This work addresses the high computational overhead and energy consumption introduced by post-quantum cryptography (PQC) in the Open RAN control plane, which poses a threat to system sustainability. To mitigate this challenge, the authors propose an energy-aware cryptographic scheduling framework that integrates security policy definition via a Crypto Policy rApp in the non-real-time RIC with dynamic PQC handshake scheduling by an SOS xApp in the near-real-time RIC. This approach represents the first effort to jointly optimize energy efficiency and PQC deployment within an O-RAN-compliant rApp/xApp architecture. Leveraging MACsec/IPsec protocols and discrete-event simulation, the framework reduces the energy consumption of a single PQC handshake by approximately 60% while satisfying the latency SLA requirements of network slices.

The Open Radio Access Network (O-RAN) offers flexibility and innovation but introduces unique security vulnerabilities, particularly from cryptographically relevant quantum computers. While Post-Quantum Cryptography (PQC) is the primary scalable defence, its computationally intensive handshakes create a significant bottleneck for the RAN control plane, posing sustainability challenges. This paper proposes an energy-aware framework to solve this PQC bottleneck, ensuring quantum resilience without sacrificing operational energy efficiency. The system employs an O-RAN aligned split: a Crypto Policy rApp residing in the Non-Real-Time (Non-RT) RIC defines the strategic security envelope (including PQC suites), while a Security Operations Scheduling (SOS) xApp in the Near-RT RIC converts these into tactical timing and placement intents. Cryptographic enforcement remains at standards-compliant endpoints: the Open Fronthaul utilizes Media Access Control Security (MACsec) at the O-DU/O-RU, while the xhaul (midhaul and backhaul) utilizes IP Security (IPsec) at tunnel terminators. The SOS xApp reduces PQC overhead by batching non-urgent handshakes, prioritizing session resumption, and selecting parameters that meet slice SLAs while minimizing joules per secure connection. We evaluate the architecture via a Discrete-Event Simulation (DES) using 3GPP-aligned traffic profiles and verified hardware benchmarks from literature. Results show that intelligent scheduling can reduce per-handshake energy by approximately 60 percent without violating slice latency targets.