Aircraft avionics cryptographic exposure: RTCA DO-326A defines airworthiness security processes for aircraft systems with 30-40 year service lives. ARINC 664 (AFDX) network security and flight management systems rely on RSA/ECDSA. Aircraft entering service today will operate well beyond CRQC arrival with no practical mid-life cryptographic retrofit path.

Satellite communication HNDL vulnerability: Military and commercial satellites have 15-25 year operational lifespans. NSA CNSA 2.0 mandates PQC for all national security systems including satellite uplink/downlink by 2035. Currently intercepted satellite communications are harvestable for future quantum decryption.

Air traffic management authentication gap: ICAO Assembly Resolution A41-19 (2022) addresses aviation cybersecurity but ADS-B transmissions remain unencrypted and unauthenticated. ADS-B currently lacks any cryptographic protection; quantum computing becomes relevant when authenticated ADS-B is deployed using public-key cryptography, which would itself require PQC to remain secure.

V2X PKI quantum transition: ISO/SAE 21434 (published August 2021) establishes cybersecurity engineering requirements for road vehicles. V2X communications use ECDSA P-256 certificates per IEEE 1609.2. Vehicles have 12+ year lifecycles meaning 2026 production vehicles remain on roads through 2038+ when CRQCs may be operational.

OTA firmware update signature forgery: Over-the-Air update mechanisms for modern connected vehicles use RSA/ECDSA code signing. Quantum forgery of update signatures enables malicious code injection into vehicle ECUs controlling braking, steering, and powertrain systems.

UNECE WP.29 R155/R156 cybersecurity regulation gap: Mandatory for new vehicle type approvals in EU since July 2022 and extended to all new vehicles July 2024. Requires cybersecurity management systems and secure OTA updates but does not yet address post-quantum cryptography creating a future compliance gap.

In-vehicle network security quantum exposure: ISO/SAE 21434 covers the full vehicle cybersecurity lifecycle including CAN bus, LIN, FlexRay, and automotive Ethernet backbone networks. Embedded ECUs have limited computational resources and constrained crypto-agility, making mid-lifecycle PQC migration impractical for vehicles already in production.

Federal cloud PQC compliance requirements: NIST SP 800-210 general access control guidance for cloud systems combined with NIST IR 8547 deprecation timeline means federal cloud deployments must transition to PQC by 2030. FedRAMP and StateRAMP certifications will require FIPS 203/204/205 compliance.

Cloud HSM and key management PQC gap: NIST SP 800-210 defines access control for cloud systems but cloud-hosted HSMs and KMS services currently lack full PQC support. FIPS 140-3 validation for PQC modules is ongoing with multi-year certification timelines. Organizations using cloud HSMs face vendor dependency for PQC migration.

Cloud backup and disaster recovery HNDL risk: Air-gapped backups and long-term archival storage encrypted with RSA/ECDSA key wrapping are vulnerable to harvest-now-decrypt-later. Cloud backup data often retained for 7+ years for compliance.

Cloud Security Alliance quantum readiness guidance: CSA published quantum-safe security guidance identifying crypto-agility as critical requirement for cloud deployments. Multi-cloud environments using 5+ key management systems face fragmented PQC migration paths.

CISA 16 critical infrastructure sectors PQC readiness gap: Presidential Policy Directive PPD-21 defines 16 critical infrastructure sectors. CISA January 2026 Product Categories List per Executive Order 14306 provides PQC procurement guidance but sector-specific PQC guidance exists for only a subset of sectors. RAND Corporation analysis identifies internet services identity management IT products and power grid as highest priority NCFs for PQC migration. Most CI sectors lack dedicated PQC migration roadmaps creating fragmented preparedness.

EU NIS2 Directive quantum implications for essential services: NIS2 (effective October 2024) requires proportionate technical and organizational security measures for essential services but does not explicitly mandate PQC. ENISA June 2025 implementing guidelines recommend post-quantum cryptography adoption for long-lived sensitive data. European Cybersecurity Certification Group (ECCG) incorporated PQC into Agreed Cryptographic Mechanisms v2.0 (April 2025) making PQC part of EUCC certification. Essential services in scope include energy water healthcare digital infrastructure waste management and digital service providers across all EU member states.

