SIF R3 Discovery - Network Security in a Quantum Future
Project summary
The energy system is key to UK critical infrastructure.
| Name | Status | Project reference number | Start date | Proposed End date |
|---|---|---|---|---|
| Network Security in a Quantum Future | Live | 10103996 | Mar 2024 | May 2024 |
| Strategy theme | Funding mechanism | Technology | Expenditure |
|---|---|---|---|
| Data and digitalisation | SIF Discovery - Round 3 | Cyber Security | £169,857 |
It must be secure against state actors, organised crime, and other potential threats. Emerging quantum computing technology will open significant new attack vectors against existing cybersecurity. This project will investigate the quantum threat to the energy system's cybersecurity, developing a novel assessment framework and a prioritised mitigation approach. The aim is to ensure that critical energy infrastructure remains secure in a post-quantum era, applying expertise in quantum and cybersecurity to cut through the hype, helping the industry to understand the actual threat and timelines, and enabling mitigation strategies to be developed.
Innovation Justification
How does your Project demonstrate novel and ambitious innovation in the energy networks?
Innovation:
This project brings an understanding of the quantum threat to energy systems and development of associated mitigations. The novelty lies in the assessment of the timescales of information and asset lifespans across the current and future energy network, the consequential threat, and mitigating actions --incorporating this into a usable (and scalable) framework for the industry. The project will deliver an understanding of the specific threats, and enable development of an improved cybersecurity approach. It will protect consumer value by helping to prevent future cybersecurity vulnerabilities, and resultant cost from actual attacks.
Advancing Previous Research:
This project brings insight from the project partners' current research on methods for assessing cybersecurity threats. Quantum computing is a nascent and developing technology, leading to hype and a cloudy understanding of its applications, potential threats and timescales.
The project will review current developments to design a framework that delivers clarity on the relevant threats, tailored to the energy system.
It will then explore novel approaches to making decisions about the energy system's mitigating actions to the quantum threats, informing a comprehensive framework for selecting the most appropriate mitigation.
This project delivers a step change in risk assessment and mitigation, moving significantly beyond current approaches by:
taking a holistic approach to understanding the quantum cybersecurity threat;
considering lifespans of information and assets;
enabling development of tailored mitigations.
The Discovery phase will raise maturity level of the project's technologies, integration, and commercial readiness from:
TRL1- \> TRL3 (Proof of principle)
IRL1- \> IRL2 (Characterised concept)
CRL1 -\> CRL2 (Initial market analysis)
The project team is exceptionally qualified to address this innovation challenge, combining expertise and experience on quantum computing, cybersecurity, and the energy systems.
Need for SIF Funding:
The quantum cybersecurity threat is an industry-wide challenge of national importance. The uncertain timing, nature, scale, and impact means it falls outside the scope of normal strategic planning. This project enables collaboration across energy networks, industry, and academia to create new methodologies and solutions, appropriate to the whole energy industry. The SIF phased structure will facilitate exploring beyond business-as-usual, to deliver cross-industry impact.
Counterfactual Solutions:
Most current research is insufficiently specialised to the energy industry, providing a snapshot of the current state of cybersecurity threats, and implementing blanket "one-size-fits all" mitigation strategies. This is not appropriate for energy systems, given their wide variability in infrastructure and assets; nor efficient, as it results in ineffective or over-specified mitigations.
Impacts and Benefits
Future Reductions in the Cost of Operating the Network:
Significant savings can be realised by identifying the correct mitigation for the quantum cybersecurity threat, providing means to evaluate criticality of assets to the network and assessment of the most cost-effective mitigation strategies. This will help avoid over-specification of low-priority assets, and under-specification of critical assets, as relating to cybersecurity threats, enabling effective forward planning for long-term asset investment. This will help reduce the vulnerabilities to cyberattack, limit the severity of detrimental impacts to the system, and reduce long-term costs from remedying unexpected issues. Logistics provider Maersk estimated a recent cyberattack cost $300m to fix.
Cost-Savings per Annum for End Users of the Network Services:
In December 2015, the Russian cyberattack on Ukraine left 1.4m homes without power. By reducing the risk of significant cyberattacks, this project also reduces the associated ongoing cost of defending (and insuring) against cyberattacks. This saving can be measured, and estimates made of how much may be passed on to end consumers. Lowering the risk of attack reduces the attendant cost to consumers of dealing with consequences of a successful attack; such costs will be estimated in Discovery. Furthermore, those who suffer the most from system outages are vulnerable customers, for whom energy is vital to support their essential needs, or who lack resources that would otherwise allow them to mitigate the impact of an outage.
New to Market Processes and Services and Creation of New Revenue Streams:
The framework generated by the project will be a novel quantum cybersecurity risk assessment and mitigation approach, incorporating the encryption lifecycle of operational data related to systems or assets. This process can be operationalised and embedded in future analysis by the energy networks. The approach developed through Discovery (and subsequent phases) could be offered to other infrastructure-heavy industries (e.g., transport, water), or to other countries whose critical infrastructure faces the same challenge. Initial estimates (tbc) indicate an opportunity to target 0.5%-1% of the cybersecurity market, valued annually at £10.1bn in the UK and £40.8bn globally.
Others:
The key benefit realised by this innovation, not explicitly captured by other SIF metrics, is the de-risking of the cybersecurity of the energy network assets and systems in the post-quantum world. This reduction in risk will ensure energy network resilience in the future when quantum computing is available, securing the continuous secure operation of services for consumers.
| Name | Published |
|---|---|
| Network Security in a Quantum Future Final | 20 May 2024 |
| Network Security in a Quantum Future Report 3 | 3 May 2024 |
| Network Security in a Quantum Future Report 2 | 3 May 2024 |
| Network Security in a Quantum Future Report 1 | 3 May 2024 |
| SIF Round 3 Project Registration | 11 Mar 2024 |