Smart grids, SCADA, and substations protected against quantum attacks
Substations, RTUs (Remote Terminal Units), smart meters, and SCADA have 30-40 year lifecycles. Equipment installed in 2026 with classical crypto will be quantum-vulnerable in 2035 and still in service in 2060. The EU classified the power grid as OIV (NIS2 Annex I). An attacker with access to harvestable traffic can learn grid topology and coordinate mass-blackout attacks. PosQuantum offers a PQC stack for the resource-constrained world (Embedded-C footprint < 80 KB).
Three scenarios where PosQuantum acts
SCADA substation with IEC 61850
European TSO with 120 substations (HV/EHV). IEC 61850-90-5 over ZeroMQ for GOOSE / Sampled Values. Siemens SICAM and ABB MicroSCADA RTUs.
IEC 61850 default lacks strong authentication. MITM can inject fake trip commands causing cascade trip + blackout.
PQSL ZeroMQ Protocol Handler with per-message ML-DSA-44 signature (low latency). Pre-distributed keys via IEC 62351 with ML-KEM renewal. PQSL Embedded-C in RTU firmware (footprint ≈ 78 KB on Cortex-M4).
Mass smart metering (20M devices)
DSO renewing meter fleet. 20M smart meters, GPRS/NB-IoT + MQTT to head-end.
AES-128 symmetric keys unique per device distributed via RSA-OAEP-2048 DLMS/COSEM. A Shor quantum algorithm exposes keys of all 20M meters.
PQSL MQTT Protocol Handler at concentrator + PQSL Embedded-C in meter firmware. Keys distributed via ML-KEM-768 (certificate size ≈ 1.1 KB, acceptable for NB-IoT). Automatic semester-based key rotation.
Cross-border energy trading (European Day-Ahead Market)
Energy trader with direct access to EPEX SPOT + Nord Pool. 1M orders/day cross-border (DE, FR, NL, NO, DK).
FIX Protocol over TLS 1.2 with ECDH curves. Order traffic harvestable — 5 years later, reverse-engineer trading strategies.
PQSL Secure Channel terminating TLS at the edge; PQC re-handshake with upstream ENTSO-E endpoints. Migration Scanner confirms zero classical-crypto dependency in FIX stack.
Reference architecture
1. Field devices
PQSL Embedded-C in RTU/smart-meter firmware (Cortex-M0+/M4, ESP32).
2. Concentration
PQSL MQTT/ZeroMQ/Modbus Handlers at concentrators and RTU gateways.
3. SCADA core
PQSL Spring/ASP.NET middleware in SCADA / EMS / MDM backends.
4. Trading floor
PQSL Secure Channel overlay on FIX / MADES traffic.
5. Long-term archive
PUCE Archive for SCADA history (NERC CIP-011 3-year retention).
Applicable PosQuantum products
Regulatory compliance covered
RTU or smart-meter renewal in the next 24 months?
Specify PQC right in the Request-for-Proposal — we provide a technical checklist and IEC 62443-compliant spec ready to use.