On 4 February, Pentagram team held its first workshop for 2025 as part of our ongoing commitment to nurturing a SOCI community of practice.
The workshop was on a topic new for Pentagram: Quantum Computing – Security Risk to Critical Infrastructure Sectors.
With growing discussions on quantum science and the potential threat posed by quantum computing to secure communications, we sought insights from leading quantum experts to explore how these developments impact the security of Australia’s critical infrastructure.
Workshop objectives
This workshop provided actionable insights on the evolving security risks posed by quantum computing, focusing on:
🔹 Quantum computing basics: Understand the fundamentals of quantum computing, how it differs from classical computing, and why it is relevant to critical infrastructure security.
🔹 Security threats: Explore the specific risks that quantum computing poses to encryption, data protection, and essential infrastructure systems, particularly the threat to public key encryption (PKE).
🔹 Mitigation and defence strategies: Learn about post-quantum cryptography (QRC), upcoming global standards, and proactive steps organisations can take today to prepare for quantum threats.
🔹 Panel discussion with experts: Engage in an interactive discussion with leading quantum security experts, addressing key challenges and practical approaches to securing infrastructure against quantum-related risks.
Expert guest speakers
Pentagram welcomed two distinguished speakers with deep understanding and expertise in quantum issues:
- Muria Roberts, Director of QTM-X, and
- Dr Rajiv Shah, Managing Director of MDR Security.
Their insights provided valuable clarity on the realistic risks posed by quantum computing and practical steps organisations can take to prepare.
Who attended?
This workshop attracted many new participants to Pentagram’s ongoing no-cost SOCI event series. By keeping these events free, we ensure broad accessibility to critical security discussions while introducing Pentagram as a trusted source of advisory and eLearning services for Australia’s critical infrastructure security and beyond.
The 60-person audience included attendees from 10 countries (four continents!):
✅ Australia
✅ New Zealand
✅ United States
✅ United Kingdom
✅ South Africa
✅ Turkey
✅ Singapore
✅ Philippines
✅ Indonesia
✅ Peru
Industry representation
Participants came from diverse SOCI and non-SOCI sectors, including:
- Government: Australian (Commonwealth, State, and Territory), UK Government
- Technology and cybersecurity
- Critical infrastructure sectors: water, transport, health, energy, finance
- Education and research
- Law enforcement
Key insights from the workshop
The workshop explored several key questions around quantum security risks:
1. Misconceptions about quantum technology
Quantum computers are not just more powerful versions of today’s computers they function fundamentally differently. While they would not solve every problem, they pose a major risk to public key encryption (PKE), which underpins most secure communications.
2. How can organisations address the threats to encryption?
Current solutions like quantum communication exist but are not yet scalable for large, multi-party networks. Given realistic timelines (2030 at the earliest), organisations should prioritise the adoption of quantum-resistant cryptography (QRC) as their primary response.
3. What is the current state of standards and regulations?
📌 NIST (U.S. National Institute of Standards and Technology) leads in setting quantum-resistant encryption standards.
📌 Australia’s ASD (Australian Signals Directorate) is aligning its Information Security Manual (ISM) with quantum security requirements.
📌 Many global standards remain in development, with further updates expected soon.
4. Challenges in QRC migration projects
Organisations must ensure systems are upgradable and crypto-agile. Migration requires coordinated action across all network participants. Challenges include: Key and hash sizes; processing times; and interoperability across systems.
A piecemeal approach would not work – all parties must act together!
5. Lessons from Past QRC Implementations
- Apple iMessage successfully upgraded to quantum-safe encryption because it controls its entire ecosystem.
- Google Chrome, in contrast, faced compatibility issues due to its fragmented ecosystem. Their update generated unexpectedly large data packets, which disrupted ancillary systems.
Practical advice for SOCI entities
✅ Build an inventory of cryptographic tools in use
✅ Assess relative risks and prioritise high-risk areas
✅ Plan long-term upgrades for systems with long lead times
✅ Address risks in operational technology (OT), where older systems may lack vendor support for upgrades
A well-functioning Critical Infrastructure Risk Management Program (CIRMP) enables organisations to systematically evaluate the threat posed by quantum computing and implement mitigation strategies.
Quantum threats are not hypothetical
While quantum threats are emerging, the risks they pose—disrupting secure communications, compromising ICT/OT systems, and enabling data theft—are already known challenges in critical infrastructure.
SOCI entities should leverage existing Business Continuity Planning (BCP) frameworks to prepare for quantum-based disruptions.
Engage further with our expert guest speakers
To connect with Dr Rajiv Shah and MDR Security.
To engage with Muria Roberts and QTM-X
To join the Tasmanian Quantum Network (TQN) – Quantum Safe Transition Working Group
Closing thoughts
Quantum computing represents a new and evolving risk for critical infrastructure entities.
The time to start preparing is now. By engaging with industry experts like Rajiv and Muria, and by embedding quantum risk considerations within your CIRMP, you can proactively mitigate emerging threats.
For expert advice on how quantum threats might be considered with critical infrastructure security, contact Pentagram Advisory today.