Substation & IEC 61850 Comms
Substation and IEC 61850 communications (secured via IEC 62351).
SCADA, HMIs & Historians
SCADA, HMIs and historians (TLS, VPNs).
Field Devices & IEDs
Field devices and IEDs with hardware-embedded keys.
Smart-Metering & AMI
Smart-metering and AMI key management.
Enterprise & OT PKI
Enterprise and OT PKI and certificates.
OT Remote-Access Paths
Remote-access paths into the OT environment.
How Quantum Sentinel helps
Enterprise CBOM
A living inventory spanning IT and OT, from control-room systems to field devices.
Cryptographic Exposure Score
Flag hardware-embedded keys that are hardest to rotate.
Quantum Readiness Score
Evidence for NIS2, NERC CIP and IEC 62443 reporting.
Outcomes for critical infrastructure and utilities
- See cryptography across both IT and OT in a single inventory
- Flag the long-life, hard-to-upgrade assets that need the longest lead time
- Evidence cryptographic governance for NIS2, NERC CIP and IEC 62443
Find the cryptography embedded in a grid built to last decades.
The first step is always the same: visibility. Request a demo and see your cryptographic exposure.