Security CEO and Founder of Safe Quantum Inc., working with data-driven companies to define, develop and deploy quantum-safe technologies.
From Solar Winds to the Colonial Pipeline to the July 4th ransomware attack by Russian-led REvil, it seems that we're getting hit by the "worst hack ever" — to date, at least — every week or two.
The acceleration is upsetting. While the demands for money to free the purloined data are certainly worrisome, it's the potential for what cybercriminals could be doing that should be keeping security professionals awake at night.
What if they targeted the Federal Aviation Administration's Air Traffic Organization, which provides service to more than 45,000 flights and 2.9 million airline passengers across the United States' more than 29 million square miles of airspace?
What if they hacked the more than 300,000 cell towers spanning the country, interrupting cellular networks for millions?
Instead of just being greedy or shutting down company servers, these crooks could be creating chaos.
Let's look at one example, in particular: the power grid.
An attack on the U.S. power grid could disrupt more than 7,700 power plants and the 2.7 million miles of power lines that connect 145 million customers across the United States. Now, consider that the U.S. electric grid was begun in the 1880s, with new technologies layered on top as they've become available. Clearly, upgrades to prevent outages are the primary concern.
But some of the best intentions to update the system also contribute to the threat of it being attacked.
The U.S. Department of Energy (DOE) has prioritized the power infrastructure, making building a so-called "smart grid" a national policy goal. A smart grid uses technology that enables two-way communication between a utility company's infrastructure and its customers.
This communication can increase reliability and reduce power outages by using sensors and connected smart meters to monitor electricity demand and supply in real time, allowing operators to predict and potentially avoid disruptions.
With all the benefits of a smart grid, however, the growing reliance on digital systems increases the potential risk of cyberattacks. The critical communications between sub-stations and a centralized control center must be protected to prevent bad actors from getting in.
Only by securing both ends of the communication — the sender and the receiver — can operators ensure that both parties' identities are valid, i.e., they are who they say they are.
A somewhat basic step would be to use Advanced Encryption Standard (AES) synchronous encryption, which is what the U.S. government uses to protect classified information. This is an advanced encryption algorithm that creates "keys" needed to access the data being communicated, with encryption keys usually of 256 bits in length.
That means a hacker would need to ascertain the value of 256 binary digits to break that encryption, which is even secure against a quantum computer.
Some utilities today are experimenting with alternative security technologies, including within the Supervisory Control and Data Acquisition Systems (SCADA) that most already have in place.
Fortunately, the DOE is backing the development of quantum and quantum security technologies.
A Quantum Key Distribution (QKD) device can be deployed between the control center and a substation. The cryptographic protocol using photons of light through a fiber optic cable enables the two parties to share a secret, randomly generated key which is known only to them.
U.S. carrier Verizon has already successfully tested QKD, effectively securing communications between three locations in its network. And financial services leaders like JPMorgan Chase are also testing QKD and other quantum technologies in their need for both speed and security.
With any new technology, however, there's a learning curve to develop it as well as pricing considerations. That said, the power of the DOE is behind it, including funding trials and proof-of-concept implementations such as a widely touted project with EPB, a community-based utility and telecommunications company serving Chattanooga, Tenn.
The U.S. grid was attacked for the first time in 2019, and the assaults are escalating. In April, the Biden administration launched a plan to coordinate the DOE, the Cybersecurity and Infrastructure Security Agency and the electricity industry in a concerted effort to safeguard the power grid from what it called "persistent and sophisticated threats."
With how brazen cybercriminals are getting, when does ransomware turn into a malevolent attempt to destabilize the United States by knocking out the Northeast power grid in January?
By using QKD as a near-term solution, our government could move quickly to secure the power grid and prevent the chaos that would follow.
We welcome journalists to contact the Media Relations team for information and news about EPB:
Follow @EPB_Chattanooga for the latest company news
We’re available anytime to provide customer service and technical support.
Click to gain access to the EPB Brand Central asset library.