Antagonistic Differential Game of Critical Infrastructure Migration Management to Post-Quantum Cryptography Under HNDL Conditions

Abstract

Advances in quantum computing have created a serious threat to modern asymmetric cryptosystems protecting heterogeneous critical information infrastructures (CIIs). During this transition period, the primary threat is the “Harvest Now, Decrypt Later” (HNDL) temporal strategy of attackers, which requires the forced migration of CIIs to post-quantum cryptography (PQC) algorithms. However, such migration is associated with nonlinear “technological friction.” This will manifest as a drop in the performance of legacy systems, such as SCADA. In the context of deep cross-industry integration, this can trigger avalanche-like cascading CII failures. This article presents a model of a zero-sum differential game between a CII defender and an attacker (APT group). Using Pontryagin’s maximum principle and the Forward–Backward Sweep Method (FBSM) iterative algorithm, a saddle point was found that determines the equilibrium trajectories of limited resource allocation over a given planning horizon for the CII transition to PQC. The results of the computational experiment demonstrated that isolated sectoral migration is ineffective. It is shown that optimal control requires cross-sector synchronization to prevent cascading degradation of the CII. The proposed mathematical framework provides a practical toolkit for strategic IT budget planning and national security risk management in anticipation of quantum supremacy (Q-Day).

1. Introduction

In developed countries, critical information infrastructures (CIIs), including energy systems, financial networks, transportation, communications, and government services, ensure the resilience and security of government and society. Advances in quantum computing technologies have created a new threat landscape for CIIs. The approach of “Q-Day,” the moment when quantum supremacy sufficient to implement Shor’s algorithm and crack modern asymmetric cryptosystems is achieved, has transformed the threat of global data compromise from hypothetical to practically inevitable [1]. The “Harvest Now Decrypt Later” (HNDL) [2] temporal strategy, used by the cyberattackers on CIIs, has found its niche during the transition period. Within this paradigm, attackers, primarily APT groups [3,4], carry out preemptive interception and accumulation of encrypted traffic for subsequent retrospective decoding after hardware implementation of a full-scale quantum computer.

Protecting CII from HNDL attacks requires accelerated migration to post-quantum cryptography (PQC) algorithms [5]. However, the process of implementing PQC in distributed heterogeneous CII networks will not happen overnight. It is associated with significant “technological friction.” This friction consists essentially of a temporary reduction in the operational stability of legacy equipment, such as legacy SCADA systems—which are typical in many post-Soviet countries—degradation of communication channel capacity, and the risk of cascading failures in interdependent CII sectors. For the Republic of Kazakhstan (RK), this problem has acquired strategic significance. Kazakhstan’s economy depends on the smooth functioning of the energy and mining sectors, where legacy industrial controllers and SCADA systems have historically been highly prevalent. Given the accelerated pace of digitalization of public administration and the integration of financial services into a single system, Kazakhstan’s heterogeneous infrastructure is becoming an extremely vulnerable target for APT groups. Therefore, a preventive assessment of the risks of HNDL attacks and the development of a scientifically based migration plan to PQC is a matter of national security.

It is worth noting that the modern economy relies on the deep integration of critical infrastructures. Financial transactions are inextricably linked to telecommunications, and transportation and logistics networks are critically dependent on uninterrupted power supplies. Implementing computationally intensive PQC algorithms in a single sector will inevitably increase local processor load and increase traffic processing latency. In the context of tight cross-industry interconnections, such localized “technological friction” could potentially trigger a domino effect. That is, a situation could arise where a resource shortage in one node leads to an avalanche-like degradation and cascading failures of related government and economic services. The mathematical model presented in this paper is based on the concept of a confrontation between two intelligent agents—a CII defender and an attacker. This poses an optimization problem for allocating limited resources in the face of active countermeasures. The defender seeks to minimize systemic damage and the costs of forced implementation of CII protection. At the same time, the attacker seeks to maximize CII losses while minimizing its own costs on interception infrastructure. The dynamics of this conflict unfold on a directed graph of interdependent CII nodes. This article examines the interaction between the parties as a zero-sum differential game over a given planning horizon for the CII transition to PQC. The aim of the study is to synthesize optimal controls for both sides of the conflict that form a saddle point, which will allow the development of strategies for CII migration to PQC, taking into account the risk of cascading failures and limitations on computing resources.

2. Statement of the Problem

The challenge of protecting CII from quantum threats boils down to resolving the fundamental contradiction between the requirements of cryptographic security and operational resilience in heterogeneous networks. The temporal HNDL strategy implemented by APT groups requires the defender to deploy PQC algorithms as quickly as possible before the moment of quantum supremacy (i.e., Q-Day). Forced migration to computationally intensive PQC algorithms will cause “technological friction,” in other words, overloading legacy equipment, such as SCADA systems, and degrading communication channels. Due to the deep integration of CII sectors (finance, telecommunications, energy, etc.), a local resource shortage during an upgrade of one node can trigger a domino effect and cascading failures of related services. Consequently, a conflict arises under resource constraints. The defender must find a time-optimal resource allocation strategy for migrating nodes to PQC, minimizing both the accumulation of intercepted data by the attacker and the risk of its own cascading failures. In turn, the attacker adjusts the intensity of traffic interception, maximizing damage to the CII while minimizing its own costs.

Ultimately, the scientific problem consists of finding equilibrium strategies in an antagonistic differential zero-sum game that will allow managing the process of CII migration to PQC, taking into account the nonlinear dynamics of cascading failures and enemy activity over the entire planning horizon. It should be noted that the covert phase of traffic interception in the HNDL paradigm is not completely “invisible.” During the process of unauthorized data accumulation, the attacker inevitably generates specific digital traces—compromised access nodes, routing anomalies, etc. The current mathematical formulation abstracts from the stochastic nature of the detection of these artifacts. However, the integration of additional costs for threat hunting, i.e., proactive search for digital traces, into the defender’s functionality creates a promising vector for expanding the proposed game–theoretic apparatus in future research.

3. Review of Previous Research

Developing effective CII protection strategies in the context of the transition to PQC requires interdisciplinary analysis. An analysis of relevant research in recent years has allowed identifying several priority research areas that ultimately form the theoretical basis for this work.