ICS/SCADA protocol collective quantum vulnerability: Modbus DNP3 and OPC UA are foundational industrial control protocols deployed across energy water manufacturing transportation and defense. Modbus and DNP3 were designed without cryptographic authentication; modern deployments add TLS/VPN overlays using RSA/ECC. OPC UA integrates RSA/ECC certificate authentication natively. Quantum computers can forge OPC UA certificates masquerade as legitimate controllers decrypt historical VPN traffic and break firmware signatures enabling undetected tampering across all critical infrastructure sectors simultaneously.

Quantum-safe readiness gap: Organizations score average 25/100 on IBM Quantum-Safe Readiness Index. 70% lack complete cryptographic inventory, creating massive vulnerability window. Estimated 5-6 year gap between CRQC arrival and organizational readiness completion.

NIST IR 8547 proposed transition timeline: NIST Initial Public Draft (November 2024) establishes proposed timeline to deprecate RSA, ECDSA, ECDH, and EdDSA by 2030 and disallow them entirely after 2035. Sets 112-bit security minimum. Final version pending as of February 2026. Landmark publication making PQC migration a compliance requirement for federal systems.

CRQC timeline uncertainty: Global Risk Institute 2025 survey of 26 quantum computing experts estimates 28-49% probability of a cryptographically relevant quantum computer (CRQC) within 10 years (up significantly from 19-34% in 2024) and 5-15% within 5 years. Majority of experts now consider a CRQC by 2035 quite likely. Harvest-now-decrypt-later attacks make immediate PQC migration urgent regardless of exact timeline.

EU coordinated PQC transition roadmap: European Commission published coordinated PQC roadmap (June 2025) establishing EU-wide milestones. By December 2026: national transition roadmaps and initial identification steps. By December 2030: high-risk use cases transitioned and PQC-by-default for new systems. By December 2035: PQC transition completed for as many systems as feasible across all EU member states.

DNSSEC quantum signature forgery: DNSSEC uses RSA (RSASHA256 per RFC 6944) and ECDSA (ECDSAP256SHA256 per RFC 6605) to sign DNS records. Approximately 40% of global DNS domains have DNSSEC enabled including 92% root zone adoption. Quantum forgery of DNSSEC signatures enables DNS hijacking for any signed domain redirecting traffic to attacker-controlled servers. PQC signatures face challenges with DNS UDP packet size limits (~1232 bytes) requiring protocol-level changes. IETF draft-sheth-pqc-dnssec-strategy-00 addresses migration strategy.

BGP/RPKI route origin validation quantum vulnerability: RPKI uses RSA-2048 exclusively for signing Route Origin Authorizations (ROAs) that validate BGP route origins. As of 2025 54-59% of IPv4/IPv6 routes are covered by ROAs representing ~74% of global internet traffic. Quantum forgery of ROAs enables attackers to hijack arbitrary IP address prefixes globally redirecting internet traffic at scale. Post-quantum RPKI would increase data sizes from 1.2GB to 2.9-39.1GB depending on algorithm creating significant operational challenges.

SSH key quantum exposure: Billions of SSH keys globally use RSA-2048/4096 ECDSA and Ed25519 for server authentication and remote access. Historical SSH sessions captured today can be decrypted once CRQCs arrive exposing credentials and sensitive data. OpenSSH 10.0 (April 2025) made ML-KEM hybrid (mlkem768x25519-sha256) the default key exchange. GitHub enabled post-quantum SSH (sntrup761x25519-sha512) in September 2025. Legacy SSH deployments without PQC remain vulnerable to harvest-now-decrypt-later attacks.

Vendor dependency crisis: 62% of organizations incorrectly assume vendors will manage quantum-safe transition automatically. Lack of contractual PQC requirements and service-level agreements for crypto-agility.

FIPS 206 FN-DSA (Falcon) standardization status: NIST published the Initial Public Draft of FIPS 206 (FN-DSA) in late 2025 with public comment period underway as of early 2026. Development has taken longer than initially projected due to the mathematical complexity of the algorithm. Once finalized, FN-DSA will provide a 4th PQC standard optimized for compact signatures.

