DOI:
https://doi.org/10.14483/22487638.24853Publicado:
01-06-2025Número:
Vol. 30 Núm. 88 (2026): Abril - JunioSección:
RevisiónCiberseguridad cuántica en sistemas ciberfísicos e infraestructuras críticas: un estado del arte
Quantum Cybersecurity in Cyber-Physical Systems and Critical Infrastructures: A State of the Art
Palabras clave:
Cybersecurity, Critical Infrastructures, Cyber-physical systems, Quantum (en).Palabras clave:
Ciberseguridad, Cuántica, Infraestructuras Críticas, Sistemas ciber-físicos (es).Descargas
Resumen (es)
Contexto: este artículo presenta la creciente vulnerabilidad de los sistemas ciberfísicos en las infraestructuras críticas, producto del avance de la computación cuántica. Esta tecnología pone en entredicho los esquemas actuales de criptografía y coloca en riesgo servicios como la energía, la salud y otros esenciales para la sociedad.
Objetivo: caracterizar los estándares, marcos de trabajo y las vulnerabilidades emergentes encontradas en estudios científicos publicados en el período 2020-2025.
Metodología: marco metodológico basado en una revisión sistemática de la literatura, utilizando los protocolos PRISMA y Kitchenham. A través de este método, se eligieron un total de 40 estudios primarios.
Resultados: la revisión evidencia que, aunque normativas como ISO/IEC 27001 e IEC 62443 son ampliamente adoptadas, carecen de medidas de control específicas frente a amenazas cuánticas como los algoritmos de Shor y Grover. Asimismo, se identificó una desconexión entre los modelos taxonómicos actuales y la protección técnica de activos operativos.
Conclusiones: la investigación concluye que existe una urgencia por integrar la criptografía postcuántica y desarrollar marcos de gobernanza adaptativa que fortalezcan la resiliencia en las infraestructuras críticas. Finalmente, se propuso una hoja de ruta para la creación de modelos ontológicos que unifiquen la gestión de riesgos en esta era tecnológica.
Resumen (en)
Context: This article presented the growing vulnerability of cyber-physical systems (CPS) in critical infrastructures resulting from the advancement of quantum computing. This technology challenges current cryptographic schemes and puts services such as energy, healthcare, and other essential social sectors at risk.
Objective: The goal was to characterize the standards, frameworks, and emerging vulnerabilities found in scientific studies published during the 2020-2025 period.
Methodology: The study was conducted through a methodological framework based on a systematic literature review using the PRISMA and Kitchenham protocols. Through this method, a total of forty primary studies were selected. Results: The analysis evidenced that , although standards such as ISO/IEC 27001 and IEC 62443 are widely adopted, they lack specific control measures against quantum threats such as the Shor and Grover algorithms. Furthermore, a disconnection was identified between current taxonomic models and the technical protection of operational assets.
Conclusions: The research concluded that there is an urgent need to integrate post-quantum cryptography and develop adaptive governance frameworks to strengthen resilience in critical infrastructures. Finally, a roadmap was proposed for the creation of ontological models to unify risk management in this technological era.
Referencias
[1] A. Pinto, L. C. Herrera, Y. Donoso, and J. A. Gutierrez, "Enhancing critical infrastructure security: Unsupervised learning approaches for anomaly detection," Int. J. Comput. Intell. Syst., Dec. 2024. https://doi.org/10.1007/s44196-024-00644-z.
[2] M. Habibul Arif, H. Rahman Rabby, N. Yasmin Nadia, M. Iftekhar Monzur Tanvir, and A. Al Masum, "AI-driven risk assessment in national security projects: Investigating machine learning models to predict and mitigate risks in defense and critical infrastructure projects," J. Comput. Sci. Technol. Stud., 2025. https://doi.org/10.32996/jcsts
[3] M. T. Islam, M. R. Mission, T. K. Refat, and M. Kynatun, “Cybersecurity Risk Assessment Frameworks For Engineering Databases: A Systematic Literature Review”, SDMI, vol. 2, no. 01, pp. 224–243, Feb. 2025. https://doi.org/10.71292/sdmi.v2i01.22 .