Thus, the classical apparatus of multi-stage games is unable to satisfy the requirements for continuity and efficiency in the analysis of network attacks and CII protection [6]. To overcome these limitations, researchers are increasingly turning to differential game theory, which allows describing the processes of cybernetic confrontation over time [7]. Zero-sum differential game models have been successfully used by the authors [8] to analyze competition for limited network resources in the Industrial Internet of Things (PIoT), to develop optimal control strategies for FDI attacks and to assess the reliability of large-scale systems through the allocation of protective resources [9]. In particular, the works [10,11] proved the applicability of differential games for modeling variable strategies of cryptographic systems under quantum threats.

The advent of quantum computing has created a fundamental threat to modern asymmetric cryptosystems protecting CIIs. Researchers have noted that HNDL attacks target long-lived information, primarily intellectual property, financial data, and government secrets. The HNDL strategy poses a long-term hidden threat, as the “harvesting” phase can occur undetected and last for years [12,13].

The only reliable method of protecting against HNDL attacks is early migration to PQC. However, the implementation of standardized algorithms, such as Kyber [14] or Dilithium [15], is associated with significant technological friction. PQC algorithms require more memory, longer keys, and are characterized by high computational costs, which creates critical delays [16,17]. This problem is particularly acute for legacy industrial automation (SCADA) and operational technology (OT) systems [18], where existing standards such as AGA-12 have already been recognized as vulnerable [19]. Experts emphasize that PQC migration is not simply a software update, but a systemic transformation that requires synchronization of the entire system to prevent failures in resource-intensive nodes [20,21].

It should be noted that modern CIIs operate as deeply integrated, i.e., heterogeneous networks [22]. A failure in a single node can trigger a domino effect [23]. Redistribution of traffic or computing load in such networks leads to equipment overloads and cascading failures, threatening the entire system. Higher-order networks [24], high-level architecture (HLA) co-simulation methods [25], Markov chains [26], and dynamic recovery time prediction [27] are used to analyze these nonlinear processes. The studies analyzed have shown that even minor initial disturbances, such as a local shortage of processor time, can lead to a full-scale system collapse [28].

Despite the separate study of each area, the scientific literature lacks a mathematical framework that combines the temporal dynamics of the HNDL strategy, nonlinear “technological friction” during the forced implementation of PQC, and the risk of cascading failures into a single optimization problem. This paper aims to fill this gap by proposing a model of a zero-sum differential game that ultimately allows finding a saddle point and develops an optimal resource allocation strategy for the CII defender during the transition period of CIIs to PQC.

4. Methods and Models

The mathematical model is based on the concept of a confrontation between two intelligent agents. The first is the defender of the critical infrastructure. The second is the attacker. The confrontation takes place on a directed graph of the critical information infrastructure (CII). The graph consists of interdependent nodes.

Let us define the phase space of the system $X\left(t\right)\in {\mathbb{R}}^{2N}$. For each node $i\in 1,\dots ,N$ let introduce two state variables: $S_i\left(t\right)\in \left[0,K_i\right]$ is the level of operational stability of the $i$-th sector, where $K_i$ is design (i.e., ideal) throughput and $H_i\left(t\right)\ge 0$ is the amount of sensitive data accumulated by the adversary as part of the HNDL temporal strategy.

Within the framework of the model, we control the system through two vectors of influences:

$u_i\left(t\right)\in \left[0,u_{max}\right]$ is the defender control that determines the intensity of migration of the i-th node to PQC algorithms.

$v_i\left(t\right)\in \left[0,v_{max}\right]$ is the attacker control, determining the intensity of the allocation of computing and network resources by the APT group for the targeted interception of traffic in the $i$-th sector.

We will describe the dynamics of changes in the state of CII using a system of nonlinear differential equations (NDE):

$${\displaystyle \frac{d{S}_i}{dt}}={\alpha }_i{S}_i\left(1-{\displaystyle \frac{S_i}{K_i}}\right)-\sum _{j=1}^N{w}_{ij}\tilde{\Theta }\left(K_j^{crit}-S_j\right)-{\mu }_i{S}_i{u}_i^{{\theta }_i}-{\Omega }_i{H}_i\left(1-u_i\right)\Psi \left(\tau \right),$$

(1)

$${\displaystyle \frac{d{H}_i}{dt}}={\beta }_i{v}_i\left(t\right)S_i\left(1-u_i\right)-{\gamma }_i{u}_i{H}_i.$$

(2)

To close the mathematical model, system (1), (2) is supplemented with a vector of initial conditions at time $t=0$: $S_i\left(0\right)=S_{i,0},H_i\left(0\right)=H_{i,0}\forall i\in 1,\dots ,N$. In light of the subject area under study, the initial state $S_{i,0}\in \left(0,K_i\right]$ reflects the level of operational readiness of the $i$-th node before the start of the active phase of PQC implementation, and $H_{i,0}\ge 0$ characterizes the existing, i.e., basic volume of compromised data at the start of the simulation, in the particular case of ideal initial isolation $H_{i,0}=0$.

We emphasize that the choice of phenomenological functions in the system of differential Equations (1) and (2) in this study is based on empirical characteristics of the functioning of heterogeneous networks. It is also worth noting that the nonlinear term describing “technological friction” approximates the benchmarking results of candidate PQC algorithms. These are the aforementioned CRYSTALS-Kyber and Dilithium. Practical tests [14,15] have shown that as the share of protected traffic approaches 100%, the overuse of RAM and CPU time in controllers increases nonlinearly. In turn, replacing the discontinuous Heaviside function with a smooth sigmoid function for modeling cascading failures will not only ensure the required continuous differentiability for applying Pontryagin’s maximum principle but also physically reflect the inertia of the degradation of dependent network nodes. This conclusion is directly consistent with percolation and failure propagation models, in contrast to the assumption of instantaneous link failure.

