Welcome to the new Energy Central — same great community, now with a smoother experience. To login, use your Energy Central email and reset your password.

Episode #168: 'Securing the Future with Quantum-Safe Networks for Utilities, Part 1' with Nokia’s Mauricio Subieta, Chief Technology Officer, and Hansen Chan, IP Solution Marketing Manager [an Energy Central Power Perspectives™ Podcast]

Be sure to sign into your Energy Central account (register for free here) to access this full post with the podcast recording.

Note: this is a two part episode so we can fit in all of these experts’ tremendous insights. This marks part 1, with part 2 published later that same week and can be found here: https://energycentral.com/o/energy-central/episode-169-securing-future-quantum-safe-networks-utilities-part-2-nokia%E2%80%99s

The importance of cybersecurity for the power grid is at the forefront of all utility decision makers’ minds. As the types of threats evolve and the nature of technology used by bad actors progress, so too must the preparations and the tools deployed by utilities to ensure the grid remains secure and resilient. Among the state-of-the-art adaptations utilities must now be considering are quantum-safe networks, a leveling up of the type of necessary technologies and protocols. Taking this leap to the new era of securing the grid can be much to grasp, which is why this episode of the Energy Central Power Perspectives Podcast brings in the industry leaders who can address and break down the necessary precautions. 

 In this episode, Mauricio Subieta, Chief Technology Officer of Nokia's Energy Segment, and Hansen Chan, Product Marketing Manager at Nokia, join the podcast conversation to delve into the forefront of these digital utility topics in the face of continuing cyber threats to the grid. Listen in as Mauricio and Hansen join podcast host Jason Price and producer Matt Chester to demystify the concept of quantum-safe networks, exploring the intersection of quantum computing and cybersecurity. From defining quantum threats  to unraveling the evolving threat landscape, they provide crucial insights into the necessity and urgency of quantum-safe security measures for power utilities. The conversation also includes practical steps for preparedness and ultimately the transformative impact of quantum-safe networks on utility business practices. Tune in to gain a deeper understanding of this critical facet of modernizing the energy sector.

Prefer to Read vs. Listening? Scroll Down to Read Transcript

Thanks to the sponsor of this episode of the Energy Central Power Perspectives Podcast: Nokia

 

Key Links:

Mauricio Subieta on Energy Central: https://energycentral.com/member/profile/mauricio-subieta 

Hansen Chan on Energy Central: https://energycentral.com/member/profile/hansen-chan 

Nokia on Energy Central: https://energycentral.com/Nokia 

Securing IEC 61850 communications: https://pages.nokia.com/T009TB-securing-IEC-61850-communications.html 

Ask a Question to Our Future Guests: Do you have a burning question for the utility executives and energy industry thought leaders that we feature each week on the Energy Central Power Perspectives Podcast? Do you want to hear your voice on a future episode? Well starting in 2024, we’re offering you that opportunity! Head to this link where you can leave us a recorded message, including a question you’re eager to have answered on a future episode of the podcast. We’ll listen through them, pick out the right guests in our upcoming lineup to address them, and you’ll hear yourself as a part of the conversation! Energy Central on SpeakPipe: www.speakpipe.com/EnergyCentralPodcast 

 

TRANSCRIPT

Jason Price:

Welcome to the Energy Central Power Perspectives Podcast. We bring leading minds from the energy industry into the podcast booth to discuss the challenges and trends that are transforming and modernizing our energy system. And a quick thank you to Nokia, our sponsor of today's show. Now let's talk energy. I'm Jason Price, Energy Central Podcast host and director with West Monroe, coming to you from New York City. And with me as always from Orlando, Florida, is Energy Central producer and community manager, Matt Chester. Matt, we're recording this episode today in the aftermath of DISTRIBUTECH 2024, where I know you had a chance to chat with today's two guests. How about giving our audience a rundown of what you heard and learned from these two industry pros as a precursor to today's conversation?

 

Matt Chester:

Definitely Jason. And actually I point our listeners to the full interview article that I put together with one of the guests today, which I'll be sure to put a link to in the show notes. But what we spent some time chatting about were the crucial themes of modernization and digitalization in power distribution, particularly emphasizing the integration of renewables and demand variability management as we look to the future of increased automation, machine to machine interaction, and grid optimization.

The experts that we're going to speak with today are cautioning against over hyped expectations in areas like AI, but also emphasizing the importance of practical solutions and collaboration for meaningful progress. And overall, I'd say as the power sector moves towards a more resilient and sustainable future, the themes that we focused on at DISTRIBUTECH and that we'll be focusing on today are those of innovation and collaboration.