[4] M. Ekerå, "On post-processing in the quantum algorithm for computing short discrete logarithms," Des. Codes Cryptogr., vol. 88, no. 11, pp. 2313–2335, Nov. 2020. https://doi.org/10.1007/s10623-020-00783-2
[5] M. J. Page et al., "The PRISMA 2020 statement: An updated guideline for reporting systematic reviews," BMJ, vol. 372, art. n71, Mar. 2021. https://doi.org/10.1136/bmj.n71
[6] B. Kitchenham and P. Brereton, "A systematic review of systematic review process research in software engineering," Inf. Softw. Technol., vol. 55, no. 12, pp. 2049–2075, Dec. 2013. https://doi.org/10.1016/j.infsof.2013.07.010
[7] L. Liyanage, N. A. G. Arachchilage, and G. Russello, "SoK: Identifying limitations and bridging gaps of cybersecurity capability maturity models (CCMMs)," arXiv preprint arXiv:2408.16140, 2024. [Online]. Available: https://arxiv.org/abs/2408.16140
[8] S. Mohanan and N. Parameswaran, "FINER criteria – What does it mean?" Cosmoderma, vol. 2, art. 115, Nov. 2022. https://doi.org/10.25259/csdm_123_2022
[9] S. Islam, D. Javeed, M. S. Saeed, P. Kumar, A. Jolfaei, and A. K. M. N. Islam, "Generative AI and cognitive computing-driven intrusion detection system in industrial CPS," Cognit. Comput., vol. 16, no. 5, pp. 2611–2625, Sep. 2024. https://doi.org/10.1007/s12559-024-10309-w
[10] A. AlHarmali, S. Ali, W. Aman, and O. Hussain, "Cyber risk assessment for cyber-physical systems: A review of methodologies and recommendations for improved assessment effectiveness," in Proc. Comput. Sci. Inf. Technol. (CS & IT), AIRCC, Aug. 2024, pp. 77–94. https://doi.org/10.5121/csit.2024.141608
[11] A. Budžys, O. Kurasova, and V. Medvedev, "Deep learning-based authentication for insider threat detection in critical infrastructure," Artif. Intell. Rev., vol. 57, no. 10, art. 263, Oct. 2024. https://doi.org/10.1007/s10462-024-10893-1
[12] A. Akbarzadeh and S. K. Katsikas, "Dependency-based security risk assessment for cyber-physical systems," Int. J. Inf. Secur., vol. 22, pp. 563–578, Jun. 2023. https://doi.org/10.1007/s10207-022-00608-4
[13] B. G. de Soto, A. Georgescu, B. Mantha, Ž. Turk, A. Maciel, and M. S. Sonkor, "Construction cybersecurity and critical infrastructure protection: New horizons for construction 4.0," J. Inf. Technol. Constr., vol. 27, pp. 571–594, 2022. https://doi.org/10.36680/j.itcon.2022.028
[14] S. Berríos, F. Alonso, B. Gana, and S. Contreras, "Advances and strategies in quantum computing integration for cybersecurity: A systematic literature review," in Commun. Comput. Inf. Sci., Springer, 2025, pp. 269–282. https://doi.org/10.1007/978-3-031-84078-4_19
[15] D. Silva and R. Núñez, “Exploración de las posibilidades de la computación cuántica para la criptografía,” CIENCIA INTELIGENTE, vol. 1, no. 2, pp. 35–53, 2023, Accessed: May 27, 2026. [Online]. Available: https://cienciainteligente.com/index.php/CIN/article/view/16
[16] S. Narula, M. Ghasemigol, J. Carnerero-Cano, A. Minnich, E. Lupu, and D. Takabi, "Exploring AI security: A systematic mapping study," IEEE Access, 2025. https://doi.org/10.1109/ACCESS.2025.3567195
[17]Í. Oliveira et al., “An Ontological Model of the Phishing Attack Process,” Lecture Notes in Business Information Processing, pp. 274–289, 2025, https://doi.org/10.1007/978-3-031-95397-2_17