HQC selected as 5th PQC algorithm: NIST announced March 11 2025 the selection of HQC (Hamming Quasi-Cyclic) as a backup KEM to ML-KEM. HQC is based on error-correcting codes rather than lattices, providing algorithmic diversity in case a lattice-based vulnerability is discovered. Draft standard expected for public comment in early 2026 with final standard in 2027.

NIST SP 800-227 KEM recommendations: Published September 2025 as final guidance on key-encapsulation mechanisms. Provides definitions, security properties, and implementation recommendations for KEMs as companion guidance to FIPS 203 (ML-KEM). Establishes best practices for KEM usage in protocols, hybrid constructions, and key management — essential reference for correct PQC deployment.

Container image signing quantum vulnerability: Sigstore/cosign uses ECDSA-P256 exclusively for container image signatures in CI/CD pipelines. Container registries serve as critical software supply chain trust anchors for cloud-native deployments. Quantum forgery of container signatures enables injection of backdoored images into registries undetected affecting every Kubernetes deployment that pulls them. Sigstore transparency log (Rekor) provides tamper resistance but signature verification still depends on ECDSA. PQC support is planned but not yet implemented in the Sigstore ecosystem.

Quantum random number generation (QRNG) for PQC key security: PQC algorithm security depends on high-quality randomness for key generation. Classical PRNGs may contain algorithmic biases exploitable by sophisticated adversaries. QRNG uses quantum mechanical processes to generate theoretically unpredictable randomness. Quantinuum Quantum Origin became the first software QRNG to achieve NIST SP 800-90B entropy source validation (2024). Commercial QRNG products from ID Quantique Quside and QNu Labs are available for HSM IoT and automotive integration. QRNG complements PQC by ensuring cryptographic keys are non-predictable from generation.

Bitcoin ECDSA transaction hijacking: Approximately $718B in quantum-vulnerable P2PK addresses with exposed public keys (price-dependent estimate). Early P2PK addresses including Satoshi's estimated 1.1M BTC are permanently vulnerable as public keys are exposed on-chain. P2PKH addresses are protected until first spend.

Ethereum Foundation PQC initiative: Dedicated post-quantum security team established January 2026 with $2M across two research prizes (Poseidon Prize + Proximity Prize). Active development of account abstraction and Verkle tree migration paths. All Ethereum accounts that have transacted expose public keys making them quantum-vulnerable via secp256k1 ECDSA and BLS12-381.

Blockchain HNDL permanence risk: Federal Reserve research confirms distributed ledger networks face permanent data privacy risks from harvest-now-decrypt-later attacks even with future PQC deployment. On-chain transaction data is immutable — encrypted data harvested today remains permanently exposed once CRQCs arrive.

Cryptocurrency custody HSM quantum vulnerability: Institutional custody solutions managing billions in digital assets rely on secp256k1 ECDSA keys stored in HSMs. NIST PQC standardization identifies ECDSA as quantum-vulnerable. Custody HSM vendors face multi-year FIPS 140-3 recertification timelines for PQC-enabled modules, creating a gap between threat emergence and mitigation availability.

Student PII harvest-now-decrypt-later exposure: FERPA mandates protection of student education records but does not address post-quantum cryptography. Student records including SSNs transcripts disciplinary records and health data are retained 60+ years. PowerSchool breach (2024) exposed 62 million student records demonstrating massive data aggregation risk. Encrypted student databases harvested today become readable once CRQCs arrive.

SAML federation identity compromise: InCommon Federation provides SAML-based identity and access management for US research and education institutions. Federation metadata is signed with 4096-bit RSA keys. Quantum forgery of IdP signing keys enables forged SAML tokens and privilege escalation across all federated services including library systems research databases financial aid and student portals. eduroam WiFi authentication also relies on EAP with RADIUS using RSA/ECDSA certificates.

Federally funded research data quantum exposure: Universities conducting defense-funded research handle ITAR/EAR/CUI data requiring decades-long protection. CMMC 2.0 mandates NIST SP 800-171 controls for DoD-funded research. Research data on quantum computing itself advanced materials genomics and AI represents high-value intelligence targets. Harvest-now-decrypt-later attacks on university research networks could compromise national security research programs.