The components of Equations (1) and (2) have the following meaning. The first term in Equation (1) $d{S}_i/dt$ describes the logistic self-healing of the system with a resilience coefficient ${\alpha }_i$. The second term models the cascading degradation of CII. To ensure model differentiability, the discontinuous Heaviside activation function is replaced with a smooth sigmoid activation function $\tilde{\Theta }\left(x\right)={\displaystyle \frac{1}{1+e^{-kx}}}$, where the parameter $k\gg 1$ specifies the steepness of the decline. The term ${\mu }_i{S}_i{u}_i^{{\theta }_i}$ in (1) reflects “technological friction.” This parameter assumes a nonlinear decline in the performance of legacy CII equipment with the forced implementation of PQC, i.e., ${\theta }_i>1$. The last term in (1) describes the instantaneous damage at the moment of quantum supremacy, i.e., Q-Day, where $\Psi \left(\tau \right)$ is the activation function of the quantum threat, and ${\Omega }_i$ is data criticality. The variable $\tau$ denotes the chronological time of the development of quantum technologies, synchronized with the modeling variable $t$. It is assumed that $\Psi \left(\tau \right)={\displaystyle \frac{1}{1+e^{-\nu \left(\tau -{\tau }_Q\right)}}}$, where ${\tau }_Q$ is expected moment of achieving cryptographically relevant quantum superiority, and the parameter $\nu$ specifies the steepness of the transition from the classical era to the era of quantum hacking. The multiplier $\left(1-u_i\right)$ implies that the destructive effect of decrypted data can only be realized in those CII segments that are not yet protected by post-quantum protocols at time ${\tau }_Q$.

Equation (2) for $d{H}_i/dt$ shows that the rate of accumulation of data by the adversary is proportional to the volume of traffic $S_i$, the intensity of the attack $v_i$, and the share of vulnerable channels $\left(1-u_i\right)$, while the rotation of post-quantum keys $u_i$ and the natural obsolescence of information ${\gamma }_i$ will lead to the depreciation of the accumulated base.

Note that the logistic growth in Equation (1) describes the natural recovery of the system. The nonlinear term ${\mu }_i{S}_i{u}_i^{{\theta }_i}$ formalizes the concept of “technological friction.” For the purposes of this study, technological friction is quantified as the cumulative throughput loss of a CII node. This loss is caused by computational overhead, increased network latency, and the need for packet fragmentation when implementing PQC, for example, when switching from classical algorithms to CRYSTALS-Kyber. The exponent ${\theta }_i>1$ reflects the empirical assumption that as the share of protected PQC traffic approaches 100%, the load on legacy controllers increases exponentially due to the nonlinear exhaustion of memory buffers and processor time. This formalization allowed taking into account the specifics of hardware limitations without going into micromodeling of individual CII network nodes.

We note that the choice of phenomenological functions in the system of differential equations is determined by the empirical characteristics of heterogeneous networks. The logistic recovery term ${\alpha }_i{S}_i\left(1-{\displaystyle \frac{S_i}{K_i}}\right)$ reflects the standard dynamics of IT service regeneration limited by network capacity. The specific form of “technological friction,” defined as ${\mu }_i{S}_i{u}_i^{{\theta }_i}$, approximates the benchmark results of NIST PQC candidate algorithms, in particular, CRYSTALS-Kyber and Dilithium. Empirical data showed that as the proportion of protected traffic $u_i$ approaches 100%, the memory and CPU overhead of legacy SCADA systems increases nonlinearly (${\theta }_i>1$) due to the exhaustion of hardware buffers. The Q-Day threat activation moment is modeled by a smooth sigmoid function rather than a stepwise jump. This mathematically reflects the probabilistic nature of achieving quantum supremacy and ensures continuous differentiability of the system for the correct operation of the forward–backward sequence model (FBSM).

We will consider the interaction between the parties as a zero-sum, antagonistic differential game. The parties pursue directly opposing goals over a given planning horizon $T$.

The defender seeks to minimize systemic damage and the costs of forced security implementation. At the same time, the attacker seeks to maximize CII losses while minimizing its own interception infrastructure costs. The integrated payment functionality $J\left(u,v\right)$ will take the following form:

$$J(u,v)={\int }_0^T\sum _{i=1}^N\left[Q_i(K_i-S_i{)}^2+{\displaystyle \frac{1}{2}}{R}_{ui}{u}_i^2-{\displaystyle \frac{1}{2}}{R}_{vi}{v}_i^2\right]dt+\sum _{i=1}^N{\displaystyle \frac{1}{2}}{F}_i(K_i-S_i\left(T\right){)}^2.$$

(3)

In (3) $Q_i$ is the weighting coefficient of the strategic importance of the CII sector. Parameters $R_{ui}$ and $R_{vi}$ are the specific costs of the defender and attacker resources, respectively. The multipliers $1/2$ are introduced for the mathematical convenience of subsequent differentiation. The terminal term $F_i$ penalizes the defender for the unacceptable state of the CII at the end of the planning horizon $T$.

The goal of solving the problem is to find such optimal strategies $u^{*}\left(t\right)$ and $v^{*}\left(t\right)$, that form a saddle point:

$$J\left(u^{*},v\right)\le J\left(u^{*},v^{*}\right)\le J\left(u,v^{*}\right).$$

For the analytical search for optimal controls, we apply Pontryagin’s maximum principle. We introduce vectors of conjugate variables ${\lambda }_i\left(t\right)$ and ${\eta }_i\left(t\right)$, which have the economic meaning of “shadow prices”—they show the marginal change in the objective functional for a small perturbation of operational stability and the volume of intercepted data, respectively.

Let us compose the Hamilton–Pontryagin function for our system:

$$\mathcal{H}={\sum }_{i=1}^N\left(Q_i(K_i-S_i{)}^2+{\displaystyle \frac{1}{2}}{R}_{ui}{u}_i^2-{\displaystyle \frac{1}{2}}{R}_{vi}{v}_i^2\right)+{\sum }_{i=1}^N{\lambda }_i{\dot{S}}_i+{\sum }_{i=1}^N{\eta }_i{\dot{H}}_i$$

(4)

Expanding the expressions for the derivatives, we obtain the complete Hamiltonian:

$$\begin{gathered} \mathcal{H}={\sum }_{i=1}^N[Q_i(K_i-S_i{)}^2+{\displaystyle \frac{1}{2}}{R}_{ui}{u}_i^2-{\displaystyle \frac{1}{2}}{R}_{vi}{v}_i^2+{\lambda }_i({\alpha }_i{S}_i\left(1-{\displaystyle \frac{S_i}{K_i}}\right)-{\sum }_{j=1}^N{w}_{ij}{\tilde{\Theta }}_j- \\ {\mu }_i{S}_i{u}_i^{{\theta }_i}-{\Omega }_i{H}_i\left(1-u_i\right)\Psi \left(\tau \right))+{\eta }_i\left({\beta }_i{v}_i{S}_i\left(1-u_i\right)-{\gamma }_i{u}_i{H}_i\right)]. \end{gathered}$$

(5)

