Sie befinden sich hier: start » en » Internal Documentation » WvdS Data-Gateway » 1. General » 3. Quantum-Safe Cryptography » 3.5 Critical Infrastructure

Inhaltsverzeichnis

3.5 Critical Infrastructure

PQC requirements for critical infrastructure1) operators.

Definition

Critical infrastructures are organizations and facilities of significant importance to the community, whose failure would have dramatic consequences.

Sectors According to NIS2

The NIS2 Directive2) defines the following sectors:

Essential Entities:

  • Energy (Electricity, Gas, Oil)
  • Transport (Air, Rail, Water, Road)
  • Banking
  • Financial Market Infrastructures
  • Healthcare
  • Drinking Water
  • Digital Infrastructure

Important Entities:

  • Postal and Courier Services
  • Waste Management
  • Chemical
  • Food
  • Manufacturing
  • Digital Services

Special Requirements

  • Early PQC migration (before 2030)
  • Documentation obligations
  • Incident reporting requirements (within 24h)
  • Regular audits
  • Risk management according to ENISA3) guidelines

"Harvest Now, Decrypt Later" Risk

Especially critical for critical infrastructure4):

  • Long-term sensitive data (>10 years)
  • Infrastructure control data
  • Key material
  • Authentication data

BSI Recommendations

The Federal Office for Information Security5) recommends:

  • Immediate inventory of cryptography
  • Prioritization by data sensitivity
  • Hybrid solutions as transitional measure
  • At least FIPS 203/204/205 compliant algorithms

Sources

1)
Critical Infrastructures: https://www.bsi.bund.de/EN/Topics/KRITIS/kritis_node.html
2)
EU Directive 2022/2555 (NIS2): https://eur-lex.europa.eu/eli/dir/2022/2555/oj
3)
ENISA Risk Management: https://www.enisa.europa.eu/topics/risk-management
4)
ENISA PQC Report: https://www.enisa.europa.eu/publications/post-quantum-cryptography-current-state-and-quantum-mitigation
5)
BSI: https://www.bsi.bund.de/EN/Home/home_node.html
Zuletzt geändert: on 2026/01/29 at 11:28 PM

Seiten-Werkzeuge