DEP – Deployment of Post Quantum Cryptography in systems in industrial sectors

Between the Deployment Actions in the area of Cybersecurity (DIGITAL-ECCC-2024-DEPLOY-CYBER-06) we found this call for the Deployment of Post Quantum Cryptography in systems in industrial sectors
Call for Proposal Grant.
Programme: Digital Europe Programme (DIGITAL).
Status: Open for submission.
Expected Outcome:
Outcomes and deliverables
  • PQC system validation and PQC technology ready for wide-spread deployment in given industrial sectors
  • Long-term protection of critical assets, long-term information security, and operational continuity in the advent of quantum computers
  • Migration checklists and plans for PQC in sectors where this has not yet occurred.
The objective is to enable the adoption of PQC in industrial sectors like automotive, automation, finance, control systems or energy. The overarching aim is to seamlessly integrate PQC systems, equipment, components, protocols, and network technologies into existing digital security and communication networks.
Proposals should focus on the integration of a standardised PQC protocol into the digital security and communication networks in the automotive, automation, finance, or energy sector, while taking into account specific needs of the sector, such as necessary keys strength and keys management. Proposals should cover the development or adaptation of the required software/hardware and the validation of the solution in a large-scale demonstrator. This includes creating an inventory of assets requiring protection with a quantified level of risk, a migration plan for both the migrating entities and their suppliers and customers, taking into account data protection policies, contributing to the development of standards and certification. Successful consortia are expected to raise awareness on the need to transition to PQC and share their experience and best practice.
This action aims at the creation of a technology that will be used to protect the cybersecurity of critical industrial assets with a new paradigm that is set to be a game changer in encryption. The control of such tools is of utmost importance for governments and industry alike, as malicious actors could exploit them. As such, they must be protected against possible dependencies and vulnerabilities in cybersecurity to pre-empt foreign influence and control. Participation of non-EU entities entails the risk of highly sensitive information about security infrastructure, risks and incidents being subject to legislation or pressure that obliges those non-EU entities to disclose this information to non-EU governments, with an unpredictable security risk. Therefore, based on the outlined security reasons, the actions relating to these technologies are subject to Article 12(5) of Regulation (EU) 2021/694.
€22 250 000