U.K. NCSC’s Post-Quantum Migration Timeline: Overly Optimistic or Hitting the Mark?

On March 18, the United Kingdom’s National Cyber Security Centre (NCSC) announced a phased timeline for post-quantum migration, primarily targeted toward large enterprises, including operators of Critical National Infrastructure (CNI) and Industrial Control Systems (ICSs). According to the guidance, such organizations must have planned their migration by 2028 and completed high-priority, critical migration activities by 2031, with full migration to Post-Quantum Cryptography (PQC) expected by 2035 at the latest. Yet, despite the NCSC’s characterization of the PQC migration as akin to “any large technology transition,” potentially to allay quantum induced anxieties or panic, Operational Technology (OT), ICS, and CNI’s unique security setups complicate the migratory process, casting doubts as to the achievability of the NCSC’s deadline and whether the recently published guidance fully accounts for this additional complexity.

The prospect of Cryptographically Relevant Quantum Computers (CRQCs) poses unique threats to OT systems. Although OT systems are traditionally less reliant on cryptography when compared to their Information Technology (IT) counterparts, asymmetric encryption retains a vital role in securing a Virtual Private Network (VPN) or over-the-Internet remote connectivity, certificate-based protocol encryption or validation, and software and firmware signing, exposing OT systems to unauthorized remote access, message manipulation, or highly persistent malware installations from CRQCs. Moreover, legacy ICS protocols, long OT hardware lifecycles, and outdated Operating Systems (OSs) and software platforms are expected to complicate and elongate the PQC migration. Extensive interdependencies between OT systems and components slows upgrade cycles due to extensive testing needs and stringent compliance and audit requirements, while the rise of Industrial Internet of Things (IIoT) contributes to an ever-growing OT attack surface. Yet, despite these challenges, the U.K. NCSC’s post-quantum timeline is aligned with other national initiatives, including the United States’ 2035 target for completing PQC transitions across all federal systems, with some experts demanding an earlier deadline of 2030. Given the concerns that CRQC will be available in the next 20 years, NCSC’s 2035 date is well-adjusted, rather than overly optimistic; however, their messaging with regard to the transition remains questionable. While over-exaggerating the threat of quantum computing will, in the short term, only serve to sow fear and anxiety, equally characterizing it as another “large technological transition” as the NCSC has in its guidance downplays the additional complexities faced by OT, ICS, and CNI operators within their respective post-quantum journeys.

To mitigate the impact of OT-specific challenges and avoid widespread quantum-induced panic, vendors should:

• Start with Securing Visibility of All Cryptographic Assets and System Components: Cryptographic inventories will be necessary in OT environments, given the large amount of interdependencies and diverse interconnected components. Optimizing discovery requires an assessment of the vulnerability of certificate storage locations (e.g., in non-upgradable legacy Hardware Security Modules (HSMs)) and extending inventory checks to embedded cryptography within products that may not be identified by standard discovery processes is key to gaining a full picture of the entire OT environment and quantum-vulnerable algorithms.
• Prioritize Prospective Vulnerabilities: Given the huge cost and effort associated with upgrading legacy assets, especially in an OT environment, prioritization must be the name of the game. The most sensitive and critical datasets should be operators’ first port of call, considering the data content, the mandated protection or confidentiality period, and the interconnections and communications with other systems and external entities. Vulnerabilities in code-signing are expected to be a significant priority in this regard.
• Plan for Crypto-Agility: Post-quantum algorithmic standards will evolve and change over time, demanding OT systems that can dynamically adapt to new algorithms. Embedded and Internet of Things (IoT) devices are expected to cause some difficulties here given their limited storage and processing power, and given the abundance of aging IoT legacy assets within OT environments. Testing cryptographic scalability and hybridized PQC approaches in advance and continuously will be key to maximizing such assets’ crypto-agility and minimizing potentially disruptive downstream effects.
• Collaborate Across the Supply Chain: Interrogating interconnections and dependencies across the supply chain is necessary to securing true quantum-resistance across OT systems. This is particularly the case given the new Cyber Resilience Act requirements in Europe for compiling a software Bill of Materials (BOM).
• Remember the Basics: Traditional OT security such as network segmentation will remain key in the fight against quantum computing and will be particularly significant for legacy or end-of-life OT hardware and software that require extensive costs and time to update to PQC. Enhancing intrusion detection, incident response, and Zero-Trust principles via Artificial Intelligence (AI) and Machine Learning (ML) will help optimize existing security controls without over-hauling entire security setups.
• Keep Expectations Reasonable and Achievable: The PQC migration will not be an overnight transition. Hybridized PQC approaches and parallel PQC and standard algorithmic systems are expected to be the norm as systems calibrate to the new National Institute of Standards and Technology (NIST)-approved algorithms.

Migration to quantum-resistant systems will be a dynamic and perpetual transition, distinguishing it from other technology transitions thus far. While the NCSC’s timeline is not overly ambitious, its characterization of the PQC migration as yet another “large technology transition” risks minimizing the OT-specific challenges and risks that this migration poses. A balance must be struck between fearmongering or alarmist approaches and downplaying some of the unique difficulties involved if quantum resistance is to be adequately addressed in OT, ICS, and CNI environments.