Nearly a month after Hurricane Maria, the majority of Puerto Ricans still have no electricity. Bank accounts and ATMs are inaccessible, and citizens rely on scarce generators to power stoves and dialysis machines.
Though this power outage was brought on by the hand of Mother Nature, she is not the only one who can reach out and turn off the power switch. For two years, highly experienced hackers infiltrated and studied the U.S. electric grid, ultimately gaining the ability to cause blackouts on American soil. Cybersecurity firm Symantec first reported the threat in September, while CrowdStrike and others went farther in attributing the infiltration to Russia.
The significant threat to the power grid is not new. A growing group of experts think that Russian state-sponsored attacks on Ukraine’s grid in 2015 and 2016 were part of a larger effort to map out ways to compromise power grids across the world. In fact, Maryland-based Dragos, in conjunction with Slovakian anti-virus firm ESET, confirmed that the group behind the 2016 Ukrainian grid attack had direct ties to the team that “targeted infrastructure companies in the United States and Europe in 2014 and Ukraine electric utilities in 2015.”
Foreign actors pose an increasing national-security threat to the U.S. grid, and the best bet for keeping the lights on, refrigerators running, and respirators working may be quantum cybersecurity.
Quantum cybersecurity is needed in the short and long term because it can address threats from both current classical computers and rapidly developing quantum computers. Only five to ten years away, a quantum computer will be able to instantly cut through current grid encryption. A quantum computer is faster and more powerful than a classical computer, similar to reading every book in the Library of Congress at once, instead of one by one.
Approximately 3,200 utilities manage portions of the grid, a contributing factor in the grid’s susceptibility. These vulnerabilities include, but are not limited to, the use of legacy systems, lapses in basic IT and updates, and a growth of access points.
Quantum computing signals an important paradigm shift in the cybersecurity realm. Conventional cybersecurity firms address network breaches after they have occurred and are often able to correct the situation. However, as Paul Lucier, vice president of ISARA Corporation, attests, “in the coming age of quantum computing, cybersecurity firms must focus on being proactive by implementing quantum-safe security measures prior to any large-scale quantum-computer attacks.”
The national-security threat to the grid is one reason why the U.S. government should establish and implement a comprehensive National Quantum Initiative. Such an initiative would, at the very least, respond to the efforts of the EU, which is dedicating more than $1 billion over ten years toward quantum research, and China, which is committing over $10 billion to build a quantum research facility within two and a half years.
The national-security threat to the electrical grid is one reason why the U.S. government should establish and implement a comprehensive National Quantum Initiative.
In addition to supporting the development of technology and setting important compatibility standards, a National Quantum Initiative might include promoting a tiered timetable for adopting quantum cybersecurity.
In the immediate term, quantum keys — the world’s only true random numbers — can be added to existing encryption to strengthen grid resiliency against potential threats. Such quantum-key technology is commercially available.
In the next five to seven years (approximately the same time frame for a working quantum computer), quantum-resistant algorithms must be deployed. A crucial element to facilitating quantum-resistant algorithms will be to quickly and effectively commercialize academic research. Additionally, quantum-resistant algorithms are software, which means that the entire electric grid can be secured with such emerging technology.
In the longer term, quantum networks, which rely on a technology called quantum key distribution, are the most secure and advanced of all quantum cybersecurity measures because they are truly unhackable. Such networks are physical hardware and can integrate seamlessly with existing transmission lines.
Until it becomes commercially and scientifically viable to secure the entire U.S. with quantum networks, such hardware will be used only in high-density areas, alongside quantum-resistant algorithms.
Dr. Raymond Newell leads a team at Los Alamos National Laboratory focused on building quantum networks to protect the grid. Newell believes that the Department of Energy has taken an increased interest in quantum cybersecurity in recent months, but stresses that more must be done to help scientists mitigate future threats.
The U.S. is at a crucial moment regarding quantum cybersecurity and must take active steps to realize the technology as quickly and effectively as possible. The threat posed to the electric grid by classical and quantum computers — especially in the hands of foreign actors — will only increase.
A smart National Quantum Initiative can help the U.S. continue to be the most powerful country in the world. But without electricity, we will have no power.
— Idalia Friedson is a research associate and project manager at Hudson Institute.