Electrical grids are high-value targets for hackers, cyber criminals, aggressive nations and other bad actors. They know a successful cyberattack could enable them to disrupt services, damage critical equipment, steal sensitive data or claim a ransom, so they keep trying bigger and more complex attacks.

Power utilities understand that any gap in cybersecurity could have major consequences for their grids, workers, customers and businesses, particularly in this era of electrification. They never stop working to find better ways to protect their grid infrastructure.

But the cybersecurity challenge is about to get a lot harder for utilities. Quantum computing is evolving fast and could potentially allow bad actors to break encryption schemes used to protect communications and data that are fundamental to grid operations.

There’s no shortage of debate about when this day—known as Q-Day—will arrive. But one thing is clear: Utilities need to start building quantum-safe networks before it’s too late.

We recently joined the team from Energy Central’s Power Perspectives podcast to talk about what the quantum threat means for utilities and how they can secure their future by implementing quantum-safe networks today.

Our discussion covered lots of ground, but here are four key things we think every utility should know about the quantum threat and how to tackle it.

1. The quantum threat is real

Quantum computers are the next evolution of computing technology. They are no longer a purely academic research topic aimed at simulating quantum systems, as first proposed by Richard Feynman. The race to develop quantum computers is intensifying as nations and tech giants pour significant resources into the field to gain scientific, engineering and economic advantages. These immense global efforts underscore the reality of the quantum threat.

So, what are quantum computers? They consist of qubits, which can be implemented using particles like ions and photons. They harness quantum properties such as superposition and entanglement to perform parallel calculations and tasks that are too overwhelming for classical computers that work with bits and electrical impulses.

With the power of qubits behind them, quantum computers will have the potential to support applications that rely on massive and complex sets of mathematical operations. The trick is to develop algorithms that can harness this potential to create good outcomes for people and industries.

Unfortunately, bad actors will be aiming to use quantum computing to create bad outcomes for utilities and other enterprises. Quantum algorithms developed to crack widely used encryption schemes have been published in academic papers available in the public domain. It would take a classical computer years (depending on key length and computational power) to crack these schemes. But a quantum computer would reduce this timeline to a matter of hours or minutes (depending on the number of qubits).

For example, Shor’s algorithm is a quantum algorithm that can efficiently solve the integer factorization and discrete logarithm problems. These are the foundations of prevalent mathematics-based public key cryptography methods such as RSA and Diffie-Hellman, respectively. Armed with Shor’s algorithm and a quantum computer, or a cryptographically relevant quantum computer (CRQC), a bad actor could easily solve the factorization challenge and decrypt the data they protect. Utilities can no longer rely on public key exchange-based encryption.

2. It’s time for utilities to act

Even though bad actors may not have access to a CRQC today, it would be a mistake for utilities to treat quantum threats as a tomorrow problem. Bad actors could already be using tactics such as fiber tapping to harvest huge amounts of information on grid operations. After Q-Day, they will be able to decrypt this information and acquire intimate knowledge of the grid infrastructure.

This kind of attack is known as harvest now, decrypt later (HNDL). With decrypted data, bad actors can then curate specific man-in-the-middle (MITM) attacks to compromise electrical system settings or launch denial-of-service (DoS) attacks to cripple core grid systems.

Utilities can’t afford to play a wait-and-see game with these HNDL attacks. They need to treat quantum threats as a today problem and develop new strategies for making their mission-critical operations networks and data quantum-safe.

3. Utilities must level up their cybersecurity compliance for the quantum era

Being alert to the changing cyber threat landscape is a must for power utilities. Many utilities are embracing software-based, data-driven operations and migrating grid communications from older TDM- and SONET/SDH-based networks to modern packet-based IP and Ethernet networks. These transformations will power adaptive smart grids, but they will also provide bad actors with new angles of attack.

Utilities generally have a good defense against existing threats because they comply with regulations such as NERC CIP in North America and NIS and NIS2 in the EU. These regulations call for the confidentiality and integrity of transmission of data in the network, including encryption of mission-critical data.

But quantum threats are more challenging and complex than any threats utilities face today. To stay ahead, utilities will need to draw on their threat awareness and security experience from the past. They also need to strengthen their security posture with quantum-safe encryption to level up their cyber defenses for the quantum era. And they should also follow and contribute to post-quantum cryptography (PQC) discussions and standardization efforts.

4. Quantum-safe networking is possible today

As mentioned earlier, it’s well known that published quantum algorithms can crack some encryption methods. Organizations such as NIST in the US and ETSI in Europe are now developing standards for PQC algorithms. These new algorithms will protect critical utility data from quantum computing attacks, but they’re still in the standardization process.

Utilities don’t have to wait for standardized PQC algorithms to make their networks and data quantum-safe. They can use familiar encryption technologies available today to turn their communications networks into a strong first line of defense against present and future quantum threats.

The solution is to implement a defense-in-depth approach that protects critical applications with symmetric encryption technologies deployed at different layers of the network, including OTNsec at the optical layer and MACsec at the data link layer.

To get the most from this approach, utilities need a trusted source that can generate strong encryption keys. The keys must be generated from the source with high randomness (also known as entropy), have a sufficient key length and use a strong enough encryption algorithm. Symmetric encryption such as AES-256 provides robust protection against quantum computing attacks.

This multilayer approach can safeguard grid communications in the deep optical DWDM core and extend quantum-safe protection to the substation IP/MPLS edge, as well as the utility’s IT and corporate infrastructure.

Utilities should choose a quantum-safe networking solution that’s flexible and scalable enough to provide protection now and in the future. An ideal solution will integrate seamlessly with current network and security solutions, support a variety of business applications and work with PQC algorithms once they have been standardized.

Find out more

The quantum threat is a real, growing concern but reliable protection is available. By deploying quantum-safe encryption now, you can secure your grid operations and communications against today’s HNDL attacks and ensure that your cyber defenses will be ready when Q-Day arrives.

Watch our interview with the Energy Central podcast to learn more about how quantum computing threats could put your utility operations at risk and what you can do to make your network quantum-safe.