SECTOR: OT-TOOLS
IEC 62443 / IEC 62351
SYS: QSECDEF-TOOLS
STATUS: ACTIVE
OT Security Teams · Free Tool

OT Protocol Quantum
Vulnerability Scanner

Select the OT communication protocols deployed in your network. The tool identifies which protocols use classical asymmetric cryptography that a cryptographically relevant quantum computer would break, maps the specific vulnerable cryptographic functions, and returns the available migration pathway for each protocol. No account required. Protocol selections are not stored.

Browser-only. Protocol selections are not stored. 12 OT protocols, two exposure classes Per-protocol algorithm identification Version and variant granularity IEC 62443, NERC CIP, NIS2, EU CRA panels
OT Security Engineers · Plant Managers · Industrial Architects
About this tool

OT communication protocols were designed for reliability and determinism in industrial environments, not for cryptographic agility. Many protocols that added security extensions over the past decade did so using classical asymmetric cryptography: elliptic curve Diffie-Hellman for key exchange, ECDSA for digital signatures, RSA for certificate signing. Shor's algorithm, running on a sufficiently capable quantum computer, breaks all three of these functions by solving the discrete logarithm and integer factorisation problems in polynomial time. This tool maps each of the twelve most widely deployed OT protocols to its cryptographic profile, identifies the specific functions that are quantum-vulnerable, and returns the available migration pathway from hybrid TLS key exchange extensions to PQC certificate replacement. Protocols with no native cryptography are assessed separately: they carry no direct quantum exposure at the protocol layer, but they present current-day interception risks that network segmentation and cryptographic gateway deployment can address. Regulatory context is generated from your country and sector: IEC 62443 Foundational Requirements, NERC CIP obligations, NIS2 Article 21(2)(h), and EU Cyber Resilience Act Annex I Section 1(3)(c) are presented as applicable. Country, sector, and protocol class counts are recorded anonymously. Individual protocol selections, company names, and personal data are not stored.

Important Information / Data Disclosure

What is stored: The following information is recorded anonymously to support industry benchmarking: country (ISO code), sector (enum value), and protocol selection summary (count per exposure class, not individual protocol names). No personal data, company name, IP address, or individual protocol details are stored. Timestamps are recorded at weekly granularity only.

What is not stored: Your name, company, email, individual protocol selections, and all other per-protocol inputs remain in your browser only. They are never transmitted to any server. The PDF report is generated entirely in your browser.

Disclaimer: This tool is a self-assessment aid. It is not a compliance attestation or security audit. Protocol vulnerability data reflects the published state of each protocol specification and available PQC migration guidance as of 2026-04-03. Verify against current published standards and vendor documentation before making investment decisions.

Protocol Vulnerability Assessment
Select your location, sector, and OT protocols to generate a vulnerability assessment with migration pathways.
Step 1 of 3: Your Location 0%
Step 1 of 3: Your Location
Which country is your OT network located in?
Country is used to determine which regulatory standards apply to your network and to generate relevant compliance context on your results page. It does not affect the vulnerability profile of the protocols you select.
Auto-detected from connection. Change if needed.
The following information is recorded anonymously to support industry benchmarking: country (ISO code), sector (enum value), and protocol selection summary (count per exposure class, not individual protocol names). No personal data, company name, IP address, or individual protocol details are stored. Timestamps are recorded at weekly granularity only. Country is detected automatically from your connection and may be changed here.
Step 2 of 3: Industry Sector
Which industrial sector does your OT network serve?
Sector determines which regulatory frameworks are shown on your results page. Some protocols are more prevalent in specific sectors: IEC 61850 is predominant in energy and utilities; PROFIBUS is common in manufacturing and chemical processing. Sector selection populates the relevant compliance context on your results page.

The Industry selection is required and recorded anonymously. Your industry may impact your score. Be sure to choose your nearest industry category.

Step 3 of 3: Protocol Selection
Which OT communication protocols are deployed in your network?
Select all protocols present in your network. Where a protocol has both a base (unauthenticated) variant and a secured variant, select the variant you have deployed. If both are present in different parts of your network, select both. Results are generated for every protocol you select.
Class A Quantum-Vulnerable Protocols with Classical Asymmetric Cryptography
These protocols use classical asymmetric cryptography (RSA, ECDSA, or ECDH) for key exchange, device authentication, or digital signatures. A cryptographically relevant quantum computer running Shor's algorithm would break these functions. Select the specific version or variant deployed in your network.
OPC UA
IEC 61850
PROFINET (with Security Class)
EtherNet/IP with CIP Security
MQTT v5 (with TLS)
Class B No Native Crypto Protocols Without Native Cryptography
These protocols do not include built-in encryption or cryptographic authentication. They carry no direct quantum exposure at the protocol layer, but they present a separate risk: network traffic is in plaintext and vulnerable to interception today. Migration pathways focus on overlay security rather than protocol-layer crypto replacement.
Individual protocol selections are not stored. Only the count of Class A and Class B protocols selected is recorded anonymously for benchmarking.