Quantum Physics Could Protect the Grid From Hackers—Maybe

Cybersecurity experts have sounded the alarm for years: Hackers are ogling the U.S. power grid. The threat isn’t merely hypothetical—a group affiliated with the Russian government gained remote access to energy companies’ computers, the Department of Homeland Security published last March. In some cases, the hackers could even directly send commands to mess with hardware, which meant they could have cut off the power entirely to customers’ homes. To shut these hackers out, utility companies need better security.

One group of physicists think they have a patch: quantum-encrypted power stations.

They tested the idea this February, hauling several SUVs’ worth of lasers, electronics, and extremely sensitive detectors from Oak Ridge National Laboratory, Tennessee, down to Chattanooga. After a hundred-mile drive, they pulled the vehicles up to EPB, the local utility company, and hooked up their machines to some of EPB’s unused optical fiber. Over the period of a week, they repeatedly directed infrared light down the fiber in a 25-mile loop and monitored the properties of the light as it went out and back, out and back. And during that demo, they showed how two different quantum encryption systems could be integrated into existing grid infrastructure. “We’re hoping to show that the concept can be deployed today,” says physicist Nick Peters of Oak Ridge.

Using this equipment, they successfully sent and received a series of numbers known as a key using a protocol known as quantum key distribution, or QKD, which guarantees that nobody has tampered with the numbers. QKD secures data by exploiting the strange rules of quantum mechanics. Roughly, here’s how it works: The sender beams single infrared photons oriented in different directions—polarizations—that correspond to 1’s and 0’s. A receiver measures those orientations. Then, the sender and receiver compare some of their numbers. In quantum mechanics, if you measure a photon’s polarization, you instantly alter it from one state to another. If a hacker had tried to intercept the photons, they would have introduced a telltale statistical error in the numbers, and you would know that the connection was not secure. “QKD gives you the confidence that the key has not changed from when it was sent,” says Donna Dodson, a cybersecurity expert at the National Institute of Standards and Technology.

If the stats look good, the sender and receiver can then go ahead and use that key to scramble a message. “It’s based on your trust of physics,” says Peters. This is in contrast with conventional encryption methods, which guarantee security by assuming computers aren’t fast enough to decipher their algorithms in a reasonable amount of time. Peters’s group thinks that a utility company could use quantum-encrypted data to communicate with their hardware. For someone to intercept or change a quantum-encrypted data stream, they’d have to defy quantum mechanics.

The approach comes with technical challenges, of course. One challenge is simply the reality of working on the grid itself. It’s a mishmash of transformers, switches, and sundry parts installed over various years, and grafting on any new technology is difficult. “You can’t just shut the power off,” says physicist Tom Venhaus of Los Alamos National Laboratory, who collaborated on the project. “It’s like working on a car with its engine running.”

But perhaps the biggest challenge is getting the technology to work over long distances. You can only send a photon about 100 miles through fiber-optic cable until its quantum properties change too much to recover its information. In the Chattanooga demo, the physicists extended the distance by converting the quantum signal to classical bits. They then fed those classical bits into a different quantum encryption system, which could then reproduce the key and transmit it further. This means that you could put various encryption machines inside various power substations and use them as a relay to secure wider swaths of the grid. In order to communicate with the substation hardware, you’d need to know what the key is. The system would prevent a hacker from measuring and duplicating the key, which is one way of keeping them from gaining access to the hardware.

But every time you convert quantum bits to classical bits, you lose the protection of quantum mechanics, opening the door to hackers. And to be sure, QKD can only prevent specific types of attacks. It confirms that nobody has tampered with the key, but it doesn’t verify who the sender is, says Dodson. In the Chattanooga demo, the researchers had to combine QKD with other techniques to authenticate who sent the key.

EPB is planning other tests of quantum encryption, including one that sends quantum keys via wireless radio antennae instead of optical fiber, says Steve Morrison, who leads the utility company’s cybersecurity efforts. If the tests are successful, EPB could be controlling its power station hardware with quantum-encrypted commands in about five years. “I would never venture to say anything is unhackable, because I’m paid to be paranoid,” says Morrison. “But I’m hopeful about this. These systems can detect malicious intent, and that’s something I haven’t seen in any other technology.” Let’s hope they keep the lights on.

More Great WIRED Stories