According to the saddle point conditions, the optimal control of the defender must minimize the Hamiltonian ${\displaystyle \frac{\partial \mathcal{H}}{\partial u_i}}=0$. And the attacker’s control must maximize the Hamiltonian ${\displaystyle \frac{\partial \mathcal{H}}{\partial v_i}}=0$. To analytically confirm the existence of a saddle point, we check the fulfillment of local conditions of strict convexity–concavity of the Hamilton–Pontryagin function. The second derivative with respect to the control of the attacker ${\displaystyle \frac{{\partial }^2\mathcal{H}}{\partial v_i^2}}=-R_{vi}<0$ guarantees its strict concavity. In turn, the second derivative with respect to the control of defender is ${\displaystyle \frac{{\partial }^2\mathcal{H}}{\partial u_i^2}}=R_{ui}-{\lambda }_i{\mu }_i{\theta }_i\left({\theta }_i-1\right)S_i{u}_i^{{\theta }_i-2}>0$, since the shadow price of operational stability confirms strict convexity. Consequently, the controls $u_i^{*}$ and $v_i^{*}$ found from the stationarity conditions actually provide the Hamiltonian with a saddle point on a given set of admissible controls.

To rigorously justify the existence and uniqueness of a solution to the optimal control problem in saddle point form, we relied on an extended set of sufficient conditions. Satisfaction of the strengthened Legendre–Clebsch condition, i.e., strict concavity of the Hamiltonian with respect to the attacker’s control and strict convexity with respect to the defender’s control, guarantees the existence of a local extremum. However, the global correctness of the solution was ensured by an additional check of the Lipschitz property of the right-hand sides of the equations of state on a limited set of admissible phase coordinates. Moreover, for a rigorous justification of the terminal states in the differential game under consideration, the condition [10] was applied. It guarantees the absence of singular discontinuities of the adjoint variables at the right end of the trajectory $t = T$ in the presence of a terminal penalty. Fulfillment of this condition formally confirms the validity of using standard transversality equations when searching for Nash equilibrium in the class of software strategies.

Let us assume that the attacker’s strategy is $v_i^{*}$. Differentiating $\mathcal{H}$ with respect to $v_i$, we obtain:

$${\displaystyle \frac{\partial \mathcal{H}}{\partial v_i}}=-R_{vi}{v}_i+{\eta }_i{\beta }_i{S}_i\left(1-u_i\right)=0.$$

(6)

Taking into account the constraints on the control action, the analytical solution for the attacker will take the form of a projection onto the feasible set:

$$v_i^{*}\left(t\right)=\mathit{max}\left(0,\mathit{min}\left(v_{max},{\displaystyle \frac{{\eta }_i\left(t\right){\beta }_i{S}_i\left(t\right)\left(1-u_i\left(t\right)\right)}{R_{vi}}}\right)\right).$$

(7)

Expression (7) proves that the adversary will concentrate attacking power in those sectors where the throughput ($S_i$) is high, the current cryptographic protection $\left(1-u_i\right)$ is weak, and the value of the stolen data (${\eta }_i$) exceeds the cost of interception ($R_{vi}$).

Accordingly, the defender’s strategy is ($u_i^{*}$). Differentiating $\mathcal{H}$ with respect to $u_i$, we obtain the balance of forces equation:

$${\displaystyle \frac{\partial \mathcal{H}}{\partial u_i}}=R_{ui}{u}_i-{\lambda }_i{\mu }_i{\theta }_i{S}_i{u}_i^{{\theta }_i-1}+{\lambda }_i{\Omega }_i{H}_i\Psi \left(\tau \right)-{\eta }_i{\beta }_i{v}_i{S}_i-{\eta }_i{\gamma }_i{H}_i=0.$$

(8)

To analytically confirm the existence and uniqueness of a saddle point in the differential game under consideration, we relied on the strengthened Legendre–Clebsch condition. The strict concavity of the Hamilton–Pontryagin function with respect to the attacker’s control is confirmed by the negative-definite second derivative ${\displaystyle \frac{{\partial }^2\mathcal{H}}{\partial {\upsilon }_i^2}}=-R_{\upsilon i}<0$. Similarly, strict convexity with respect to the defender’s control is ensured by the condition ${\displaystyle \frac{{\partial }^2\mathcal{H}}{\partial u_i^2}}$ > 0 over the entire set of admissible controls. Together with the Lipschitz condition for the right-hand sides of the bounded phase space, where $S_i\in \left[0,K_i\right]$, these properties guarantee that the optimal trajectories $u^{*}\left(t\right)$ and ${\upsilon }^{*}\left(t\right)$ found from the stationarity conditions will form a Nash equilibrium in the class of program strategies, excluding the multiplicity of terminal defense states.

Since the nonlinearity index ${\theta }_i>1$ of process friction (usually ${\theta }_i$ ∈ [2, 4] for legacy SCADA systems), Equation (8) does not have an explicit analytical solution in radicals. Finding the optimal $u_i^{*}\left(t\right)\in \left[0,u_{max}\right]$ is reduced to finding the root of the residual function $\Phi \left(u_i\right)={\displaystyle \frac{\partial \mathcal{H}}{\partial u_i}}$ at each integration step using numerical methods.

To close the two-point boundary value problem, we derive differential equations for the conjugate variables.

The equation of the shadow price of operational stability is as follows:

$$\begin{gathered} {\dot{\lambda }}_i=-\frac{\partial \mathcal{H}}{\partial S_i}=2Q_i\left(K_i-S_i\right)-{\lambda }_i\left[{\alpha }_i\left(1-\frac{2S_i}{K_i}\right)-{\mu }_i{u}_i^{{\theta }_i}\right]+\sum _{k=1}^N{\lambda }_k{w}_{ki}{\tilde{\Theta }}^{\prime }\left(K_i^{crit}-S_i\right) \\ -{\eta }_i{\beta }_i{v}_i\left(1-u_i\right). \end{gathered}$$

(9)

Here, the appearance of the sum $\sum {\lambda }_k{w}_{ki}$ will describe the “echo of cascading failures.” And the resilience value of the $i$-th node depends on how its failure will affect all dependent $k$-th nodes in the network.

