Workshops Automotive Supply Chain Cryptographic Risk
Automotive Full Day or Half Day Workshop

Automotive Supply Chain Cryptographic Risk and PQC Migration

This workshop maps quantum cryptographic exposure across automotive supply chains and builds practical migration strategies for OEMs, tier-1 suppliers, and procurement teams.

Full day (6 hours) or half day
In person or online
Max 30 delegates
Commission This Workshop View Agenda

Proud to recommend our expert members

Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside
Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside

Workshop Description

For automotive CISOs, supply chain security leads, and procurement directors. Covers cryptographic trust chain mapping across OEM-tier-1-tier-2 boundaries, TISAX and ISO/SAE 21434 quantum compliance gaps, firmware signing migration, SBOM integrity, and supplier PQC readiness requirements.

Automotive supply chains depend on cryptographic trust at every boundary: OEMs verify firmware from tier-1 suppliers using ECDSA code signatures, tier-1 suppliers authenticate component binaries from tier-2 providers, and procurement systems use TLS and certificate-based authentication for B2B transactions. SBOM integrity relies on X.509 certificate chains with RSA or ECDSA keys. Shor's algorithm would break every one of these trust points. The supply chain problem is harder than single-organisation PQC migration because it requires coordinated action across dozens or hundreds of independent organisations, each with different security maturity levels, contract terms, and upgrade cycles. TISAX assessments and ISO/SAE 21434 lifecycle requirements add compliance pressure. This workshop maps the complete cryptographic dependency chain across a representative OEM-supplier structure, identifies the highest-risk trust boundaries, and builds a phased migration plan with contractual PQC readiness requirements for supplier relationships.

What participants cover

  • Supply chain cryptographic mapping: identifying every code signing, firmware attestation, and B2B authentication dependency across OEM-tier-1-tier-2 boundaries
  • Quantum threat to trust chains: how Shor's algorithm breaks ECDSA/RSA signatures that underpin firmware integrity, SBOM signing, and supplier authentication
  • TISAX and ISO/SAE 21434 compliance gaps: where current cryptographic requirements create quantum exposure under existing regulatory frameworks
  • UNECE WP.29 R155/R156 implications: type approval dependencies on cryptographic foundations in Cyber Security Management Systems
  • PQC migration for supply chains: transitioning firmware signing to ML-DSA (FIPS 204), SBOM integrity to post-quantum attestation frameworks, and procurement authentication to ML-KEM (FIPS 203)
  • Supplier contract requirements: drafting and enforcing PQC readiness clauses for tier-1 and tier-2 supplier relationships

Preliminary Agenda

Full-day session structure with scheduled breaks. Content is configurable to your supply chain topology, supplier tier structure, and existing TISAX/21434 compliance posture.

# Session Topics
1 Automotive Supply Chain Cryptographic Landscape Mapping cryptographic dependencies across OEM, tier-1, and tier-2
2 Quantum Threats to Supply Chain Trust Chains How Shor and Grover break automotive supply chain cryptography
  • Code signing and firmware attestation: ECDSA and RSA signatures on ECU software, tier-1 component firmware, and supplier-provided binaries. Shor's algorithm breaks these entirely.
  • Procurement and contract authentication: TLS-protected supplier portals, EDI message signing, and certificate-based B2B authentication across OEM-supplier boundaries
  • SBOM integrity: Software Bill of Materials signing using X.509 certificates with RSA or ECDSA keys. A compromised signing chain allows undetectable component substitution.
Break, after 50 min
3 TISAX and ISO/SAE 21434 in a Post-Quantum Context Regulatory exposure and compliance gap analysis
  • TISAX information security assessment: current cryptographic requirements and where quantum threats create compliance gaps for OEMs and suppliers
  • ISO/SAE 21434 cybersecurity engineering: lifecycle cryptographic requirements from concept through decommissioning, and the quantum timeline intersection
  • UNECE WP.29 R155/R156: type approval implications when cryptographic foundations supporting CSMS (Cyber Security Management System) become quantum-vulnerable
4 Interactive Demonstration: Supply Chain Cryptographic Audit Full-day format only
  • Mapping a representative OEM-tier-1-tier-2 supply chain: identifying every cryptographic trust point from component procurement through final vehicle assembly
  • Risk scoring each dependency: classifying as quantum-vulnerable (ECDSA, RSA, ECDH), quantum-resistant, or hybrid-ready
  • Building a tiered migration plan: which supplier relationships need contractual PQC requirements first
Break, after 60 min
5 PQC Migration Strategy for Automotive Supply Chains Practical migration across multi-party trust boundaries
  • Firmware and code signing migration: transitioning ECDSA attestation to ML-DSA (FIPS 204) across OEM build systems and supplier CI/CD pipelines
  • SBOM signing with post-quantum algorithms: cosign, Notary v2, and in-toto attestation framework migration paths
  • Procurement contract clauses: requiring PQC readiness from tier-1 and tier-2 suppliers, with compliance verification timelines
6 Vendor Landscape and Cross-Industry Coordination Who is doing what in automotive PQC
  • OEM PQC programmes: published and in-progress initiatives from major automotive manufacturers
  • HSM and TPM readiness: current hardware security module support for FIPS 203/204/205 algorithms in automotive-grade components
  • Cross-industry coordination: Auto-ISAC, CATL, and tier-1 supplier working groups on quantum readiness
7 Q&A and Migration Planning

Designed and Delivered By

Workshops are designed and delivered by QSECDEF in collaboration with sector specialists. All facilitators have direct experience in both quantum technologies and automotive supply chain security.

QD

Quantum Security Defence

Workshop design and delivery

QSECDEF brings world-leading expertise in post-quantum cryptography, quantum computing strategy, and defence-grade security assessment. Our advisory membership spans 600+ organisations and 1,200+ professionals working at the intersection of quantum technologies and critical infrastructure security.

AU

Automotive Sector Partners

Domain expertise and operational validation

Automotive workshops are co-delivered with sector specialists who bring direct operational experience in OEM and tier-1 supplier organisations. This ensures workshop content is grounded in the practical realities of automotive supply chain management, TISAX compliance, and multi-party trust architecture.

Commission This Workshop

Sessions are configured around your supply chain topology, supplier tier structure, and existing compliance posture. Get in touch to discuss requirements and schedule a date.

Contact Us
Automotive Workshops All Consulting Services All Workshops