Quantum Attacks Targeting Nuclear Power Plants: Threat Analysis, Defense and Mitigation Strategies

TL;DR

This paper analyzes the quantum threat to nuclear power plants' cybersecurity, demonstrating attack strategies, risks, and proposing a comprehensive migration to quantum-resistant cryptography to safeguard critical infrastructure.

Contribution

It introduces a forensics-first framework for quantum resilience in nuclear facilities and details attack methodologies, risk assessments, and mitigation strategies aligned with industry standards.

Findings

High success probabilities (up to 78%) for quantum attacks on nuclear facilities.

Demonstrated multi-phase attack scenarios compromising safety and forensic integrity.

Validated phased migration strategies to Post-Quantum Cryptography (PQC).

Abstract

The advent of Cryptographically Relevant Quantum Computers (CRQCs) presents a fundamental and existential threat to the forensic integrity and operational safety of Industrial Control Systems (ICS) and Operational Technology (OT) in critical infrastructure. This paper introduces a novel, forensics-first framework for achieving quantum resilience in high-consequence environments, with a specific focus on nuclear power plants. We systematically analyze the quantum threat landscape across the Purdue architecture (L0-L5), detailing how Harvest-Now, Decrypt-Later (HNDL) campaigns, enabled by algorithms like Shor's, can retroactively compromise cryptographic foundations, undermine evidence admissibility, and facilitate sophisticated sabotage. Through two detailed case studies, \textsc{Quantum~Scar} and \textsc{Quantum~Dawn}, we demonstrate multi-phase attack methodologies where state-level adversaries exploit cryptographic monoculture and extended OT lifecycles to degrade safety systems while creating unsolvable forensic paradoxes. Our probabilistic risk modeling reveals alarming success probabilities (up to 78\% for targeted facilities under current defenses), underscoring the criticality of immediate action. In response, we propose and validate a phased, defense-in-depth migration path to Post-Quantum Cryptography (PQC), integrating hybrid key exchange, cryptographic diversity, secure time synchronization, and side-channel resistant implementations aligned with ISA/IEC 62443 and NIST standards. The paper concludes that without urgent adoption of quantum-resilient controls, the integrity of both physical safety systems and digital forensic evidence remains at severe and irreversible risk.