Introduction

The UK transport sector relies on digital trust to operate safely. Rail signalling, airport operations, connected highways, ticketing services, and mobility platforms all use cryptography to protect communication and verify identity. Today, this security is largely based on algorithms that could, in time, be weakened or rendered ineffective by advances in quantum computing.

While quantum-capable adversaries are not yet widespread, the risk is forward-looking. Data intercepted today could be decrypted later, and systems upgraded in the future may struggle to transition if the foundations of PKI and certificate management are not prepared in advance.

This is why organisations responsible for critical transport infrastructure should begin planning for quantum-safe PKI.

‍

Why Quantum Computing Affects PKI and CLM

Most digital certificates and encryption rely on algorithms such as RSA and ECC. Quantum computing has the potential to break these through new mathematical capabilities. This creates two related risks:

• Long-lived systems and data could be compromised in the future
• Transitioning to new cryptographic standards may be complex and time critical

Transport infrastructure—much of which is intended to operate for decades—is particularly exposed.

‍

What Quantum-Safe Cryptography Means for Transport Operators

Quantum-safe (also called post-quantum) cryptography refers to cryptographic algorithms designed to remain secure against quantum attacks. For transport organisations, becoming quantum-safe means:

• Being able to identify where current cryptography is used
• Understanding which systems and certificates require replacement
• Preparing PKI and CLM platforms to support new cryptographic standards
• Ensuring suppliers and technology partners can align to the same transition

The change will not be a single event. It will be multi-year and sector-wide.

‍

Where Quantum Risk Appears in Transport Environments

Quantum-vulnerable cryptography may be present in:

• Rail signalling systems and ETCS components
• Airside communication and radar authentication systems
• Smart motorway and connected vehicle platforms
• Public transport ticketing, passenger data, and mobility APIs
• Operational technology controlling tunnels, bridges, and safety systems
• Cloud platforms and identity providers integrated with transport services

Because certificates underpin these functions, CLM visibility is a critical dependency.

‍

Why CLM Is Essential for a Quantum-Safe Transition

Certificate Lifecycle Management provides the structure needed to manage cryptographic change. Its role includes:

• Discovering all certificates and cryptographic dependencies
• Identifying algorithms, key lengths, expiry dates, and trust chains
• Supporting large-scale certificate replacement across distributed systems
• Enabling staged adoption and testing of quantum-safe algorithms
• Preventing outages during the transition period

Without CLM, quantum migration becomes significantly harder to coordinate and verify.

‍

Recommended First Steps for UK Transport Organisations

Transport operators, authorities, and suppliers can begin preparation through steps such as:

• Conduct a cryptographic inventory, including PKI dependencies
• Assess which systems and suppliers will require cryptographic upgrades
• Extend PKI and CLM governance to include quantum-safe policy planning
• Evaluate platforms for support of hybrid or post-quantum algorithms
• Establish vendor alignment for long-term cryptographic interoperability

Planning now reduces future disruption and avoids rapid, reactive change.

‍

Strategic Benefits of Early Preparation

Early quantum-safe planning supports:

• Protection of long-lived operational data and safety information
• Stronger compliance positioning for emerging regulatory expectations
• Lower transition cost through phased implementation
• Reduced operational and reputational risk during cryptographic change
• Confidence in future connected infrastructure and mobility capabilities

Organisations that delay preparation may face more costly, complex, and urgent upgrades.

‍

The Role of Unsung Ltd

Unsung Ltd supports quantum-safe planning for transport organisations through:

• Cryptographic and certificate inventory assessments
• PKI and CLM platform design for hybrid and post-quantum algorithms
• Governance and policy frameworks for secure transition planning
• Multi-vendor trust and interoperability support
• Roadmaps tailored to transport infrastructure and long-lifecycle systems

The objective is to establish long-term digital trust that remains resilient as cryptography evolves.

‍

Conclusion

Quantum computing changes the long-term security landscape for critical infrastructure. Transport organisations, responsible for services that underpin national mobility and economic stability, cannot wait until quantum attacks are already possible. By strengthening PKI foundations and preparing CLM for cryptographic transition, operators can protect future transport systems and maintain digital trust.

The time to plan for quantum-safe PKI is now.

‍