What if you could send a control message between two points on the electricity grid—say between a control room operator and a turbine or between a system operator and a generating plant—and know that there’s no way that message can be intercepted, altered, or spoofed to effect malicious ends? That possibility may be only a couple of years away.
Cybersecurity awareness and best practices are increasingly central to the power generation, transmission, and distribution industry. Industrial cybersecurity concerns, recently heightened by awareness of how destructive the Stuxnet virus was to industrial control systems, have left plant owners and operators, regulators, and politicians scrambling to cobble together effective protective devices, systems, and practices. But no rules, regulations, or standards can guarantee protection if someone out there has the technology and knowhow to hack your system. That’s why a quantum cryptography (QC) project at Los Alamos National Laboratory (LANL) is so intriguing.
The LANL team’s approach offers what may be as close to a silver bullet as you’re likely to see in the near future. Headed by co-principal investigators Richard J. Hughes and Jane E. Nordholt, the QC team has developed a system they call network-centric quantum communications (NQC) because it uses quantum cryptography for key management using optical networks—specifically, fiber-optic cable. The team already has demonstrated secure control data for electric grids using quantum cryptography. (For a quick refresher on quantum physics, see the sidebar.)
The late-2012 demonstration was conducted using the electric grid test bed at the Trustworthy Cyber Infrastructure for the Power Grid project at the University of Illinois Urbana-Champaign, part of the Department of Energy’s Cyber Security for Energy Delivery Systems program in the Office of Electricity Delivery and Energy Reliability (see the “Want More Technical Specs?” sidebar). That “real-world” testing showed, according to a LANL press release, that quantum cryptography “provides the necessary strong security assurances with latencies (typically 250 microseconds, including 120 microseconds to traverse the 25 kilometers of optical fiber connecting the two nodes) that are at least two orders of magnitude smaller than requirements. Further, the team’s quantum-secured communications system demonstrated that this capability could be deployed with only a single optical fiber to carry the quantum, single-photon communications signals; data packets; and commands.”
The demonstration also showed that the system can be deployed with existing hardware, software, and communication protocols. Hughes says it also is scalable to multiple monitors and several control centers, which would be necessary for anything resembling end-to-end security.
A Quantum Leap over Current Systems
In a scientific paper published this spring, the researchers/inventors say that conventional cryptography cannot meet current networking security needs, often because of “constrained computational resources or the difficulty of providing suitable key management.”
“Trusted quantum key distribution (QKD) networks based on a mesh of point-to-point links lack scalability, require dedicated optical fiber, are expensive and not amenable to mass production, only provide one of the cryptographic functions (key distribution) needed for secure communications, and so have elicited limited practical interest,” the paper explains.
To be truly functional and practical in the electricity infrastructure, a networked, multi-node system would be necessary. The LANL QC researchers have developed such a system and have experimentally demonstrated that NQC “can solve new network security challenges in the critical infrastructure control sector, in particular.”
As the team’s paper explains, in network-centric quantum communications, quantum communications between each of N client nodes and a central server node at the physical layer support a quantum key management (QKM) layer, which in turn enables secure communications functions (confidentiality, authentication, and nonrepudiation) at the application layer between ~N2 client pairs (Figure 1). The NQC “hub-and-spoke” topology is widely encountered in optical fiber networks and permits a hierarchical trust architecture that allows the server (the “hub”) to act as the trusted authority (TA, “Trent”) in cryptographic protocols for quantum authenticated key establishment. (This avoids the poor scaling of previous approaches that require a pre-existing trust relationship between every pair of nodes.) By making Trent a single multiplexed QC receiver, and the client nodes (Alice, Bob, Charlie, and others) QC transmitters, NQC amortizes the cost and complexity of one of the most demanding QC components—the single-photon detectors—across multiple network nodes. In this way the NQC architecture is scalable in terms of both quantum-physical resources and trust.
|1. Future-proof trusted communication. This diagram shows the Los Alamos National Laboratory quantum cryptography team’s network‐centric quantum communications architecture. Source: LANL|
In simplified terms, quantum cryptography harnesses the power of photons to send a message that can only be “unlocked” by a trusted recipient with the approved “key.” Any attempt to intercept or alter the data communication is immediately evident. As a LANL press release explains, “Single photons are used to produce secure random numbers between users, and these random numbers are then used to authenticate and encrypt the grid control data and commands. Because the random numbers are produced securely, they act as cryptographic key material for data authentication and encryption algorithms.”