Equation of the shadow price of intercepted data:

$${\dot{\eta }}_i=-{\displaystyle \frac{\partial \mathcal{H}}{\partial H_i}}={\lambda }_i{\Omega }_i\left(1-u_i\right)\Psi \left(\tau \right)+{\eta }_i{\gamma }_i{u}_i.$$

(10)

The formulation of the problem is completed by conditions (11) and (12) of transversality at the right end of the trajectory ($t=T$):

$${\lambda }_i\left(T\right)=-F_i\left(K_i-S_i\left(T\right)\right),$$

(11)

$${\eta }_i\left(T\right)=0.$$

(12)

The sets of admissible controls of the defender and attacker are defined as convex compact sets $U\subset L^{\infty }\left(\left[0,T\right]\right)$ and $V\subset L^{\infty }\left(\left[0,T\right]\right)$. The right-hand sides of the equations of state (1) and (2) are continuously differentiable with respect to the phase variables $S,H$ and controls $u,\upsilon$ and due to the boundedness of the phase space, since $S_i\in \left[0,K_i\right]$ satisfy the Lipschitz condition. This guarantees the existence and uniqueness of an absolutely continuous solution to the system for any pair of admissible controls. By calculating the second derivatives of the Hamiltonian, we verified that the integrand (3) is strictly convex in $u$ and strictly concave in $\upsilon$. According to Isaacs’s generalized minimax theorems for nonlinear differential games, the simultaneous fulfillment of the conditions of convexity–concavity of the Hamiltonian and Lipschitz continuity of the right-hand sides is a sufficient condition for the existence of a unique saddle point solution in the class of program strategies.

The meaning of condition (12) is that after the expiration of the planning horizon, i.e., after overcoming Q-Day, new intercepted data no longer poses a hidden threat to the defender within the framework of the HNDL attack under study.

The formulated mathematical model (1)–(12) is a complex two-point boundary value problem (TPBVP). We integrate the equations of state forward in time from $0$ to $T$. The adjoint equations depend on the terminal conditions and are integrated in reverse time from $T$ to $0$. For the numerical solution, this paper uses the Forward–Backward Sweep Method (FBSM) iterative algorithm [29,30].

The sequence of application of the FBSM algorithm is as follows:

Step 1. Initialization. We set initial guesses for the control vectors $u^{\left(0\right)}\left(t\right)$ and $v^{\left(0\right)}\left(t\right)$ on the entire time grid $t\in \left[0,T\right]$. We set the iteration counter $m=0$.

Step 2. Direct pass. Using the initial conditions $S_i\left(0\right)$ and $H_i\left(0\right)$, we integrate the equations of state ${\dot{S}}_i$ and ${\dot{H}}_i$ using the fourth-order Runge–Kutta method using the current controls $u^{\left(m\right)}\left(t\right)$ and $v^{\left(m\right)}\left(t\right)$. Save the trajectories $S^{\left(m\right)}\left(t\right)$ and $H^{\left(m\right)}\left(t\right)$.

Step 3. Transversality conditions. We calculate the boundary values of the conjugate variables ${\lambda }_i^{\left(m\right)}\left(T\right)$ and ${\eta }_i^{\left(m\right)}\left(T\right)$ based on the obtained states $S_i^{\left(m\right)}\left(T\right)$.

Step 4. Backward pass. Integrate the adjoint equations ${\dot{\lambda }}_i$ and ${\dot{\eta }}_i$ backward from $t=T$ to $t=0$ using the trajectories $S^{\left(m\right)}\left(t\right),H^{\left(m\right)}\left(t\right),\hspace{0.33em}{u}^{\left(m\right)}\left(t\right)\hspace{0.33em}$, and $v^{\left(m\right)}\left(t\right)$. Save the trajectories ${\lambda }^{\left(m\right)}\left(t\right)$ and ${\eta }^{\left(m\right)}\left(t\right)$.

Step 5. Control updating. Based on the new states and adjoint variables, we calculate new control candidates $\tilde{u}\left(t\right)$ and $\tilde{v}\left(t\right)$ by solving equations ${\displaystyle \frac{\partial \mathcal{H}}{\partial u_i}}=0$ and ${\displaystyle \frac{\partial \mathcal{H}}{\partial v_i}}=0$.

Step 6. Smoothing. To prevent numerical oscillations and ensure convergence, new controls are updated using a convex combination with the learning step $ϵ\in \left(\mathrm{0,1}\right)$:

$$u^{\left(m+1\right)}\left(t\right)=\left(1-ϵ\right)u^{\left(m\right)}\left(t\right)+ϵ\tilde{u}\left(t\right),$$

$$v^{\left(m+1\right)}\left(t\right)=\left(1-ϵ\right)v^{\left(m\right)}\left(t\right)+ϵ\tilde{v}\left(t\right).$$

Step 7. Convergence check. Calculate the norm of the difference $‖u^{\left(m+1\right)}-u^{\left(m\right)}‖+‖v^{\left(m+1\right)}-v^{\left(m\right)}‖$. If it is less than the specified tolerance threshold $\delta$, the algorithm is valid. Otherwise, $m=m+1$, and the process returns to Step 2.

Algorithm 1 allowed finding equilibrium trajectories for conflict development, moving from a hypothesis to a substantiated optimal management of CII resources during the transition to post-quantum cryptography. Pseudocode for the proposed model is provided below.