Digital credential and diploma forgery: W3C Verifiable Credentials 2.0 and Open Badges 3.0 standards use ECDSA/RSA digital signatures for tamper-proof academic credentials. Universities worldwide are adopting blockchain-backed digital diplomas with permanent on-chain signatures. Quantum forgery enables creation of fraudulent academic credentials that are cryptographically indistinguishable from legitimate ones with permanent lifetime impact.

Education sector cyber attack escalation: Education is the most attacked sector globally with 4388 weekly cyberattacks per organization (2025) representing a 31% year-over-year increase. Average breach cost in higher education exceeds $3.7M. Schools use an average of 2591 EdTech tools per year each representing a potential attack surface. Quantum computing will amplify existing attack vectors by enabling cryptographic bypass of authentication and encryption across this already vulnerable sector.

Power grid SCADA quantum vulnerability: IEC 62351 specifies security for power system communications (DNP3, IEC 61850, IEC 60870-5-104) using RSA/ECDSA for authentication. Critical infrastructure with 20-30 year equipment lifecycles and limited OTA update capability creates massive quantum exposure window.

Nuclear facility digital I&C quantum exposure: NRC 10 CFR 73.54 requires cybersecurity for nuclear power plant digital instrumentation and control systems. Nuclear plants operate under 40-year initial licenses with 20-year renewals (some seeking subsequent 20-year renewals to 80 years total). Digital safety systems deployed today will operate well into the CRQC era.

Smart grid quantum security research: University of Toronto CA$1.45M research project identifies real-time quantum attack scenarios targeting grid controllers, smart meters, and energy routers. Over 1 billion smart meters globally will require PQC migration; many lack OTA update capability requiring physical replacement.

Pipeline and oil/gas SCADA quantum vulnerability: IEC 62443 governs industrial automation security for natural gas, oil, and water pipeline control systems. Equipment lifecycles of 20-30 years and air-gapped or semi-air-gapped network architectures complicate PQC migration. Pipeline SCADA systems are classified as critical infrastructure by CISA.

BIS Project Leap quantum-safe payment system cryptography: Phase 2 launched July 2025 with Bank of Italy, Bank of France, Deutsche Bundesbank, Nexi-Colt, and SWIFT testing hybrid PQC on TARGET2 real-time gross settlement system. Demonstrates quantum-safe cryptographic integration for cross-border payment infrastructure processing trillions daily.

Harvest Now Decrypt Later (HNDL) attacks targeting long-lived financial data including transaction records and settlement logs. Federal Reserve research confirms cryptocurrency networks face permanent data privacy risks from HNDL even with future PQC deployment. Financial records retained for regulatory compliance spanning decades are prime targets.

HSM backup key extraction vulnerability: Master encryption keys wrapped with RSA in HSM backup archives become recoverable with quantum computers, exposing entire key hierarchies protecting decades of financial data. NIST SP 800-227 (September 2025) provides formal KEM guidance for transitioning key wrapping to quantum-safe mechanisms.

G7 Cyber Expert Group PQC roadmap: January 2026 statement coordinated by U.S. Treasury and Bank of England establishes G7-wide framework for financial sector quantum-safe migration. Calls for cryptographic inventory, vendor roadmap alignment, and coordinated transition planning across G7 financial systems.

FS-ISAC PQC migration urgency warning: Financial Services Information Sharing and Analysis Center (September 2025) warns that financial sector organizations have not defined or allocated resources for quantum-resistant migration, compressing transition into unrealistically short timeframes. Without immediate action, roadmap collapse by 2030 compliance deadlines is likely.

HNDL on classified data: TOP SECRET information requiring 25-75+ year protection is actively harvested for future quantum decryption. Current encryption provides no protection against this threat.

CNSA 2.0 compliance deadline pressure: NSA mandates CNSA 2.0 compliance with phased deadlines — software/firmware signing supported and preferred by 2025 (exclusively by 2030), networking equipment supported and preferred by 2026 (exclusively by 2030), NSS acquisitions by January 2027, web browsers/servers/cloud supported and preferred by 2025 (exclusively by 2033), full transition by 2035.

Nuclear command and control quantum exposure: NC3 (Nuclear Command, Control, and Communications) systems operate on 50+ year lifecycles and represent the highest-consequence quantum threat scenario. NSA CNSA 2.0 specifically identifies national security systems including strategic communications as priority for PQC transition.