 

Jason Price:

Thanks, Matt. That's a great appetizer to what is going to be a critical and valuable conversation on the podcast today. And as you mentioned, we're thankful to be welcoming two guests today to dive into some of the key digital utility topics, specifically in the phase of rising cyber threats to the grid. So first we can welcome on Mauricio Subieta, the chief technology officer of the energy segment at Nokia. Welcome to the podcast Mauricio.

 

Mauricio Subieta:

Thank you very much for the opportunity. Really happy to be here and answer any questions you may have Jason.

 

Jason Price:

Fantastic. And joining him is a colleague Hansen Chan, IP solution marketing manager for Nokia.

 

Hansen Chan:

Oh, thank you Jason. I'm very happy to be here. Thanks for having me.

 

Jason Price:

Before we dive into this rich topic of cyber, I want to make sure our listeners really understand each of your roles. So please, I'd love to give you a chance to introduce yourselves even more fully and Mauricio, why don't we give our audience a bit of your background and what your role is today and then Hansen, you do the same? How does that sound?

 

Mauricio Subieta:

Sure. Like you said, I am Mauricio Subieta, I am the energy CTO for Nokia. I'm focused on the energy segment and specifically in electric utilities. The focus that I have is on bringing solutions to electric utilities for communication platforms that will enable them to operate their mission critical networks. I joined Nokia about eight years ago after working for an electric utility myself. I was the actual network engineer and solutions architect for the networks that were being deployed at the time. And I also was looking into the cybersecurity compliance that has to be met by the electric utilities in the United States. I also was a security engineer while working on that assignment. Before that, I used to work as a network designer and architect for wireless networks and that's what I've been doing most of my life after I graduated from school.

 

Jason Price:

That is great. Hansen, you want to do the same?

 

Hansen Chan:

Okay. So Hansen Chen, I'm on the IP solution marketing team for the enterprise. I started my career in telecommunications as a protocol test engineer focusing on network protocols. Then I became a large network designer or architect working with carriers around the world. Then I became a product manager for IP and PLS and then 10 years ago I joined the marketing team. I enjoy this role because I enjoy this entangling, a lot of complexity of our product implementation in a way that our users can appreciate and understand capabilities and they can use our features to help them work every day. So I really enjoy this work.

 

Jason Price:

That's great. Okay, fantastic. So we brought you in today because of a rather I would say interesting and perhaps intimidating topic. It's called the Quantum-Safe Network and we're really intrigued to hear more about it. So how about easing our audience into this complex topic, Mauricio and then Hansen, what exactly is Quantum-Safe Network?

 

Mauricio Subieta:

Well, a Quantum-Safe Network is the one that is capable of sustaining any analysis of the encryption algorithms that are used and potential decryption of such breaking of those algorithms by a quantum computer. So this is something that mathematicians and cryptoanalysts have been doing for a long time, trying to find the best way to ensure that the information maintains its secrecy and its integrity by using algorithms that actually use prime numbers and use convoluted mathematical techniques in order to ensure that the message can be encrypted one way and be decrypted on the other end of the transmission line without any potential eavesdropping or additional decoding of that information. So Quantum-Safe computers will allow you to maintain that secrecy even with the advent of quantum computers, which could potentially be used to crack those codes and crack that encryption algorithm mechanism.

 

Jason Price:

Hansen?

 

Hansen Chan:

I think a network first and foremost have to be safe or secure, right? That's why the security team have all kind of tools to make it secure. But for the computer, as Mauricio explained, this really changed the game. So that's why a whole new consideration and different tools need to be considered to be able to cope with this changing landscape.

 

Jason Price:

Okay. So keep in mind that our audience, Energy Central, represents a broad range. So people may not be familiar with some of the terminology. So the term quantum of course, I guess from a sci-fi sense may conjure up that great show Quantum League, but what exactly is quantum computers? Is this term more people would be familiar with and is it being used appropriately in the conversation that we're having today?

 

Mauricio Subieta:

I think so. Quantum computing is just like the next evolution of the computing technologies that we're seeing nowadays. We've actually been developing the chips and the silicon for many years and we had a Moore's law that expected that the power and the performance of a computer was going to double every so many months and many years, sometimes in so many weeks. And that was just because we were able to miniaturize the components within a computer to more and more smaller scales. And while there is a physical limitation on that, and there is actually limits that are imposed by physics that you cannot go any better. So the Moore's law has been something of a non-sequitur anymore, as it hasn't been meeting its purpose.