Algorithm 1: Forward–Backward Sweep Method (FBSM) for PQC migration

Planning horizon $T$, integration step $\Delta t$; Network and cost parameters: $K_i$, ${\alpha }_i, w_{ij}, {\mu }_i, {\Omega }_i, {{\beta }_i, {\gamma }_i, Q}_i, R_{u,i}, R_{\upsilon ,i}, {\theta }_i, F_i$ Convergence tolerance $ϵ\in \left(0,1\right)$. Output: Optimal control trajectories $u_i^{*}\left(t\right)$, ${\upsilon }_i^{*}\left(t\right)$; Optimal state trajectories $S_i^{*}\left(t\right)$, $H_i^{*}\left(t\right)$. Initialization: Set $m = 0$ and $error=\infty$. Set initial states for all sectors i: $S_i\left(0\right)=S_{i,0}, H_i\left(0\right)=H_{i,0}$. Initialize control guesses $u_i^{\left(0\right)}\left(t\right) and {\upsilon }_i^{\left(0\right)}\left(t\right)$ for $t\in \left[0,T\right]$. While $error>\delta$ do: Forward Sweep: Solve the state system (equations for $d{S}_i/dt$ and $d{H}_i/dt$ from $t=0$ to $T$ using the 4th-order Runge–Kutta method (RK4), employing current controls $u_i^{\left(m\right)}\left(t\right) and {\upsilon }_i^{\left(m\right)}\left(t\right)$. Store the resulting state trajectories as $S_i^{\left(m\right)}\left(t\right)$ and $H_i^{\left(m\right)}\left(t\right)$. Transversality Conditions: Calculate terminal values for adjoint variables: ${\lambda }_i^{\left(m\right)}\left(T\right)=-F_i\left(K_i-S_i^{\left(m\right)}\left(T\right)\right)$ ${\eta }_i^{\left(m\right)}\left(T\right)=0$ Backward Sweep: Solve the adjoint system (equations for ${\displaystyle \frac{d{\lambda }_i}{dt}}$ and ${\displaystyle \frac{d{\eta }_i}{dt}}$ backward in time from $t=T$ to 0 using RK4, employing current states $S_i^{\left(m\right)}\left(t\right)$, $H_i^{\left(m\right)}\left(t\right)$ and controls $u_i^{\left(m\right)}\left(t\right) and { \upsilon }_i^{\left(m\right)}\left(t\right).$ Store the resulting adjoint trajectories as ${\lambda }_i^{\left(m\right)}\left(t\right)$ and ${\eta }_i^{\left(m\right)}\left(t\right)$. Control Update: For each time step $t\in \left[0,T\right]$ and sector i: Update hacker’s control: ${\tilde{\upsilon }}_i\left(t\right)=\max \left(0,\mathit{min}\left({\upsilon }_{max},{\displaystyle \frac{{\eta }_i{\beta }_i{S}_i\left(1-u_i\right)}{R_{\upsilon ,i}}}\right)\right)$. Update defender’s control ${\tilde{u}}_i\left(t\right)$ by solving the stationarity condition: ${\displaystyle \frac{\partial \mathcal{H}}{\partial u_i}}$. Relaxation Smoothing: $u_i^{\left(m+1\right)}\left(t\right)=\left(1-ϵ\right)u_i^{\left(m\right)}\left(t\right)+ϵ{\tilde{u}}_i\left(t\right)$ ${\upsilon }_i^{\left(m+1\right)}\left(t\right)=\left(1-ϵ\right){\upsilon }_i^{\left(m\right)}\left(t\right)+ϵ{\tilde{\upsilon }}_i\left(t\right)$ Convergence Check: $error =\sum _i{\int }_0^T\left(\left|u_i^{\left(m+1\right)}- u_i^{\left(m\right)}\right|+\left|{\upsilon }_i^{\left(m+1\right)}- {\upsilon }_i^{\left(m\right)}\right|\right)dt$. End While Return $S_i^{\left(m\right)}\left(t\right), { H}_i^{\left(m\right)}\left(t\right), u_i^{\left(m\right)}\left(t\right), { \upsilon }_i^{\left(m\right)}\left(t\right)$as the optimal solution.

Model (1)–(12) assumes a deterministic nature of attack detection. Furthermore, the connectivity matrix in the subsequent computational experiment is specified statically. In future studies, we plan to move to stochastic differential games and dynamic CII graphs.

5. Computational Experiment

5.1. Stages of the Computational Experiment

The purpose of the computational experiment is the numerical verification of the game–theoretic model described above and the search for equilibrium strategies in the conditions of resource confrontation between the defender and the attacker.

The simulation process is implemented in the following sequence:

Stage 1—topology initialization. We form a heterogeneous CII network consisting of $N=3$ macronodes reflecting the CII base. Accepted: Sector 1—energy; Sector 2—financial sector; Sector 3—public administration.

Stage 2—numerical integration. The forward pass (integration of the equations of state $S_i$ and $H_i$) and the backward pass (integration of the adjoint equations ${\lambda }_i$ and ${\eta }_i$) are performed using the explicit Runge–Kutta method of the fourth order of accuracy (RK4). The discretization step $\Delta t$ is chosen to be small enough to ensure the stability of the solution of the stiff system in the neighborhood of the point ${\tau }_Q$.

Stage 3—control optimization. At each iteration, the vectors $u_i\left(t\right)$ and $v_i\left(t\right)$ are recalculated according to the Hamiltonian stationarity conditions. Convergence of the algorithm is ensured by using relaxation smoothing with an adjustable step size.

Stage 4—scenario analysis. The resulting optimal equilibrium trajectories are compared with the basic heuristic strategies—reactive and aggressive—to quantify the gains from applying the differential game.

Although the presented topology of three macro-sectors, i.e., energy, finance, and public administration, is demonstrative within the framework of the article, the developed mathematical apparatus is invariant with respect to the dimensionality of the CII graph. The vector form of the equations of state (1) and (2) allows the model to be scaled to systems with an arbitrary number of nodes $N$. The choice of three nodes is driven by the need to clearly visualize cascading effects between sectors with fundamentally different levels of “technological friction.” That is, high in energy and low in finance. The use of normalized parameters was dictated by the lack of publicly available, accurate data on the performance of industrial SCADA systems when implementing PQC protocols. However, their ranges of variation were fully consistent with the results of the latest NIST benchmarks and security forecasts for 2026.

5.2. Methodology for Conducting Simulation

To ensure the representativeness of the experiment, the parameter space was divided into structural constants. The components, respectively, reflected the physical properties of the CII and the weighting coefficients of the target functional. The parameter values were normalized. However, the relative proportions of the parameters have so far been calibrated based on expert assessments of the specific operating characteristics of legacy systems, in particular, SCADA systems in the energy sector of the Republic of Kazakhstan and modern IP control loops.

Table 1. System parameters and weighting coefficients of the differential game.

