SQOUT: A Risk-Based Threat Analysis Framework for Quantum Communication Systems

TL;DR

This paper introduces SQOUT, a comprehensive risk-based threat analysis framework specifically designed for quantum communication systems, integrating threat intelligence and risk assessment to enhance security in quantum infrastructures.

Contribution

It presents the SQOUT framework, combining TTP-style threat analysis with risk assessment tailored for quantum communication systems, and demonstrates its application with real-world attack scenarios.

Findings

SQOUT effectively identifies quantum-specific threats.

The framework aligns with international security standards.

Practical guidance for safeguarding quantum infrastructures.

Abstract

This paper addresses the urgent need for a cybersecurity framework tailored to quantum communication systems as the world transitions to quantum-safe infrastructures. While quantum communication promises unbreakable security, real-world deployments are vulnerable to physical, protocol, and operational risks. Our work presents a structured framework for analysing these threats, combining a TTP-style (Tactic, Technique, Procedure) approach with a specific risk assessment methodology. We introduce SQOUT, a quantum threat intelligence platform, and illustrate its application using a Photon-Number-Splitting (PNS) attack kill chain. Furthermore, we apply established international standards and best practices for information security risk management to assess quantum-specific risk scenarios, providing practical guidance for safeguarding emerging quantum infrastructures.