Enter quantum computers, the quantum computers are based on a completely different type of model. Whereas we use bits and electrical sort of signals in the normal computers, within quantum computers we use qubits, which are basically particles, subatomic particles in certain states that would represent the information just as electric impulses would do, represent a zero or one.

So that coupled with some additional properties of the actual quantum realm, like superposition and entanglement make the capacity and the possibilities of computing at a quantum computer significantly far better compared to any computer that you would look at from a traditional point of view. And that's one of the reasons why people are doing a lot of research because nowadays mathematical requirements for multiple different types of use cases. Think AI for example, we talk about large language models, that now we can go and use websites like ChatGPT and applications like those that they have where a computer can perform many, many mathematical calculations, matrix multiplication operations that will result in answers that are completely based out of this huge knowledge base that will be completely understandable.

So the number of operations that can be done with regular computers can be surpassed significantly by a quantum computer. So more and more applications that rely on large mathematical sets of operations, complex operations, they will be possible when the quantum computer become a reality. Right now, quantum computers are still a research topic for many reasons. One of them is the actual complexity of building a computer like this because of the knowledge required from all the people working on this. Not a lot of people are very much versed in applications on quantum computers or what quantum computers require, but also because quantum computers are very sensitive of interacting with the regular environment that we know as reality.

And as such, they have to be super cool and they have to be built in an environment in which there's a lot of care on how certain characteristics like coherence or decoherence in the quantum world parlance are maintained. So these are only done by really large institutions and really large universities or research groups that can support such investment. And I don't know Hansen, if you have something to add to that, please.

 

Hansen Chan:

Yeah, so maybe I can add a bit of color to what you have explained, which is a lot of details, a lot of great details. I think quantum computers started as more of a academic interest. This idea of quantum computer was first brought up by a physicist called Richard Feynman. So I think his idea at that time was to use quantum computer to simulate a quantum system, which was a little bit natural use. And then as more mathematicians come out of algorithms that can make use of quantum computers, the interest in quantum computers becomes more intense. I think one thing that's important, so it's very true that quantum computer can perform exponentially more operations than a classical computer today, but the real trick is to find an algorithm that can really harness those powers.

You cannot just run today's program on a quantum computer just like that, trying to accelerate and speed up the calculations. You need to have a algorithm that can actually use those quantum states, calculations, and that's where the algorithms comes in. And as people, as those scientists understand it better, they come up with different algorithms to solve different problems, especially a lot of those mathematics problem that lead to where a topic of today, which is encryption. So there are algorithms being published, but that can break a lot of those algorithms that we depend on to encrypt our data.

 

Jason Price:

Yeah, I mean this is really a complex topic, it's really amazing. Tell us about your journey to get here. How did you both get involved and interest in the world of quantum computing and quantum security?

 

Mauricio Subieta:

One of the things, as I mentioned as part of my background was related to working as a security engineer and a compliance officer while working in utility. And to Hansen's point at the beginning, a very important factor of running a electric utility communications network is for it to be safe. And safe because it runs operations that actually could potentially affect the way that we live our lives on a day-to-day basis if somebody were to break in into them and basically start wreaking havoc. And obviously utilities and other industries related to energy are considered critical infrastructure and as such, they have to meet those requirements of really ensuring that the information and the integrity of the information that they're transmitting, it is there.

So that is really where my journey started. It started with the typical cybersecurity IT background of working with firewalls and working with mechanisms to ensure that traffic was safe from a user perspective. But it all then went down as I was working with utility to cover mission critical operations on a real time basis. And that's really where I found that cybersecurity is quite important. Obviously having the integrity in our information and the privacy in our information, personal information, records and whatnot, it is very, very important. We see more and more ransomware attacks that are hitting that side. We could be potentially more significant if those bad and threat actors actually jump into a mission critical network like a utility and start making damage or causing damage by affecting the way that the equipment works, which has a definitely cascading effect. Because imagine schools and hospitals and first responders, all of that infrastructure that we sometimes take for granted really right now works on electricity.

So if that is disrupted, everything else is disrupted. So I think that that was one of the reasons why I started looking at cybersecurity and as looking into what are the current threats and the potential future threats, because you always have to build a network that will many, many years. Then you look into the topics of Quantum-Safe Networking and I think that's really how I ended up covering this topic and learning a lot of the journey that we have internally in Nokia just side by side with Hansen.

 

Hansen Chan:

So for me, the word quantum has some sentimental feeling. I mentioned Richard Feynman earlier, and Richard Feynman who first proposed the idea of quantum computers actually happens to be my high school hero. I loved physics in my high school days. And then actually my math teacher point to me about Richard Feynman, so I bought literally his book, and then read about quantum physics. And then I start to be attracted to quantum physics for many years. And the topic came up now in the last few years, Quantum-Safe Networking, and then quantum computer, and then wow. So it really attract me and that's why I dived into it and understand more. I enjoy with this work trying to understand and how to help our customer to safeguard against quantum threats.

