The threat to key infrastructure from post-quantum cyber attacks is real, and as research shows, it will only worsen. As technology advances and computing power increases, so does the ability to crack encryption keys. This means that traditional public key cryptography will eventually be outdated.
The White House outlined the Biden Administration’s policies on quantum computing in May 2022. These policies called for the transition to post-quantum cryptography to reduce the threats to current cryptographic systems. The memo states that failing to switch to post-quantum cryptography could endanger the critical infrastructure’s supervisory and control systems. What does that mean for vital infrastructures like the energy sector?
While governments strive for quantum advantage as the industry transitions to new sources of electricity and react to climate change, experts have highlighted the energy sector’s biggest risks.
The US Grid experts and leaders in quantum cybersecurity, Quantinuum, came together at the Billington Cybersecurity conference in Washington DC held September 7-9, 2022, to explain the potential impact of quantum computing on US energy operations, production, and distribution if vital infrastructure operators are unprepared. Of the 16 critical infrastructure sectors, the experts’ focus was on the energy sector, given the complex nature of its interdependencies and the cascading effects of cyber threats across multiple other sectors.
Cyberattacks on the electricity sector will have a crippling impact on US national security, economic security, public health, and safety, both separately and collectively. With fault-tolerant quantum computing, hackers can secretly access networks and launch complex attacks within hours, minutes, minutes, or even seconds.
Water treatment facilities and power grids are examples of modern critical infrastructure that utilize Cyber-Physical Systems (CPSs), which allow for real-time monitoring and management of physical processes. The interactions and interdependencies inside these systems are complex. As a result, attackers may decide to target these systems. When one of these systems is attacked, the impact could spread to associated systems.
The grid is under pressure from many internal and external factors that must be addressed to ensure stable operations. These include:
- The increasing electrification of transportation through electric vehicles.
- The transition from traditional fossil fuels to renewable energy sources.
- The increased frequency and severity of weather events caused by climate change.
As automation rises and Internet of Things (IoT) devices are connected to the grid at various scales, data availability and data integrity will become more crucial. At the same time, the threat of cyberattacks will increase.
A global pandemic, wildfires, and extreme heat and cold have all caused energy disruptions that many power companies and their customers have already experienced. Grid experts struggle to estimate and plan for dual-threat situations, let alone the future’s multi-matrixed complexity. And one of the greatest vulnerabilities isn’t the emergence of new technology but the pace at which the technologists can overcome the hurdles to exploit that technology.
“Grid security personnel need a very clear picture of their quantum vulnerabilities. They must start now to catalog where quantum-vulnerable algorithms are currently in use. Not all systems will be affected equally, but every system that supports the critical function of the nation’s grid is vulnerable.”
Duncan Jones, Quantinuum’s head of cybersecurity,