Federal PQC procurement guidance: CISA January 2026 federal buying guidance pursuant to Executive Order 14306 (June 2025) recommends agencies procure quantum-resistant technology across designated product categories including cloud services, collaboration tools, web browsers/servers, and endpoint security. Note: EO 14306 removed the original procurement mandate but CISA's product categories list strongly encourages PQC-capable acquisitions.

Federal PKI signature forgery risk: Quantum-enabled impersonation of federal systems and fraudulent certificate issuance affecting government-wide trust infrastructure. The Federal PKI serves as the root of trust for digital identity across federal agencies, and quantum forgery of CA certificates would compromise the entire federal trust hierarchy.

HNDL on patient records: Healthcare data has lifetime sensitivity; genomic data and mental health records remain sensitive indefinitely. HIPAA mandates 6+ year retention but records persist 25+ years.

Healthcare cloud encryption and breach crisis: Only 4% of healthcare operators encrypted 80%+ of sensitive cloud data. Thales 2025 report shows 59% prototyping or evaluating PQC but low actual deployment. 725 major breaches in 2023 (per HHS OCR) exposed 168M+ individuals (2024 figures pending final OCR reporting). Health records retain lifetime sensitivity making them prime HNDL targets.

Connected medical device lifecycle quantum exposure: FDA Section 524B of FD&C Act requires cybersecurity for medical devices. Implantable and connected devices (pacemakers, insulin pumps, remote monitoring) with 10-20 year lifecycles being deployed today will operate well into the CRQC era. Limited computational resources and power constraints in implantable devices restrict PQC options.

FDA premarket cybersecurity guidance: FDA finalized guidance (September 2023) under Section 524B of FD&C Act (Consolidated Appropriations Act 2023). Requires cryptographic risk assessment and Software Bill of Materials for new device submissions. Medical devices with 10-20 year lifecycles deploying now will operate into the CRQC era.

Drug supply chain authentication quantum risk: Drug Supply Chain Security Act (DSCSA) mandates product serialization and verification to prevent counterfeit drug infiltration. EPCIS (Electronic Product Code Information Services) and verification systems rely on digital signatures and TLS. Quantum forgery of verification responses enables counterfeit drug injection into the legitimate supply chain.

NAIC Insurance Data Security Model Law (MDL-668) quantum exposure: Adopted 2017 and enacted in 22+ states (as of late 2025), requires encryption of nonpublic information in transit and at rest. Actuarial models, claims history spanning decades, and underwriting algorithms represent long-lived sensitive data prime for HNDL attacks.

New York DFS cybersecurity regulation (23 NYCRR 500) quantum gap: Requires risk assessment and encryption for financial services including insurance companies. Life insurance and annuity records with 50+ year retention periods are prime HNDL targets. Regulation does not yet address post-quantum cryptography.

Systemic cyber risk to insurance sector: Geneva Association research identifies systemic cyber risk including quantum threats to insurance industry managing multi-decade policy data. Life insurance and pension records retain sensitivity for 50+ years. Reinsurance treaties with multi-year duration vulnerable to data manipulation.

IoT device risk escalation: Forescout 2025 research reports overall average device risk scores increased 15% year-over-year, with significant country-level risk score increases. Billions of constrained devices using ECDSA P-256 and RSA-2048 with limited crypto-agility and no practical firmware update path for PQC migration.

Industrial IoT SCADA quantum vulnerability: IEC 62443 governs industrial automation security. OPC UA protocol uses RSA/ECDSA for authentication across manufacturing, energy, and critical infrastructure. IIoT environments with 15-25 year equipment lifecycles and air-gapped networks face complex PQC migration.

IoT firmware update security (IETF SUIT): The IETF SUIT working group defines firmware update architecture (RFC 9019) with COSE-based manifest signing (using ECDSA/EdDSA per RFC 9052/9053) for firmware authentication. Constrained devices (Class 1-3) cannot support full PQC signature verification creating a security gap during migration.

Smart city infrastructure quantum vulnerability: Traffic management, public safety cameras, environmental sensors, and municipal IoT systems form interconnected networks with diverse device types and long deployment cycles. ISO/IEC 30182 defines smart community infrastructure framework. City-wide mesh networks and cloud gateways aggregate sensitive data from thousands of endpoints.