Designation	Parameter Name	Value/Range	Physical and Economic Meaning
Environment and Topology Parameters
$N$	Network dimension	3	The three main sectors of the Republic of Kazakhstan are energy (high friction), finance (high connectivity), and public administration (high data value).
$T$	Planning horizon	100 c.u.	The period encompassing the accumulation phase, the point of quantum supremacy, and post-crisis stabilization.
${\tau }_Q$	Expected Q-Day point	50 c.u.	Chronological moment of activation of the accumulated quantum threat (HNDL).
$\nu$	Steepness of the function $\Psi \left(\tau \right)$	2.0	The speed of transition from the classical paradigm of threats to the quantum one.
CII Node Change Parameters $\mathit{i}\in 1,2,3$
${\alpha }_i$	Coefficient of recovery	0.05–0.15	Inertia of repair and IT services. Minimal for energy, maximum for finance.
${\mu }_i$	Technological friction	0.2–0.8	PQC implementation overhead costs. Maximum for legacy industrial controllers in the energy sector.
${\theta }_i$	Nonlinearity of friction	2.0–4.0	Exponential growth of load as the share of PQC traffic approaches 100%.
${\beta }_i$	Interception efficiency	0.5–1.0	The adversary’s basic ability to accumulate encrypted traffic of a node.
${\gamma }_i$	Data aging rate	0.01–0.5	The life cycle of information. For the state administration RK $\gamma \to 0$, data remains relevant for decades.
${\Omega }_i$	Specific data criticality	1.0–10.0	Potential damage from decrypting 1 TB of sector data after Q-Day.
Payment Functionality Coefficients—Game Parameters
$Q_i$	Penalty for loss of stability	1.0–5.0	The strategic importance of the continuity of the sector’s operations for the state.
$R_{ui}$	Defender control cost	0.5–2.0	Budget constraints and costs for the forced procurement of PQC-compatible equipment.
$R_{vi}$	Attacker’s resource cost	0.5–1.5	APT group’s costs for storage systems and computing clusters for the HNDL attack.
$F_i$	Terminal fine	5.0–10.0	The significance of the final state of the system at time $T$.

shows the base values and variation ranges of the parameters used in the simulation.

The cascading influence of nodes is described through a connectivity matrix $W=\left[w_{ij}\right]$. In the baseline scenario, for three macronodes, it is statically defined as $W=\left(\begin{array}{ccc}0& 0.4& 0.3\\ 0.1& 0& 0.2\\ 0.1& 0.2& 0\end{array}\right)$. This structure reflects an asymmetrical relationship. That is, the financial and public sectors of Kazakhstan are highly vulnerable to disruptions in the $w_{12}=0, 4,w_{13}=0.3$ energy sector, while their reverse impact is less pronounced.

The simulation results are presented in Figure 1, Figure 2, Figure 3 and Figure 4.

Figure 1 shows a decline in operational resilience across all sectors. The most pronounced decline is observed in Kazakhstan’s energy sector. This is due to the high value of the technological friction parameter $\mu =0.8$ and the nonlinearity of $\theta =3$. After the onset of Q-Day ($t=50$) we observe an additional drop of $S_i\left(t\right)$, caused by the activation of the term ${\Omega }_i{H}_i\left(1-u_i\right)\Psi \left(\tau \right)$ in Equation (1), which models the damage from decrypting the accumulated data. The cascading impact of the energy sector on the financial sector and public administration manifests itself as a lagged decline in their resilience. This decline is consistent with the connectivity matrix $w_{ij}$.

Figure 2 shows the growth in the volume of intercepted data $H_i\left(t\right)$. The highest rate of accumulation is characteristic of the financial sector (${\mathsf{\beta }}_2=1.0$) and public administration. However, in the latter case $H_3\left(t\right)$ it reaches its maximum value and is maintained due to the low rate of information obsolescence ${\gamma }_3=0.01.$ In the energy sector of Kazakhstan, despite moderate ${\mathsf{\beta }}_1=0.5$, data accumulation is limited by earlier exhaustion of stability and a smaller share of vulnerable channels after Q-Day.

Figure 3 shows the defender’s optimal strategy. For the financial sector, we observe that the target level of protection is achieved by $t=50$. The sharp decrease in control intensity $u_2\left(t\right)$ in the final phase, after $t=80$, is explained by the complete completion of the infrastructure upgrade process. In other words, once all critical channels have been migrated to PQC, further expenditure of excess resources on “migration” will become impractical, according to the cost minimization functional $R_{ui}$. This does not imply a loss of protection, but rather reflects the optimal termination of the active implementation phase.

To assess the robustness of the proposed model and the stability of optimal controls, a sensitivity analysis was also conducted on the fundamental parameters of the model described above—specifically, the coefficient of technological friction ${\mu }_1$ (for the energy sector) and the connectivity weight ${\omega }_{12}$ (the impact of the energy sector on the financial sector). Thus, varying the ${\mu }_1$ parameter within ±20% of the baseline value (0.8) demonstrated predictable structural stability. That is, as technological friction decreased, the defender’s equilibrium strategy $u_1^{\left(1\right)}$ shifted toward earlier migration to PQC algorithms. Accordingly, this led to a 12–15% reduction in the volume of intercepted data $H_1\left({\tau }_Q\right)$. The shape of the control curve remained unchanged. A 15% variation in ${\omega }_{12}$ demonstrated the system’s robustness. The time to reach 90% protection in the dependent (financial) sector changed only slightly, within $\mathsf{\Delta }t=2.5$, but the penalty losses in the objective functional $\left(\mathrm{u},\mathrm{v}\right)$ increased significantly. This confirmed that the strategies remained stable with small parameter fluctuations. However, it should be noted that the final cost of maintaining stability may vary.

To quantitatively evaluate the effectiveness of the proposed strategy, a comparison was conducted with a reactive scenario, i.e., implementing PQC only when a critical data compromise threshold is reached. The comparison results are presented in

Table 2. The results of comparing the proposed strategy with the reactive scenario.

Metric	Reactive Strategy	Optimal Control (Model)	Improvement (%)
Integral loss (Functional J)	145.2	118.7	18.2%
Accumulated data volume (H at time T)	2840 conventional units	1960 conventional units	31.0%
Average stability level $(S_{avg}$)	62.4%	81.6%	30.8%

.

To rigorously quantitatively assess the robustness of the resulting solution to the uncertainty of the initial data, an elasticity index of the objective functional was additionally calculated. The analysis showed that simultaneous variation in the main parameters, i.e., the coefficient of technological friction and the weights of the connectivity matrix, within ±20% of their base values, leads to a change in the integral payment functional by no more than 7.4%. Moreover, the topology of the optimal trajectories maintained structural stability. That is, the shift in the protection strategy switching points over time was minimal. These indicators confirmed that the proposed mathematical model is not susceptible to overfitting to specific initial conditions. The model maintained predictive accuracy even with significant fluctuations in the performance of heterogeneous infrastructure components. An additional ablation analysis was also conducted to assess the contribution of individual model components. Disabling the “cascade connections” factor, i.e., setting the $W$ matrix to zero, leads to an underestimation of systemic risk in the financial sector by 24%. This demonstrates the need to use a network-centric approach. Ignoring the friction nonlinearity ($\mathsf{\theta }=1$ instead of $\mathsf{\theta }=3$) leads to unrealistic predictions of the instantaneous implementation of PQC. This, in reality, would cause a collapse of the operational stability of energy networks.

