A View from Martin LaMonica
Startup Taps Quantum Encryption for Cybersecurity
GridCom Technologies says quantum cryptography can work to make the electricity grid control systems secure.
The notion of harnessing the physics of quantum mechanics for a massive leap in computing power is firmly in the realm of science. But many people believe that applying these techniques to secure commercial communications is far more feasible.
Duncan Earl is one of them. He’s the chief technology officer of GridCom Technologies, a startup which recently secured seed funding to build a prototype quantum encryption system designed specifically for the electricity grid. The company’s hope is to have a demonstration system working next year near its home base in San Diego. Utilities would pay about $50 a month for access to a software service and hardware that encrypt critical communications in an area.
With GridCom Technologies, Earl is trying to make critical infrastructure more secure by encrypting data send to grid control systems. Traditional encryption techniques can’t work at the low latency speeds—measured in milliseconds–required for SCADA systems, which leaves them vulnerable to attack. Earl is an expert in optical technologies who worked at Oak Ridge National Laboratory and helped spin out an optical lighting company in 2006.
GridCom Technology’s system works by generating two photons using a laser and storing them in optical fiber cables. These twin photons each have an opposition polarization—either a wave oscillating up and down or left and right, Duncan explains. According to quantum mechanics, if one tries to measure these photons, it will change the state of the other and the photons are no longer “entangled.” This phenomenon allows a communications system to detect if a message has been intercepted.
The company’s planned service would create an encryption key based on the arrangement of the photon pair. A hardware receiver posts that information on the Internet and the company’s hosted software will poll those devices. A subscriber to the service will be able validate that communications haven’t been tampered and encrypt messages, Duncan says. “You’ve got physics that is ultimately securing the device, not mathematics. Mathematical complexity has been a great tool for encryption but it’s not future proof,” he says.
A key advantage of the system is that it works quickly, which is required for SCADA systems. “You’ve eliminated the possibility of somebody eavesdropping to hack the key. There’s no data latency and you’ve leveraged a random bit stream,” he says. “That’s really all the grid needs.”
There are already a number of efforts to build commercial quantum encryption systems. (See, Government Lab Reveals It Has Operated Quantum Internet For Over Two Years.) One of the main limitations is that the cryptography is only point-to-point over a fiber cable and can’t work across switching equipment over the Internet. In GridCom Technology’s case, the system will be limited to 20 kilometers in distance. Duncan envisions that utilities will put a series of hardware receivers in secured buildings to encrypt communications for a whole region.
Concern over the vulnerability of national grids and the potential for wide-scale outages has grown steadily over the past few years as high-profile companies have gone public with highly sophisticated hacking attempts. Quantum encryption offers one promising route to securing the grid, but it shouldn’t be seen as a silver bullet. If it works, it would address one very specific application but securing something as complex as the power grid requires a full suite of options and above all good security practices. (See, Cybersecurity Risk High in Industrial Control Systems.)