Open source cryptographic library PQC integration: OpenSSL 3.5 (April 2025) includes ML-KEM, ML-DSA, and SLH-DSA support with X25519MLKEM768 hybrid key exchange available in TLS (enabled by default in some configurations). Millions of applications depend on OpenSSL and similar libraries. Libsodium and other popular libraries lag behind creating widespread dependency risk during the PQC transition.

Certificate authority and PKI PQC transition: CA/Browser Forum must coordinate migration of the global WebPKI trust hierarchy to post-quantum algorithms. Chrome and Firefox have shipped ML-KEM hybrid key exchange (X25519+ML-KEM-768). Root CA key migration requires coordinated trust store updates across all major browsers and operating systems.

NIST FIPS 203/204/205 standardization milestone: First official PQC standards published August 2024. FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), FIPS 205 (SLH-DSA) provide the foundation for all PQC migration. CMVP validation of implementations is ongoing with first validated modules expected 2025-2026.

Code signing and software supply chain quantum vulnerability: Software supply chain integrity depends on RSA/ECDSA code signing for open source repositories, package managers, and CI/CD pipelines. SLSA (Supply-chain Levels for Software Artifacts) framework identifies signing as critical trust anchor. Quantum forgery of code signatures enables malicious package injection at scale.

Authentication infrastructure quantum vulnerability: Enterprise authentication systems including X.509 digital certificates, SAML assertions, OAuth/OIDC tokens, and FIDO2 attestation rely on quantum-vulnerable PKI. FIDO Alliance has published a PQC roadmap for WebAuthn migration. Migration to PQC-compatible credential systems requires coordinated ecosystem updates.

eIDAS long-term signature vulnerability: EU Regulation 910/2014 Article 25(2) grants qualified electronic signatures legal equivalence to handwritten signatures across 27 EU member states. Property deeds, constitutional documents, and notarial acts require 50-100+ year validity. Quantum signature forgery would retroactively undermine the integrity of millions of legally binding documents.

eIDAS 2.0 Digital Identity Wallet quantum risk: Regulation 2024/1183 (entered force May 20, 2024) amends eIDAS to mandate European Digital Identity Wallets for all EU member states. Wallets must support qualified electronic attestations of attributes. Cryptographic protocols underpinning wallet-to-verifier authentication rely on RSA/ECDSA.

Qualified timestamp quantum forgery risk: ETSI EN 319 422 governs qualified time-stamp authorities under the eIDAS framework using RFC 3161 time-stamp protocol. Timestamps cryptographically prove document existence at specific moments for legal evidence and IP filings. Quantum-capable adversaries could forge timestamps to backdate contracts or fabricate audit trails.

Court electronic evidence repudiation risk: As quantum computing advances, defense attorneys may challenge the integrity of digitally signed electronic evidence, arguing signatures could have been forged. This introduces reasonable doubt for any evidence authenticated solely with quantum-vulnerable cryptography. Courts will need to establish new standards for digital evidence admissibility in the post-quantum era.

Content encryption master key HNDL risk: AACS (Advanced Access Content System) protects Blu-ray and UHD content using RSA key hierarchy. Studio content libraries worth billions have indefinite commercial value. Master encryption keys harvested today enable future mass decryption of entire studio catalogs once CRQCs arrive.

Streaming platform DRM quantum vulnerability: Major streaming services (Netflix, Disney+, Amazon) use Widevine, PlayReady, and FairPlay DRM systems with RSA key hierarchies for content license distribution. Combined global streaming revenue exceeds $100B annually with content catalogs representing irreplaceable IP.

Broadcast conditional access quantum exposure: DVB Conditional Access Systems use ECM (Entitlement Control Messages) with RSA/ECDSA encryption protecting pay-TV content distribution. Set-top boxes and smart TVs with 7-10 year lifecycles have limited crypto-agility for PQC migration.

EMV offline authentication quantum vulnerability: EMVCo specifications use RSA as the only approved asymmetric algorithm for offline card authentication (CDA/DDA). Approximately 14.7 billion EMV chip cards in circulation globally (end 2024). Quantum forgery of RSA signatures enables counterfeit card acceptance at any offline-capable terminal.