 

Jason Price:

Okay, so cybersecurity is major issue across all industries practically. You've done a nice job, both of you laying out complexities of the industry and the role of quantum computers. Tell us now, why does the presence of quantum computing create a new type of security concern for power utilities? What new vulnerabilities does it introduce or are there also advantages for the utilities with quantum computing? Let's dig into that please.

 

Mauricio Subieta:

Sure. I think that, like I mentioned just a minute ago, looking at a overall policy of cybersecurity and looking at how to maintain that integrity on the network really involves looking into the future. And one of the things that we've been doing for a lot of years in order to meet compliance for NERC CIP for example, is to maintain all the traffic always encrypted from an end-to-end perspective. So the threat for that is really related to quantum computers because as I mentioned really at the beginning and the question about quantum computers and why they're a threat, it's because those algorithms that are used to encrypt are strong when it comes to supporting any brute force attack, any kind of basically trying to figure out the combination of numbers in the algorithm to decrypt that information from a traditional perspective. Because of the actual architecture of a quantum computer, that task can be significantly reduced in time.

Typically the time that it takes for the current algorithms that are protecting our networks, encryption algorithms, are counted in a large number of years. And when I say a large number of years, we're talking about hundreds of thousands of years. With the actual quantum computer event, that time can be reduced in multiple orders of magnitude such that it could actually be used to break encryption in a matter of days, hours even. So it is very important for us to look into how to maintain the integrity of a network, the security of a mission critical operation network, and potentially also protect the data that's encrypted from a different perspective, from the customer information that's in the utility or from any other type of personal record information that may be held in really anywhere in any other industry. Because one of the things that we're seeing is that just as we are developing quantum computers, we're developing technology that allows us to store a lot of information and right now, we have almost no limit of how much information we can gather. And potentially that information could be decrypted later.

There is this threat of harvest and decrypt later, meaning that all the information that right now could potentially be of interest can be saved and then once the quantum computers are available, could be decrypted very easily such that that information could be also used for not necessarily the right intended purpose or nefarious purposes, I should say. So I think that is one of the reasons why we look into Quantum-Safe Networks to ensure that even when and if the quantum computers really become as feasible and as adept at doing this type of calculations to decrypt the data, then the information would still remain safe, whether it's a transit or if it's stored somewhere in a static state. Hansen?

 

Hansen Chan:

Yeah. So maybe I can add a little bit specifics. So the new threat is such that... I talk about the algorithm just now. So specifically, so there's quantum algorithms like the one devised by Peter Shaw that his algorithm can really solve the factorization of a humongous prime number. Factorize, do a prime factorization of a humongous number to be correct. Some encryption algorithms, especially those asymmetric encryption algorithms, like Diffie-Hellman, relies on that capacity to do a prime factorization so which cannot be solved easily, even with a casual computer with a large compute power.

But now with quantum computer together with SHO algorithm, this can be solved. So that means that the private key exchange is now unsafe. It can be cracked easily by bad hackers with access to quantum computers. So those are the new things that change the encryption landscape completely. So a lot of the encryption package and software are no longer able to protect communications. So we have looked at new ways or new encryption to protect communications.

 

Jason Price:

Okay. Both of you have been alluded to new threats, so I'd like to talk about that. Share with us what are some specific threats coming these days that necessitate elevating systems to Quantum-Safe levels?

 

Mauricio Subieta:

The threats that are coming in are basically one of the things that Hansen just mentioned. There's now an algorithm that if properly employed by a quantum computer can decrypt the current mechanisms that are being used in the world to encrypt information. So we've seen multiple different types of attacks starting from ransomware, from massive infections, and also from people that are just going out there trying to extract information and extort their owners, I'm not releasing them publicly. Typically ransomware attacks are related to that one, to the extortion attacks. So those are threats that we see normally on a day-to-day basis. However, in the mission critical operations, the threats that we see are a bit different. But we're also seeing people that basically wanted to hurt somebody or a certain population or they had a grudge and they wanted to basically do some damage.

