Quantum Cryptography Could Solve Energy Grid Security Questions

Critical infrastructure vulnerabilities are among the most disturbing cybersecurity realities of the day, and they even received mention in last week's State of the Union Address. As public and private sector security experts debate solutions, one of the more promising options could be a new take on data encryption technology.

Enterprises around the world have been deploying data encryption software for years as the first and last line of defense against insider breaches and external attacks. Now, researchers from Los Alamos National Laboratory are tapping quantum cryptography as a mechanism for national defense. In association with the Trustworthy Cyber Infrastructure for the Power Grid (TCIPG) at the University of Illinois Urbana-Champaign (UIIC), officials recently completed their first-ever modeled demonstration of how the security technology could be used to control the flow of operational data across electric grids.

This new method leverages single photons used to produce random numbers that are used to authenticate and encrypt industrial control system data and grid commands. As a result, operators can more easily detect adversaries that may be attempting to tamper with credentials and mitigate any damage they would have caused if successful.

"This demonstration represents not only a realistic power model, but also leveraged hardware, software and standard communication protocols that are already widely deployed in the energy sector," UIIC professor William Sanders explained. "The success of the demonstration emphasizes the power of the TCIPG cyber-physical test bed and the strength of the quantum cryptography technology developed by Los Alamos."

Security and sustainability
This news comes at an important time as critical infrastructure operators are still searching for guidance on best practices and regulators continue to worry about data security risks with public safety implications. Last month, government officials confirmed two separate cases in which critical energy assets were endangered by a USB-driven malware injection.

"It's actually pretty discouraging how little has changed, based on this lack of cohesiveness between the IT security teams and the operation staff responsible for maintaining uptime of industrial systems," Gartner senior security analyst Avivah Litan told CSO Online. "There's still a culture of organizational bureaucracies and territorialism, and little urgency to get things done."

While these personnel issues certainly demand their own attention, this promising new take on data encryption software could provide a valuable threat mitigation mechanism in the interim. If and when this defensive baseline can be established, energy grid operators will also have more time to focus on innovation.

Los Alamos researchers believe their work could be all the more important as critical infrastructure networks grow more heterogeneous and inclusive of alternative and renewable energy sources. To deliver the low latency, high availability orchestration those next-generation services demand, security fundamentals must be faultless.