PCI DSS 4.0.1 cryptographic gap: PCI DSS requires 'strong cryptography' for cardholder data protection but does not yet mandate post-quantum algorithms. Organizations meeting current PCI compliance may still be quantum-vulnerable. Cryptographic inventory requirements (Req 3/4) do not address PQC readiness assessment.

PIN block encryption quantum vulnerability: PIN encryption at scale relies on 3DES DUKPT; the quantum attack surface is the RSA-based key injection ceremony at Key Injection Facilities (KIFs) used to load base derivation keys into terminals — quantum forgery of RSA key transport enables malicious key injection at scale. AES-256 DUKPT provides quantum-resistant symmetric alternative but terminal hardware replacement required at massive scale.

Railway signaling system quantum vulnerability: EN 50159 (Safety-related communication in railway systems) governs cryptographic authentication for ERTMS/ETCS (European Train Control System) train signaling. GSM-R and its successor FRMCS (Future Railway Mobile Communication System) provide the communication layer. Signaling infrastructure has 25-40 year lifecycles with limited upgrade paths. Quantum compromise of signaling authentication could enable unauthorized train movements.

Positive Train Control (PTC) cryptographic migration: FRA regulations (49 CFR 236.1033) mandate cybersecurity for PTC systems controlling train movements across 57000+ miles of US freight and passenger rail. PTC uses wireless wayside-to-onboard communications with RSA/ECC for key establishment. Equipment lifecycles of 15-25 years mean systems deployed today will operate into the CRQC era. Limited computational resources in onboard units constrain PQC algorithm choices.

Autonomous and driverless train system quantum exposure: Autonomous rail systems including CBTC (Communications-Based Train Control) and GoA4 driverless operations rely on continuous authenticated communication between trackside and onboard systems. ISO/SAE 21434 cybersecurity engineering standards and IEC 62443 industrial automation security govern these systems. Quantum forgery of infrastructure authentication enables unauthorized commands to driverless trains with potential for collisions or derailments.

Transit ticketing and access control quantum exposure: ISO/IEC 14443 contactless smart cards and NFC-based ticketing systems used by transit authorities worldwide rely on cryptographic authentication. MIFARE DESFire and similar platforms use AES/3DES symmetric encryption (quantum-resistant) but PKI infrastructure for card issuance, key management systems, and back-office settlement use RSA/ECDSA.

GSM-R to FRMCS transition quantum vulnerability: European railways are transitioning from legacy GSM-R to FRMCS (Future Railway Mobile Communication System) based on 5G technology (2026-2035 timeline). FRMCS introduces IP-based networks with asymmetric cryptography for authentication and key exchange inheriting 5G quantum vulnerabilities. During the parallel operation period both legacy A5/1 (broken) and 5G crypto (quantum-vulnerable) coexist. Deutsche Bahn begins live FRMCS tests in 2027. Without PQC integration from the design phase FRMCS will require costly retrofitting.

E-commerce payment flow quantum vulnerability: PCI DSS 4.0.1 requires strong cryptography for online payment processing but TLS protecting checkout flows uses RSA/ECDSA key exchange vulnerable to quantum attacks. E-commerce transaction volume exceeds $6 trillion globally with payment data in transit continuously exposed.

Customer data HNDL exposure: Retailers store customer PII, loyalty program data, payment history, and behavioral analytics for 5-10+ years for marketing and compliance. NIST Cybersecurity Framework identifies data protection as core function. Encrypted customer databases harvested today become readable with CRQCs.

Retail supply chain authentication: GS1 standards govern product identification and supply chain visibility for billions of products globally. RFID, EDI (AS2/AS4), and electronic product codes use digital signatures for authentication. Quantum forgery enables counterfeit product injection and supply chain manipulation.

Maritime cybersecurity quantum exposure: IMO MSC-FAL.1/Circ.3 guidelines address maritime cybersecurity. Maritime sector carries approximately 80% of world trade by volume. Port management systems, vessel identity PKI (used in ECDIS and GMDSS), and maritime VPN infrastructure use RSA/ECDSA — AIS itself is an unauthenticated broadcast protocol and is not quantum-affected until authenticated replacements are deployed.