We saw attacks on water utilities for example, where in the actual plants, the purification plants, more of certain chemicals were added to the water and it made it toxic. We've also seen places that are motivated to actual damaging the response infrastructure where we've seen turbines being spun at much, much higher speeds than they're supposed to operate normally, creating large damage and even basically destroying the generation plants. In California, we've seen people that go out there and start shooting at transformers, and that was back in the day of 5G, because they thought that 5G was basically hurtful to the bodies or it was some other type of conspiracy theory. So those attacks are changing and in the specific realm of Quantum-Safe computers, we're seeing more and more people that are trying to find ways to store information that is traversing the network, especially when it goes through commercial carriers because it's very difficult now to ensure that all the carriers or all the communication networks publicly available, including the internet, are safe from being completely private.

So we see those and that's one of the reasons why the threats that we're encountering nowadays plus the reliance on the actual systems to be running 24/7 more so now than before, are making things quite more critical to ensure that their survivability continues. But it also continues in a coherent and consistent manner that we just cannot assume that there will be burnouts or blackouts that you see sometimes because of high demand in the electrical grid. So they have to be constantly communicating, and that's one of the things that we see as really a key factor for us to be in this segment specifically providing Quantum-Safe Networks to ensure the reliability of the electrical grid, not only in the United States but throughout all the countries that we serve.

 

Matt Chester:

This is podcast producer Matt Chester chiming in again here. The conversation with Mauricio and Hansen was so insightful and in depth that we didn’t want to cut any of it out of the final podcast. To make room for it all, then, we decided to make this a two part episode, so be sure to stay plugged into your podcast feed for the second half of this conversation dropping later this week.

 

Jason Price:

We also want to give a shout out of thanks to the podcast sponsor that made today's episode possible. Thanks to Nokia, it's time to start making great communications Quantum-Safe. Power utilities are extending IEC 61850 enabled automation beyond substations to power the journey to software centric, data-driven grid operations. But sending IEC 61850 communications over the WAN exposes the grid to cyber threats that put confidentiality, integrity, and availability at risk. The white paper from Nokia entitled Securing IEC 61850 Communications, explores the major threats to IEC 61850 communications in the WAN, including eavesdropping and in the middle, denial of service and future quantum computing attacks.

Find out why it's time for utilities to start building a quantum ready cyber defense and how they can do it with a multilayer defense in depth approach that encompasses encryption, firewalls, access control lists, and network segmentation. Download the white paper from Nokia in the show notes or the EnergyCentral.com post for this episode today. And once again, I'm your host Jason Price. Plug in and stay fully charged in the discussion by hopping into the community at EnergyCentral.com. And we'll see you next time at the Energy Central Power Perspectives Podcast.

 


About Energy Central Podcasts

The ‘Energy Central Power Perspectives™ Podcast’ features conversations with thought leaders in the utility sector. At least twice monthly, we connect with an Energy Central Power Industry Network community member to discuss compelling topics that impact professionals who work in the power industry. Some podcasts may be a continuation of thought-provoking posts or discussions started in the community or with an industry leader that is interested in sharing their expertise and doing a deeper dive into hot topics or issues relevant to the industry.

The ‘Energy Central Power Perspectives™ Podcast’ is the premiere podcast series from Energy Central, a Power Industry Network of Communities built specifically for professionals in the electric power industry and a place where professionals can share, learn, and connect in a collaborative environment. Supported by leading industry organizations, our mission is to help global power industry professionals work better. Since 1995, we’ve been a trusted news and information source for professionals working in the power industry, and today our managed communities are a place for lively discussions, debates, and analysis to take place. If you’re not yet a member, visit www.EnergyCentral.com to register for free and join over 200,000 of your peers working in the power industry.

The Energy Central Power Perspectives™ Podcast is hosted by Jason PriceCommunity Ambassador of Energy Central. Jason is a Business Development Executive at West Monroe, working in the East Coast Energy and Utilities Group. Jason is joined in the podcast booth by the producer of the podcast, Matt Chester, who is also the Community Manager of Energy Central and energy analyst/independent consultant in energy policy, markets, and technology.  

If you want to be a guest on a future episode of the Energy Central Power Perspectives™ Podcast, let us know! We’ll be pulling guests from our community members who submit engaging content that gets our community talking, and perhaps that next guest will be you! Likewise, if you see an article submitted by a fellow Energy Central community member that you’d like to see broken down in more detail in a conversation, feel free to send us a note to nominate them.  For more information, contact us at [email protected]. Podcast interviews are free for Expert Members and professionals who work for a utility.  We have package offers available for solution providers and vendors. 

Happy listening, and stay tuned for our next episode! Like what you hear, have a suggestion for future episodes, or a question for our guest? Leave a note in the comments below.

All new episodes of the Energy Central Power Perspectives™ Podcast will be posted to the relevant Energy Central community group, but you can also subscribe to the podcast at all the major podcast outlets, including: