Preparing the power grid for future quantum cyberattacks
Professor Deepa Kundur (ECE), third from left, attends a recent ECE event, along with Dean Christopher Yip (second from left). Image: University of Toronto / Neil Ta
A project is underway to explore cybersecurity defences for utilities under a quantum threat, led by researchers at the University of Toronto.
Just as quantum computing is opening a new level of computational ability for power utilities, it is also opening the way for a new level of threat to cybersecurity with its potential to break current data encryption techniques.
When this might be possible is open to debate and dependent on the advancement of quantum computers, with some suggesting likely within the next three to five years, but as with all cybersecurity approaches the goal is to be ahead of the attackers.
This is the reasoning behind a new project being led by researchers at the University of Toronto to explore quantum-based technology solutions to defend power utilities against such future cyberattacks.
Have you read?
Leveraging quantum computing to tackle power grid challenges
Energy Transitions Podcast: Cybersecurity innovation at the core of digital transformation
With a CA$1.45 million (US$1.1 million) National Sciences and Engineering Research Council of Canada grant, the project is a collaboration with Québec utility Hydro-Québec and the Canadian quantum startup Xanadu.
“We have to stay ahead of the game,” says Professor Deepa Kundur, chair of the University of Toronto’s Department of Electrical & Computer Engineering, who is leading the project.
“Technology is always changing the threat landscape. And quantum computing, which is becoming more feasible and practical, is a powerful tool that will make our classical defences obsolete.”
Among the topics to be studied are the use of future quantum sensors in power grids and for example whether this quantum-enhanced information is better for attack detection or gives attackers an ability to hide themselves.
To address this quantum versions of classical data will be modelled and anomaly and attack detection performed on it.
The researchers also intend to experiment with quantum machine learning for pattern recognition for cyberattack detection.
Quantum defence blueprint
A second team, headed by Professor Atefeh Mashatan, director of the Cybersecurity Research Lab at Toronto Metropolitan University, and including Hydro-Québec and quantum solution providers Crypto4A and evolutionQ intend to create a blueprint for how the energy sector can mitigate the risks of quantum threats and incorporate quantum-resistant cybersecurity into their smart grids.
The project is planned to start with identifying vulnerabilities in generic power system models and demonstrate how an attack can create disruptions to the smart grid.
For example, one scenario involves attacking the system in real time once cryptographically relevant quantum computers are on the market.
Another scenario involves an attacker obtaining encrypted data through a breach today and then waiting to decrypt the information once they have access to quantum computers in the future.
The researchers then intend to investigate improvements to the security tools available, including the feasibility of quantum key distribution and the use of next-generation quantum-safe digital signature technologies to provide low-overhead and quantum-safe integrity services.
Among the outcomes, Crypto4A will provide hardware security modules built to support these next-generation technologies that will be used to secure the quantum-safe smart grid – set to be a first for these mechanisms to be packaged specifically for the energy sector.
Mashatan says the implications of a quantum-enabled attack in the power sector could be catastrophic, with a massive disruption such as a blackout, and quantum enhancement is the next stage in the evolution of today’s smart grids.
“As quantum computing advances, utility and other critical infrastructure sectors must examine their quantum vulnerability closely and plan accordingly to implement mitigating countermeasures. Proper mitigation will reduce the likelihood and impact of a successful quantum-enabled attack and is part of their overall cybersecurity resilience.”
