Smart Grids vs. Quantum Threats: The $1.45M Solution

Over the last 20 years, the power grid has transformed from manually operated equipment to a digitalized, data-rich web of information and communication technology. Energy systems steadily became more complex, expanding from one-way to two-way communication, centralized to distributed power generation, radial to network topologies, and manual to self-configured monitoring and outage recovery. 

Thanks to these advancements, utilities can better adapt to different loads and conditions, restore power quickly during blackouts, and pinpoint faults faster than ever. However, with more data moving through today's IoT-enabled smart grids, attackers are finding new ways to exploit the increased interoperability of sensors, smart meters, and other connected equipment. Powerful quantum computers can crack cryptographic keys more reliably and efficiently than yesterday’s programs. 

Major utilities like Canada’s Hydro-Québec recognize these threats and are beginning to explore solutions. The company, which oversees Québec’s generation, transmission, and distribution systems, recently partnered with the University of Toronto and Toronto Metropolitan University to develop quantum-hardened cybersecurity measures supporting the migration from classical to advanced computing infrastructure. 

Quantum computing research. Image used courtesy of Lawrence Berkeley National Laboratory

Countering Quantum Attacks with Quantum Solutions

Quantum machine learning uses high-power computers to improve advanced algorithms' training speed, efficiency, and performance. Quantum computers can be trained to identify quantum data and classical information used in conventional computing. In power grids, this approach can be applied to telemetry measurements and Transmission Control Protocol or IP packets flowing through real-time current/voltage measurement devices, which output samples of noisy periodic waveforms. Attackers could target the sampling device or its physical dynamics generating the waveform. 

Fortunately, utilities can deploy a similar approach to detect such attacks on measurement devices. One recent study tested a quantum machine learning framework that could predict anomalies with a 25% accuracy advantage in quantum-generated datasets. 

While still in their infancy, quantum machine learning tools will likely be exponentially better at detecting cyberattacks than their classical counterparts. In the case of a quantum attack targeting a current/voltage measurement device, grids can deploy a quantum supervisor algorithm to detect interference at the point in which the wavefunction samples are generated. This algorithm would differentiate normal noisy data from anomalous false data injection initiated by the attacker from quantum data. 

Diagram showing how a supervisor algorithm observes waveform samples and predicts whether they’re normal or anomalous. Image used courtesy of Frontiers in Energy Research 

Quantum algorithms can also help utilities phase out legacy key generation with more advanced, harder-to-crack methods. Cryptographic keys, created from a series of random numbers generated by an algorithm, must be unpredictable by nature. However, many existing solutions cannot guarantee output quality, leaving IoT devices like smart meters vulnerable. 

Predicting Quantum Threats in Power Grids

The University of Toronto researchers will develop quantum security solutions that can crack algorithms and cryptography far quicker than conventional computers. Supported by a $1.45 million grant from Canada’s Natural Sciences and Engineering Research Council, the plan will devise new models to predict the type of quantum versions of classical data likely to arise in a vulnerable power grid. They’ll also perform anomaly and attack detection on that information. 

The researchers have teamed up with Hydro-Québec and Xanadu. The latter operates PennyLane, an open-source library of quantum computing software, demonstrations, and documentation. The Toronto Metropolitan University team will use PennyLane to investigate quantum machine learning frameworks and develop customized post-quantum cryptography and communication solutions for smart grids and industrial control equipment. 

The project aims to assemble a roadmap outlining steps utilities can take to migrate their IT systems into a quantum-ready state. Two cybersecurity firms, Crypto4A, and evolutionQ, will aid the effort with their expertise in quantum-safe cryptography software and other modules for securing digital infrastructure. EvolutionQ recently unveiled a cryptographic protocol providing enhanced end-to-end encryption protection against classical and quantum threats alike. 

Transitioning to Quantum Attack Detection

Ultimately, it could be decades before utilities and transmission systems adopt quantum attack detection algorithms. Yet, the urgency of transitioning to quantum-safe cryptography is clear today. Mosca’s Inequality Theorem suggests organizations should consider the expected timeline of migrating to quantum-safe systems and then add that result to the “shelf-life time” required to keep their existing data secure. If that figure is greater than the time for a quantum threat to emerge, it might be too late to protect the organization’s critical assets. 

Some grid device manufacturers are already building quantum protection into their products. In 2023, Honeywell was one of the first companies to incorporate quantum computing-hardened encryption keys into smart meters used by electric and gas utilities. 

The company worked with Quantinuum—formed from the merger of Honeywell Quantum Solutions and Cambridge Quantum—to develop encryption software that generates keys through quantum computing-enhanced randomness, making them unpredictable.