Workshops Power & Energy Critical Infrastructure Protection for Energy
Power & Energy Full Day or Half Day Workshop

Critical Infrastructure Protection for Energy

This workshop provides energy infrastructure protection teams with a structured framework for assessing and mitigating quantum threats across critical infrastructure, integrating NIST CSF 2.0, IEC 62351, and NERC CIP compliance obligations.

Full day (6 hours) or half day
In person or online
Max 30 delegates
Commission This Workshop View Agenda

Proud to recommend our expert members

Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside
Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside

Workshop Description

For energy CI security teams and infrastructure protection leads. Covers quantum-aware critical infrastructure protection integrating NIST CSF 2.0, IEC 62351, and NERC CIP frameworks. Addresses energy-specific HNDL analysis, OT/IT boundary protection, supply chain cryptographic risk, phased PQC migration strategy, and regulatory trajectory for quantum-specific CI requirements.

Energy critical infrastructure operates under multiple overlapping compliance frameworks, each with cryptographic dependencies that quantum computing will invalidate. NIST CSF 2.0 provides the overarching risk management structure. IEC 62351 specifies cryptographic protections for power system communications. NERC CIP mandates electronic security perimeters and supply chain risk management for bulk electric system cyber assets. None of these frameworks currently include quantum-specific requirements, but the regulatory trajectory is clear: FERC, NERC, and EU NIS2 are all moving towards quantum readiness mandates. The harvest-now-decrypt-later threat compounds this urgency for energy infrastructure. SCADA telemetry, grid topology data, bilateral contract terms, and generation scheduling information all have intelligence shelf lives exceeding a decade. Adversaries intercepting this data today will decrypt it when quantum computers mature. This workshop maps quantum risk across all three frameworks, identifies the highest-exposure cryptographic dependencies in a typical energy utility architecture, and builds a phased migration strategy aligned with planned outage windows and asset replacement cycles.

What participants cover

  • NIST CSF 2.0 quantum integration: mapping quantum threats across Identify, Protect, Detect, Respond, Recover, and the new Govern function for energy infrastructure
  • IEC 62351 compliance: PQC algorithm integration into Parts 3-14 (TLS for MMS, GOOSE/SV authentication, key management) with gap analysis methodology
  • NERC CIP alignment: CIP-002 through CIP-013 obligations for BES Cyber System identification, electronic security perimeters, and supply chain PQC procurement
  • HNDL threat analysis: prioritising energy data types by intelligence shelf life (SCADA telemetry, grid topology, market data, bilateral contracts) and adversary capability timelines
  • OT/IT boundary protection: DMZ architecture, data diode deployment, and PQC requirements for cross-boundary protocols between corporate IT and operational networks
  • Supply chain and regulatory trajectory: NIST FIPS 203/204/205 procurement requirements, NERC CIP-013 vendor management, and anticipated quantum-specific CI mandates from FERC, EU NIS2, and national regulators

Preliminary Agenda

Full-day session structure with scheduled breaks. Content is configurable to your infrastructure portfolio, regulatory jurisdiction, and compliance framework priorities.

# Session Topics
1 The Quantum Threat to Energy Critical Infrastructure HNDL exposure, attack surface mapping, and threat actor capabilities
2 Framework Integration: NIST CSF 2.0, IEC 62351, and NERC CIP Mapping quantum risk across overlapping compliance obligations
  • NIST Cybersecurity Framework 2.0: where quantum threats intersect Identify, Protect, Detect, Respond, Recover functions and the new Govern function
  • IEC 62351 Parts 3-14: TLS for power system communications, authentication for GOOSE/SV, and where PQC algorithms integrate into the standard
  • NERC CIP-002 through CIP-013: BES Cyber System identification, electronic security perimeters, supply chain risk management, and PQC migration obligations
Break, after 50 min
3 Energy-Specific HNDL Analysis and OT/IT Boundary Protection Where harvest-now-decrypt-later creates the greatest exposure in energy infrastructure
  • HNDL threat prioritisation for energy: SCADA telemetry, market-sensitive generation data, grid topology information, and bilateral contract terms with intelligence shelf lives exceeding 10 years
  • OT/IT boundary architecture: demilitarised zone (DMZ) design between corporate IT and operational networks, data diode deployment, and PQC requirements for cross-boundary communication protocols
  • Supply chain cryptographic risk: firmware signing, secure boot chains, and vendor update mechanisms as quantum attack vectors for embedded energy infrastructure
4 Interactive Demonstration: CI Protection Assessment Full-day format only
  • Facilitator-led walkthrough: conducting a quantum-aware critical infrastructure protection assessment for a representative energy utility architecture
  • Mapping cryptographic dependencies across NIST CSF 2.0 functions, identifying IEC 62351 compliance gaps, and prioritising NERC CIP remediation items
  • Delegates discuss: applying the assessment framework to their own infrastructure, identifying highest-risk cryptographic dependencies and first migration candidates
Break, after 60 min
5 Migration Strategy and Supply Chain Governance Building a phased PQC transition programme for energy CI
  • Phased migration architecture: prioritising IT/OT boundary protections, then SCADA/EMS communications, then field device firmware, aligned with planned outage windows and asset replacement cycles
  • Supply chain governance: incorporating NIST FIPS 203/204/205 requirements into vendor procurement, firmware update contracts, and NERC CIP-013 compliance programmes
  • Incident response adaptation: updating energy sector incident response plans for quantum-era scenarios including cryptographic compromise of safety systems
6 Regulatory Trajectory and Sector Collaboration Preparing for quantum-specific CI compliance requirements
  • Regulatory horizon scanning: anticipated quantum-specific requirements from FERC, NERC, EU NIS2, and national energy regulators
  • Sector collaboration models: E-ISAC, CESER, and ENISA energy sector threat intelligence sharing for quantum threat indicators
  • Board-level communication: translating quantum CI risk into executive language for investment case preparation and regulatory engagement
7 Q&A and Protection Roadmap Planning

Designed and Delivered By

Workshops are designed and delivered by QSECDEF in collaboration with sector specialists. All facilitators have direct experience in both quantum technologies and power & energy systems.

QD

Quantum Security Defence

Workshop design and delivery

QSECDEF brings world-leading expertise in post-quantum cryptography, quantum computing strategy, and defence-grade security assessment. Our advisory membership spans 600+ organisations and 1,200+ professionals working at the intersection of quantum technologies and critical infrastructure security.

PO

Energy Sector Partners

Domain expertise and operational validation

Power & Energy workshops are co-delivered with sector specialists who bring direct operational experience in power & energy organisations. This ensures workshop content is grounded in regulatory, operational, and technical realities specific to the sector.

Commission This Workshop

Sessions are configured around your infrastructure portfolio, regulatory jurisdiction, compliance framework priorities, and organisational risk appetite. Get in touch to discuss requirements and schedule a date.

Contact Us
Power & Energy Workshops All Consulting Services All Workshops