OT/IT convergence, SCADA and intellectual property with post-quantum protection
Modern factories have a heterogeneous mix: 2000s-era PLCs with Modbus, recent Fanuc/KUKA robots with proprietary protocols, Windows Server MES/ERP, and increasing edge AI. Q-Day affects CAD/CAM files (critical IP) through to OT telemetry sent to cloud. The Cyber Resilience Act (CRA, effective 2027) mandates manufacturers to provide security updates throughout the product lifecycle — including PQC transition. Total reshuffle is impossible; crypto-agility is the only way.
Three scenarios where PosQuantum acts
Protecting CAD/CAM files and industrial IP
Automotive OEM with 48 engineering centers. 120 TB of CAD files (CATIA, NX, Creo) and CAM (NC post-processors). Daily transfers between centers and Tier-1/2 suppliers.
State-sponsored adversary harvests snapshots today, decrypts in 2035, and replicates IP in a parallel factory 5 years later.
PUCE Archive per project: signed manifest + encrypted blobs in R2, each engineer has a key derived via ML-KEM-768. PLM integration (Teamcenter, Windchill) via PQSL middleware. Controlled export with revocation list.
OT↔IT gemini with existing SCADA
Process-industry automation plant (chem/pharma). Siemens S7-1500 PLC + WinCC SCADA + OSI PI historian. CRA requirement: crypto-agile firmware by 2027.
OPC-UA uses AES + RSA for authentication. A compromised PLC can inject commands on the production line — with real physical safety consequences.
PQSL ZeroMQ Handler + OPC-UA wrapper for per-critical-command ML-DSA-44 signing. Migration Scanner runs against IEC 61131-3 repositories to flag legacy-crypto usage. Secure Channel for OT↔IT tunnel.
Digital twin + remote ML
Wind energy company with 1,200 turbines. Digital twin in cloud + ML for predictive maintenance. 4 GB/turbine/day telemetry.
MQTT communication with ECDH TLS. Harvestable data reveals engineering know-how (power curves, failure modes) — industrial espionage.
PQSL MQTT Handler on edge gateway. On-prem ML models trained with PUCE Storage; federated inference via PQ Secure Channel. NIS2 compliance automated via Compliance Dashboard.
Reference architecture
1. PLC / field
PQSL Embedded-C in custom firmware (if vendor allows) or OPC-UA PQ wrapper.
2. Edge gateway
PQSL ZeroMQ / MQTT / Modbus Handlers concentrate OT traffic.
3. OT↔IT bridge
PQSL Secure Channel creates PQC tunnel between OT and IT/cloud networks.
4. Historian
PUCE Archive for production history retention (5-10 years).
5. IP protection
PUCE Storage for CAD/CAM files with per-engineer PQ access tokens.
Applicable PosQuantum products
Regulatory compliance covered
Preparing your shop floor for the Cyber Resilience Act (CRA)?
OT/IT workshop + read-only Migration Scanner across SCADA, MES, and PLM — report in 3 weeks with 18-month roadmap.