Cybercriminals and hackers target businesses of all verticals and sizes. Whether for account access, financial gain, identity theft or pure nuisance value, the impact of a breach can be felt across the organization and beyond. However, when the target of an attack is part of a nation’s critical infrastructure, a line is crossed, and cyber-crime may become cyber terrorism. The threat level moves beyond financial to existential.
The successful injection of rogue data into utility and communications networks could result in catastrophic harm. The ability to hack the power grid and “turn off the lights” could be a cover for other nefarious acts but may also be an objective in its own right. Disabling internet connectivity, for even a short period of time, can cost millions in lost revenues.
An evolving threat landscape
Since the turn of the millennium, we have seen an alarming increase in the number of state-sponsored attacks targeting critical infrastructure. Foreign states have been accused of everything from tampering with national elections to persistent attacks on energy supply networks. Last year, Australia was subjected to what was called a malicious, large-scale cyberattack by a sophisticated state-based cyber actor. The attacks targeted government, industry, healthcare and other providers of critical infrastructure services.
The traditionally siloed networks serving critical infrastructure operations have become, through necessity, connected to the Internet. Whilst this has facilitated operational efficiencies, like remote monitoring, Smart Grid applications and IoT enabled devices, it has exposed the network to a wide range of threats.
Attacks on power utilities have been among the most high-profile. In 2015/2016 Ukraine suffered major power outages as the result of cyberattacks that were designed to “physically damage the power grid”. However, power generation is not the only critical network so suffer a major breach. Earlier this year, the security incident at the water treatment plant in Florida highlights the existential threat posed by unsecure utility networks.
SCADA networks are common within critical infrastructure organizations and are vulnerable to attack. Like many industrial control systems, SCADA networks rely upon trust, so the integrity and authenticity of data is of paramount importance.
Prevention versus protection
The regularity with which systems are breached suggests traditional prevention technologies do not provide sufficient long-term security. A robust data security stance also demands the use of protection technologies to ensure trust. Cyber security for mission critical applications requires defense in depth, with different layers of protection, and where strong state-of-the art data encryption represents the last line of defense.
High-assurance network encryption, combined with quantum key generation and distribution (QKD) technologies, are already being used to provide long-term data protection for critical national infrastructure. Robust, quantum-resistant encryption solutions are designed to provide security for the effective lifetime of any lost or stolen data. At the same time, quantum technologies that leverage the observer principle (observation causes perturbation) are being used to ensure the integrity and authenticity of command-and-control data as it travels across public and private network infrastructure.
Pioneering QKD for critical infrastructure
As a world leader in the field of quantum key distribution, ID Quantique has been at the forefront of quantum cryptography in the utilities industry. Since 2019, IDQ has been working with Services Industriels de Genève (SIG), Geneva’s utility company. Part of the OPENQKD project, SIG has been leveraging quantum technologies to secure data in motion between data center facilities.
IDQ has also been working in partnership with Hitachi ABB to provide security for its mission-critical networks. The ABB encryption solution leverage IDQ’s hardware based QRNG solution and supports QKD for long-term data protection.
- You need better and new solutions now (check reports from NSA, ETSI, CSA, etc.)
- Only QRNG should be used to provide certified and provable randomness
- Strong encryption, combined with QKD, should be used to ensure sovereignty and data ownership for the next decade
If you’d like to know more about how to leverage quantum technologies to secure critical national infrastructure or speak to one of our consultants, contact us at firstname.lastname@example.org
Feel free to also watch the replay of our joint webinar with Hitachi ABB Power Grids to find out how:
- IDQ and Hitachi-ABB Power Grids are meeting the challenges of securing utilities’ networks
- The unique challenges associated with command and control networks for critical infrastructure
- How quantum technologies can be used to provide long-term data network security in a post-quantum computing world