Quantum communication systems, despite their theoretical security guarantees, face practical vulnerabilities across physical infrastructure, protocols, and classical subsystems that existing cybersecurity frameworks do not cover. We propose a kill-chain-based threat model that organises quantum and classical Tactics, Techniques, and Procedures (TTPs) into end-to-end attack sequences, combined with an ISO/IEC 27005-compatible risk scoring methodology. SQOUT, a threat-intelligence platform for quantum technologies, implements this approach and is used to analyse two concrete attack scenarios: Photon-Number Splitting (PNS) and detector-blinding attacks as case studies. The risk assessment uses technique-level likelihood scoring with attack-tree product aggregation across kill-chain steps, producing governance-ready risk ratings for quantum-specific threat scenarios.

翻译：暂无翻译