The QC system can work wherever you can get a photon from point A to point B “without having to detect it and then reproduce it (forbidden by the quantum mechanics),” Nordholt told POWER. “So we can do fiber or free-space (line-of-sight). We are the inventors of the methodologies that made free-space QC practical, as well as many of the techniques that made fiber QC possible.”
Central to the system are integrated photonics quantum communications components, the QC transmitters, dubbed QKarDs (Figure 2). The first-generation, modularly integrated QKarD is a fiber-coupled device that is about the size of a USB removable drive, but the team says the next-generation component will be an order of magnitude smaller in each linear dimension and can be miniaturized and fabricated using existing manufacturing processes at scale. Even so, today’s QKarD is five orders of magnitude smaller than any competing QC device.
|2. The key to unbreachable data communication. The current QKarD transmitter is five orders of magnitude smaller than any competing quantum cryptography device, but LANL researchers say it is possible to make it much smaller. Source: LANL|
Nordholt says the system is field-ready today: “We believe it is deployable with the current ~80-kilometer distance limitations. Some investment in improved engineering/packaging would make it cheaper and more deployable, but I think we have shown the basic necessities.” The system could be used both on systems “inside the fence” (which, as she points out, for cybersecurity purposes is no longer a meaningful distinction) and on the larger grid, from distributed control to SCADA systems.
When smart grid opponents object to grid modernization projects, one of their concerns is grid control security. Communications between smart grid devices using QC would ensure that only the intended signals are sent and received.
Remember that silver bullet metaphor I used at the top of the story? It was not intended to imply that the QKD system is 100% foolproof. “It makes cryptographers crazy,” Nordholt mentioned, “to say a system is unbreakable because you can’t prove it—you can only try everything you can think of to break it. It is true that we have proofs that QKD is absolutely secure (unbreakable), but that means that the implementation must be perfect. Since nothing is perfect (for example, poor random numbers would compromise the security of any QKD or conventional cryptographic system—fortunately, we have developed a very high-speed, high-quality quantum random number generator as well), cryptographers go nuts at this word. Also, we overlay the quantum part with classical techniques that we believe are extremely strong, but not perfect.”
Another caveat is that a silver bullet only works if it’s loaded, and quantum cryptography only works when it’s deployed. That deployment will necessarily take time, and QC networks will likely be rolled out first to high-value systems.
Existing infrastructure capabilities may also limit QC use. Though some utilities have installed fiber-optic cable in their distribution systems, and some plant control systems use fiber, it’s still far from universally deployed. Unless there’s fiber or line-of-sight between QC users and a trusted authority, the system cannot be deployed.
Even the most secure communications systems require a certain level of reliable human behavior. As Nordholt noted, “We can’t really help you if you are determined to send your bank account info to that Nigerian prince who emailed you, but we have new techniques that could ultimately be used to provide strong digital signatures so things like the certificate theft that made Stuxnet possible could be stopped.”
LANL’s technology transfer office is seeking to commercialize the technology and has fielded dozens of inquiries from interested companies that see its potential. Applications to financial, defense, and infrastructure systems are obvious, and a modified QKarD “would be perfect for a space experiment,” Nordholt says. Though details haven’t been worked out, licenses would likely be exclusive just to domains of use—“one company might get an exclusive license for use on the grid while another gets a license for laser communication.” The team has foreign patent rights as well, so the system could also be licensed to foreign companies.
As for the U.S. electricity sector, Nordholt projects that we might see the first deployments, as a retrofit in existing high-value control systems, within perhaps two years.
When asked what the QC system would cost per plant, per substation, or per another grid node, she said that, with today’s technology, the cost would be in the range of $5,000 to $10,000 and “would depend on how many were deployed on a system and how large the market.” For the next generation of devices, the team hopes to bring that cost down “considerably.”
The LANL QC team already has won several prizes, including the R&D 100 award for inventing Free-Space Quantum Cryptography (quantum cryptography used through the air or to space), the European Union’s Descartes prize for research for their QC work, and several previous distance records for both free-space and fiber-optic quantum cryptography. Though awards are nice, the team recognizes that to have a long-lasting impact, their technology needs to reach a market; hence, Nordholt explains, “Lately, we have been concentrating on making things cheaper and more practical.” ■
— Gail Reitenbach, PhD is POWER’s editor. A version of this article appeared online June 17 at powermag.com.