Quantum Security and Infrastructure: Risks and Benefits for the Energy Grid
Solutions Review’s Expert Insights Series is a collection of contributed articles written by industry experts in enterprise software categories. Patrick Shore of QuSecure discusses the infrastructure risks and benefits of using quantum security on the energy grid.
Despite recent efforts on behalf of world leaders to cut energy consumption, global energy demand is projected to increase by 50 percent between 2022 and 2050. With this rapidly growing demand for energy comes the need for more connected devices to regulate the generation, transmission, and distribution of energy. Today’s grid relies on a vast number of networked devices and sensors that constantly monitor energy inputs and outputs to optimize The Grid. While technology has greatly aided the energy sector with managing the flow of energy across the country, it has also created more devices and data points to manage and subsequently opened The Grid to a colossal number of cyber-attack surfaces for foreign adversaries to exploit. The development of quantum technologies has the potential to be both the antidote and kryptonite for The Grid’s growing problem.
Calculating the Risks and Benefits of Quantum Security in Modern Infrastructure
The Need for Quantum Computing on The Grid
As the number of connected devices on The Grid increases exponentially, traditional computing architectures will lack the processing power to manage all these devices in a sustainable manner. Already, energy companies and researchers in the industry rely on High-Performance Computing (HPC), the most powerful and largest-scale computers, to model and manage energy systems with thousands of variables. These computers play a vital role in the energy industry; it’s worth noting even the Department of Energy (DOE) owns four of the top ten most powerful supercomputers in the world. However, HPC is not without its limitations, and though they are still in their infancy, quantum computers have already demonstrated that they can perform calculations millions of times faster than any HPC currently in use.
Quantum computers are incredibly efficient at solving complex optimization problems with many variables, problems that classical computers simply lack the processing power to compute. Quantum computers have many potential use cases for the energy industry, such as facility location-allocation, energy unit commitment, and fault detection analysis.
The Quantum Threat to Critical Infrastructure
While quantum computing has the potential to transform the energy sector by providing a powerful tool for managing growing energy demand and an increasingly complex energy grid, it also presents a problem for cybersecurity of our critical infrastructure as foreign adversaries are spending billions of dollars to weaponize quantum computers for cyber-attacks against our communications and data, including critical infrastructure.
Critical infrastructure has become an increasingly popular target for cyber-attacks in recent years. There are three reasons for this. First, as noted in the above sections, The Grid relies on a massive network of connected devices, most of which lack adequate security measures. Second, attacks on The Grid are highly consequential, as any disruption could result in massive regional energy shortages. And third, attacks on The Grid are lucrative as energy companies are willing to pay high ransoms to restore their systems and continue distribution. We’ve seen the consequences of an attack on our critical infrastructure during the Colonial Pipeline Hack in 2021, where disruption of the Colonial Pipeline led to fuel shortages across the Eastern Seaboard for weeks. Though this attack was significant, an attack from a Cryptographically Relevant Quantum Computer (CRQC), a quantum computer that can break cryptography, could be exponentially more devastating.
Advances in quantum computing have increased exponentially, with billions of dollars invested in the quantum industry worldwide. As such, a CRQC may only be a single breakthrough away from realization. While experts debate on exactly how soon a quantum computer will be able to break encryption, a recent study conducted by Dimension Research for Cambridge Quantum indicated that 60 percent of the quantum experts interviewed believe that quantum advances will break encryption by 2023. Consider also that a quantum attack from a peer adversary would likely occur without warning, and the motivation to upgrade encryption immediately becomes clear.
Another consideration driving the urgency of the quantum-resilient migration is the prevalence of “steal now decrypt later” attack campaigns, in which encrypted data is stolen with the intent to retroactively decrypt the data using a quantum computer. These attack campaigns are occurring with frequency today and are likely to continue to increase as quantum computers and attack strategies become more advanced. Therefore, it is imperative that organizations with sensitive information, such as the DOE, which safeguards nuclear secrets, begin the transition to quantum-resilient cybersecurity now.
US Government Efforts in Quantum and Quantum Resilience
The Department of Energy (DOE) and Department of Homeland Security (DHS), specifically DHS’ Cybersecurity and Infrastructure Security Agency (CISA), are both contributing to the development of quantum computing and quantum-resilient cybersecurity for the energy industry. The DOE owns multiple quantum computers in national laboratories across the country and has been steadily increasing its quantum technology budget over recent years. The DOE may invest over $1 billion in Quantum Information Sciences (QIS) by the end of 2022 to develop alternatives to HPC and solve problems related to energy, climate change, sustainability, and cybersecurity. The DOE has become the largest contributor to quantum research in the US and will play an instrumental role in the future of our nation’s critical infrastructure.
Other US Government organizations are also contributing to protecting the cybersecurity of our critical infrastructure from quantum threats. CISA is tasked with improving both the digital and physical infrastructure for the U.S. CISA has been aware of the quantum threat for many years and has collaborated with the National Institute of Standards and Technology (NIST) to provide a roadmap for agencies to transition to NIST-approved quantum-resilient cybersecurity standards. CISA’s contribution is a crucial step in the right direction for a quantum-resilient grid, but commercial energy companies must take action and follow the guidance of these government directives in order to create a quantum-resilient grid.
Quantum Security Solutions for Today
Innovative quantum security companies will be key in transitioning to quantum resilience. Government and commercial entities require practical cybersecurity solutions that provide quantum resilience with minimal disruption to existing systems. Quantum security must be approached holistically by combining NIST-standardized post-quantum algorithms with end-to-end architectures that protect the entire network from quantum attacks. We must look to these companies as well as to government agencies like NIST and DHS to help expedite this critical transition to quantum resilience and protect our critical infrastructure.