A 2026 Pilot in Bitterfeld

Mansfeld-Südharz, Germany - November 15, 2025

Replacing RSA hand-shakes inside sulphur-scented control rooms without touching the sulphur itself

The first time we mentioned “lattice-based key encapsulation” to the maintenance crew at the old chlor-alkali plant, the shift foreman laughed so hard he dropped his coffee on the SCADA keyboard. Six months later the same crew is running a live Kyber-768 tunnel between a Schneider M580 and a Siemens S7-410 without lifting either unit out of its 1989 rack. The pilot, scheduled to go live across five county chemical SMEs in Q2 2026, is not a science fair; it is a dress rehearsal for the day—estimated between 2029 and 2033—when a sufficiently large fault-tolerant quantum computer exists to break the 2048-bit RSA that currently protects every recipe, set-point and safety interlock in the plant. Our job is to prove that the remedy can be injected like a vaccine: small dose, no downtime, and antibodies that still recognise the legacy wiring.

The chemistry analogy is more precise than poetic. A chlor-alkali electrolyser runs because a selectively permeable membrane keeps chlorine away from the hydrogen stream; if the membrane degrades, the plant explodes. Post-quantum migration works the same way: we slide a new cryptographic membrane between the control network and the enterprise network while leaving the process layer untouched. The trick is to make the membrane look like the old one on the outside—same X.509 v3 envelope, same 4-byte TCP header—so that PLCs, historians and operator stations continue to parse packets they have understood since the Berlin Wall fell. Inside the envelope we replace the RSA handshake with Kyber-768 and the ECDSA signature with Dilithium-3, both algorithms selected by NIST in July 2022 and already reference-implemented in the German BSI technical guideline BSI-TR-03146-1. The only hardware addition is a DIN-rail appliance the size of a paperback that speaks Modbus-TCP on one side and TLS-1.3-with-Kyber on the other; it learns the existing tag table by passive mirroring, so no ladder logic is rewritten and no safety function is re-certified.

Latency was the first scare story. A batch reactor that converts phenol to bisphenol-A needs to close its cooling valve within 180 milliseconds of a temperature alarm; add too much crypto overhead and the batch turns into a polymer brick. Our measurements on a live 10 Mbit/s fieldbus show that the Kyber encapsulation adds 4.3 milliseconds on a Cortex-M7 running at 400 MHz, well inside the 20 ms safety margin the plant already carries for network jitter. The bigger psychological hurdle was deterministic randomness: operators who have spent twenty years trusting the entropy of a single HMAC now watch a lattice-based algorithm generate ephemeral keys every fifteen minutes. We solved that by publishing the randomness seed together with the membrane’s health status on a local NTP-synchronised dashboard; if the seed entropy drops below 220 bits, the appliance falls back to classical ECDH and raises a maintenance flag. The fallback keeps the plant legal under the current BSI baseline while giving the crew a visible reason to schedule a firmware update instead of a panic shutdown.

Budget discipline shaped every design choice. A typical county chemical SME employs 180 people and allocates roughly 90 000 € per year for IT/OT security. Replacing every intelligent electronic device with quantum-safe variants would consume seven years of that budget, so the pilot instead spends 12 000 € on three retrofit appliances and 8 000 € on twenty hours of systems-integrator labour—less than the cost of a single shutdown caused by a ransomware demand. The money comes from the county’s EFRE digital-safeness pot, which covers 80 % of eligible expenditure, leaving the plant with a co-payment smaller than its annual valve-grease line item. Because the appliance ships with an open-source attestation token, the auditor can verify cryptographic posture without touching the process, eliminating the need for a full IEC-61511 re-certification that would otherwise dwarf the hardware price.

"Quantum-proofing a plant should feel like changing a filter: routine, silent, and boring enough that nobody names a project after it."

Compliance mapping was knitted into the code before the first compile. The appliance embeds a tiny CA that issues short-lived Dilithium certificates tagged with the EU NIS2 incident-classifier ontology; if the plant is ever breached, the log entries automatically carry the correct taxonomy for the German CIR report, shaving hours off the statutory four-hour notification window. The same CA can cross-sign legacy RSA certificates, so the enterprise layer—SAP, laboratory LIMS, even the forklift tablets—continues to trust traffic from the control layer without a forklift upgrade. That backwards compatibility is what turns post-quantum from a research trophy into a maintenance routine: operators swap a DIN-rail box during their next scheduled electrical inspection, and the plant emerges immune to Shor’s algorithm without ever declaring a cybersecurity project to the board.

The pilot’s success metric is delightfully low-key: by December 2026 every participating plant must have carried out a full production cycle—chlorine, caustic, solvents, resins—while encrypted entirely with Kyber/Dilithium, and no operator may notice a difference unless told. If the temperature trend curves, batch yields and energy-per-tonne figures remain inside the six-sigma bands established during the 2024 baseline, the migration is declared invisible and therefore successful. Failure is defined not by crypto breakage but by any statistically significant drift in process capability, a concession that makes quantum safety look like a quality-assurance upgrade rather than a disruptive revolution. The first silent cycle was achieved last week at a specialty resin maker whose biggest customer is a major automotive OEM; the plant manager’s only comment was that the new box’s LEDs are quieter than the old Cisco switch, a verdict we immediately engraved on the pilot’s definition of done.

Scaling beyond the county will follow the same membrane philosophy. We have pre-negotiated a framework contract with three German enclosure manufacturers who will ship the DIN-rail appliance as a catalog item priced at 3 800 € list, and the open-source firmware is already mirrored by the German National Research and Education Network so that any plant engineer can reflash it without signing an NDA. By 2028 the goal is to have two hundred chemical and pharmaceutical sites across the EU running quantum-safe tunnels without ever declaring a “post-quantum programme,” because the upgrade will be indistinguishable from replacing a relay or calibrating a sensor. When the finally large enough quantum computer does appear, the county’s plants will simply keep shipping caustic soda and polycarbonate, unaware that the cryptographic membrane protecting their recipes was swapped out years earlier during a routine maintenance shift.

The Cyber Resilience Alliance is a public-private partnership established 2025, led by CypSec, Validato and the County of Mansfeld-Südharz. The Alliance operates a sovereign private-cloud security stack, a shared SOC and an cyber academy, aiming to make Mansfeld-Südharz the reference site for rural cyber resilience by 2030.

Media Contact: Daria Fediay, Chief Executive Officer at CypSec - daria.fediay@cypsec.de.