6. Discussion of the Research Results

A computational experiment has revealed a number of non-obvious systemic effects that arise when requirements for cryptographic strength and operational reliability collide in heterogeneous CII networks, including those of the Republic of Kazakhstan.

The fundamental insight of the simulation was the confirmation of the nonlinear nature of the HNDL strategy. Unlike classic DDoS or ransomware attacks, where damage is inflicted instantly, in the proposed game, the attacker uses time as their primary resource. As demonstrated by optimal control behavior $v_i^{*}\left(t\right)$, the adversary abruptly ceases investing in traffic interception immediately after passing the Q-Day point. This mathematically proved that the focus of CII defense, including for RK, must shift from “continuous counteraction” to a “race to the top” paradigm. If the defender fails to implement post-quantum cryptography by time ${\tau }_Q$, further expenditures on encrypting compromised channels will lose strategic value. The model presented in the article demonstrated the vulnerability of CII networks with a high proportion of legacy equipment using the example of the energy sector of Kazakhstan. The forced implementation of resource-intensive PQC algorithms will create a situation in which the defender, in its attempt to mitigate the cryptographic threat, will undermine its own operational resilience. This means it will itself cause technological friction. This leads to the following practical conclusion: For SCADA-class systems, a direct replacement of encryption algorithms is unacceptable. Flexible migration strategies are required, including hardware upgrades before upgrading cryptographic protocols.

An analysis of changes in interdependent nodes confirmed the presence of a delayed cascading degradation. The financial sector and public administration in Kazakhstan, while experiencing high rates of migration to PQC, nevertheless experienced a decline in resilience during the simulation due to resource depletion in the adjacent, i.e., energy, sector. This demonstrated the inadequacy of an isolated, sector-specific approach to CII information security. Optimal management of defender resources at a saddle point requires cross-industry synchronization. In other words, budgets and computing power should be allocated not on a “fair” basis, but with priority given to protecting the most connected (protection-critical) basic nodes of the CII graph.

From a practical perspective, the resulting equilibrium strategies $u_i^{*}\left(t\right)$ offer decision makers and CII operators a concrete risk management algorithm. First and foremost, they highlight the need for a network connectivity audit. That is, PQC implementation budgets should be allocated not uniformly across sectors, but prioritized toward core nodes with the greatest cascading potential. In the case of Kazakhstan, for example, this is the energy sector. Furthermore, the optimal trajectory proves that legacy SCADA-class systems will require a large-scale hardware upgrade beforehand. And attempting to implement PQC solely through software will only lead to infrastructure failure even before Q-Day. Regulators in Kazakhstan, as well as other countries, should develop interim security standards that allow for hybrid encryption for such systems. This is necessary to smooth out peaks of technological friction and prevent a domino effect in related financial and government sectors.

To quantitatively evaluate the effectiveness of the identified equilibrium control, a comparison with the baseline scenario was conducted. The baseline metric was a typical “reactive” PQC implementation strategy, in which protection $u_i^{*}\left(t\right)$ is activated linearly or only after reaching a critical data compromise threshold. The reactive scenario ignores the nonlinearity of cascading failures. This, within our model, inevitably leads to an avalanche-like decline in $S_i\left(t\right)$ in dependent sectors before Q-Day. In contrast, optimal feedforward control, found using the maximum principle, synchronizes cross-sector migration, minimizing technological friction and avoiding unacceptable terminal protection states at the end of the planning horizon $T$.

It should be noted that although the current numerical simulation is limited to a demonstration topology of three macro-sectors, the proposed differential game architecture is mathematically invariant to graph dimension. The vector representation of Equations (1) and (2) allows for direct scaling of the model to N-dimensional networks of arbitrary complexity. This makes the model a fully fledged decision support tool, requiring only calibration of the weighting coefficients of the connectivity matrix $W$ to the specific conditions of a given state.

Such research will, among other things, include calibration of parameters (${\mu }_i,$ ${\alpha }_i, W$) based on telemetry currently collected from SCADA system operators in Kazakhstan.

The proposed differential game provides a basis for macroscopic analysis of migration on PQC. However, in reality, the process of data interception leaves digital traces, the analysis of which will require additional resource expenditures. We plan to focus future research on expanding the model by integrating the costs of proactively searching for digital artifacts in the stages preceding Q-Day into the defender’s functionality.

7. Conclusions

A pressing scientific problem of synthesizing optimal protection strategies for heterogeneous critical information infrastructures (CIIs) in the face of a growing quantum threat and limited computing resources has been solved. The developed mathematical framework of a zero-sum antagonist differential game allows describing the contradiction between the need for accelerated implementation of post-quantum cryptography (PQC) and the risk of losing the operational resilience of legacy CII systems. Based on the theoretical analysis and computational experiment, the following key conclusions were formulated. The criticality of the time factor was mathematically proven. The temporal nature of the HNDL attack requires proactive, rather than reactive, allocation of defender resources. Optimal control trajectories show that delaying PQC implementation until quantum supremacy (Q-Day) will lead to irreversible data compromise and make further investment in cryptographic protection for this CII segment economically unfeasible. The need for synchronized migration is justified. This confirms the hypothesis that local “technological friction” during the upgrade of resource-intensive components, in particular SCADA systems in the energy sector of the Republic of Kazakhstan, is inevitably transmitted to related sectors—finance, public administration, etc.—through the connectivity matrix. The saddle point found proved that the minimization of systemic damage was achieved solely through cross-sectoral coordination of management actions and not through maximizing the protection of isolated nodes.

The proposed FBSM-based algorithm creates a ready-made analytical toolkit for relevant government agencies, including the Republic of Kazakhstan. The model enables quantitative assessment of acceptable bandwidth degradation limits for communication channels and planning equipment upgrade schedules in anticipation of the transition to PQC.

In this paper, the attacker’s data interception process is considered without considering the costs of ensuring stealth. In the future, we plan to expand the proposed game–theoretic framework by integrating probabilistic metrics for detecting digital traces left by attackers during the traffic accumulation phase into the defender’s functionality. This will allow moving to stochastic differential games and take into account the defender’s costs for proactive threat hunting.