[18] S. Dash, H. Seker, and M. Shahpasand, "From data to defense: How ontology fuels AI in cyber threat detection," in Proc. 8th Int. Conf. Adv. Artif. Intell. (ICAAI 2024), ACM, Mar. 2025, pp. 121–133. https://doi.org/10.1145/3704137.3704176
[19] B. Cinar, "Supply chain cybersecurity: Risks, challenges, and strategies for a globalized world," J. Eng. Res. Rep., vol. 25, no. 9, pp. 196–210, Oct. 2023. https://doi.org/10.9734/jerr/2023/v25i9993
[20] R. Ghosh, von Stockhausen, M. Schmitt, G. M. Vasile, S. K. Karn, and O. Farri, “CVE-LLM : Ontology-Assisted Automatic Vulnerability Evaluation Using Large Language Models,” arXiv.org, 2025. https://doi.org/10.48550/arXiv.2502.15932
[21] U. Ullah, M. Haleem, and A. Ullah, "OntoSecAI: Ontology-driven security automation for AI-enabled systems," PLOS ONE, vol. 20, no. 12, art. e0337806, Dec. 2025. https://doi.org/10.1371/journal.pone.0337806
[22] Y. Guan, Y. Zhang, J. Yue, Y. Lu, and Y. Xie, "Enhancing cybersecurity situation awareness through knowledge graphs: An integrated survey including threats, vulnerabilities, and assets," SSRN, preprint, 2025. [Online]. Available: https://ssrn.com/abstract=5221263
[23] U. O. Obonna et al., "Detection of man-in-the-middle (MitM) cyber-attacks in oil and gas process control networks using machine learning algorithms," Future Internet, vol. 15, no. 8, art. 280, Aug. 2023. https://doi.org/10.3390/fi15080280
[24] S. Amador Donado, C. J. Pardo Calvache, and R. Mazo Peña, "Revisión preliminar: ciberseguridad para tecnología de la operación en la era cuántica contra ataques de red a infraestructuras críticas," Rev. INGE CUC, vol. 20, no. 2, 2024.
[25] W. F. Borja Rivadeneira y O. S. Gómez Gómez, «Cybersecurity Ontologies: A Systematic Literature Review», ReCIBE, vol. 9, n.º 2, pp. C2–18, mar. 2021 https://doi.org/10.32870/recibe.v9i2.181.
[26] M. Plachkinova and A. Vo, "A taxonomy for risk assessment of cyberattacks on critical infrastructure (TRACI)," Commun. Assoc. Inf. Syst., vol. 52, art. 2, 2023. https://doi.org/10.17705/1cais.05202.
[27] B. F. Martins et al., “A framework for conceptual characterization of ontologies and its application in the cybersecurity domain,” Software and Systems Modeling, vol. 21, no. 4, pp. 1437–1464, July 2022, https://doi.org/10.1007/s10270-022-01013-0
[28] O. Kozlenko, "Example of fuzzy ontology usage for risk assessment and attack impact," Theor. Appl. Cybersecur., vol. 6, no. 1, 2024. https://doi.org/10.20535/tacs.2664-29132024.1.312677
Cómo citar
APA
ACM
ACS
ABNT
Chicago
Harvard
IEEE
MLA
Turabian
Vancouver
Descargar cita
Licencia
Derechos de autor 2026 Katerine Marceles Villalba , César Pardo Calvache, Siler Amador Donado
Esta obra está bajo una licencia internacional Creative Commons Atribución-CompartirIgual 4.0.
Esta licencia permite a otros remezclar, adaptar y desarrollar su trabajo incluso con fines comerciales, siempre que le den crédito y concedan licencias para sus nuevas creaciones bajo los mismos términos. Esta licencia a menudo se compara con las licencias de software libre y de código abierto “copyleft”. Todos los trabajos nuevos basados en el tuyo tendrán la misma licencia, por lo que cualquier derivado también permitirá el uso comercial. Esta es la licencia utilizada por Wikipedia y se recomienda para materiales que se beneficiarían al incorporar contenido de Wikipedia y proyectos con licencias similares.