Electronic Bill of Lading quantum vulnerability: DCSA standards for electronic Bills of Lading (eBL) enable digital trade documentation for containerized shipping. Digital signatures on eBL documents prove ownership and transfer rights for cargo worth billions. Quantum forgery enables cargo theft and trade document fraud.

Customs and cross-border trade quantum risk: WCO SAFE Framework of Standards governs security and facilitation of international trade. Digital certificates for customs declarations, AEO (Authorized Economic Operator) credentials, and single window systems use RSA/ECDSA. Quantum forgery enables customs fraud at global scale.

HNDL on subscriber data: Mobile network operators retain call detail records, location data, and encrypted communications for 2-10 years. 5G user data encrypted with vulnerable algorithms.

GSMA Post-Quantum Telco Network Taskforce: Established September 2022 to coordinate quantum-safe migration for mobile network operators worldwide. Published PQ.03 guidelines (v2.0 October 2024) providing telecom-specific PQC migration guidance. Taskforce brings together major operators and vendors to develop industry-wide PQC migration roadmap for 5G/6G infrastructure.

5G network security quantum vulnerability: 3GPP specifications define 5G security architecture (TS 33.501) using ECDSA and RSA for network authentication. 5G network slicing authentication and RAN encryption protect critical enterprise, IoT, and emergency services. N2/N3 interface security relies on IPsec with quantum-vulnerable key exchange.

SIM card and eSIM authentication quantum vulnerability: Billions of SIM cards globally use RSA-2048 or ECDSA P-256 for authentication. GSMA eSIM remote provisioning (SGP.22) relies on PKI with quantum-vulnerable key exchange. SIM replacement cycles of 3-5 years provide a migration window but legacy devices will persist longer.

6G native PQC design window: 6G standards development (2025-2030 in 3GPP and ETSI) represents a critical opportunity to incorporate PQC from the design phase, avoiding the crypto-agility retrofit challenges facing 5G. ETSI ISG on Quantum-Safe Cryptography is providing input to 6G security architecture development.

Water treatment plant SCADA quantum vulnerability: America's Water Infrastructure Act (AWIA) of 2018 requires community water systems serving 3,300+ people to conduct risk and resilience assessments including cybersecurity. Water treatment SCADA systems use ICS protocols with RSA/ECDSA authentication. CISA identifies Water and Wastewater Systems as one of 16 critical infrastructure sectors. Equipment lifecycles of 15-25 years with limited remote update capability.

Dam control system SCADA quantum vulnerability: FERC Security Program for Hydropower Projects governs cybersecurity for federally regulated dams. Dam SCADA systems control spillway gates water flow and emergency shutdowns with catastrophic failure consequences. Remote access gateways use RSA/ECC VPN authentication. Equipment lifecycles of 25-40 years with air-gapped architectures complicate PQC migration. FERC security requirements (Revision 3A 2016) have not been updated to address post-quantum threats.

Wastewater treatment SCADA quantum vulnerability: Wastewater SCADA systems are architecturally distinct from drinking water treatment serving sewage pumping biosolids handling and effluent discharge control. EPA/CISA guidance (August 2024) classifies wastewater under essential services. Newer systems use OPC UA and DNP3 Secure Authentication with RSA/ECC key establishment. Quantum-enabled decryption of control commands could corrupt treatment processes releasing untreated sewage into waterways with environmental and public health catastrophe.

Smart water infrastructure quantum exposure: AWWA (American Water Works Association) standards govern smart water metering, leak detection sensors, and distribution network monitoring using IoT-connected devices. Advanced Metering Infrastructure (AMI) for water utilities faces similar PQC migration challenges as energy smart meters — constrained devices with limited crypto-agility deployed for 10-15 year cycles.

Water quality monitoring IoT sensor quantum exposure: EPA cybersecurity guidance (August 2024) addresses water sector IoT but lacks specific PQC requirements. Real-time water quality sensors monitoring pH turbidity dissolved oxygen and contaminants communicate via IoT protocols with RSA/ECC key bootstrap. Constrained sensors lack crypto-agility for mid-life PQC migration. Quantum-enabled data integrity attacks could inject false sensor readings causing treatment failures and public health emergencies.