Welcome to the new Energy Central — same great community, now with a smoother experience. To login, use your Energy Central email and reset your password.

Episode #169: 'Securing the Future with Quantum-Safe Networks for Utilities, Part 2' with Nokia’s Mauricio Subieta, Chief Technology Officer, and Hansen Chan, IP Solution Marketing Manager [an Energy Central Power Perspectives™ Podcast]

Be sure to sign into your Energy Central account (register for free here) to access this full post with the podcast recording.

Note: this is a two part episode so we can fit in all of these experts’ tremendous insights. This marks part 2, so if you missed part 1 we invite you to check that out first at this link: https://energycentral.com/o/energy-central/episode-168-securing-future-quantum-safe-networks-utilities-part-1-nokia%E2%80%99s

The importance of cybersecurity for the power grid is at the forefront of all utility decision makers’ minds. As the types of threats evolve and the nature of technology used by bad actors progress, so too must the preparations and the tools deployed by utilities to ensure the grid remains secure and resilient. Among the state-of-the-art adaptations utilities must now be considering are quantum-safe networks, a leveling up of the type of necessary technologies and protocols. Taking this leap to the new era of securing the grid can be much to grasp, which is why this episode of the Energy Central Power Perspectives Podcast brings in the industry leaders who can address and break down the necessary precautions. 

 In this episode, Mauricio Subieta, Chief Technology Officer of Nokia's Energy Segment, and Hansen Chan, Product Marketing Manager at Nokia, join the podcast conversation to delve into the forefront of these digital utility topics in the face of continuing cyber threats to the grid. Listen in as Mauricio and Hansen join podcast host Jason Price and producer Matt Chester to demystify the concept of quantum-safe networks, exploring the intersection of quantum computing and cybersecurity. From defining quantum threats  to unraveling the evolving threat landscape, they provide crucial insights into the necessity and urgency of quantum-safe security measures for power utilities. The conversation also includes practical steps for preparedness and ultimately the transformative impact of quantum-safe networks on utility business practices. Tune in to gain a deeper understanding of this critical facet of modernizing the energy sector.

Prefer to Read vs. Listening? Scroll Down to Read Transcript

Thanks to the sponsor of this episode of the Energy Central Power Perspectives Podcast: Nokia

 

Key Links:

Mauricio Subieta on Energy Central: https://energycentral.com/member/profile/mauricio-subieta 

Hansen Chan on Energy Central: https://energycentral.com/member/profile/hansen-chan 

Nokia on Energy Central: https://energycentral.com/Nokia 

Securing IEC 61850 communications: https://pages.nokia.com/T009TB-securing-IEC-61850-communications.html 

Ask a Question to Our Future Guests: Do you have a burning question for the utility executives and energy industry thought leaders that we feature each week on the Energy Central Power Perspectives Podcast? Do you want to hear your voice on a future episode? Well starting in 2024, we’re offering you that opportunity! Head to this link where you can leave us a recorded message, including a question you’re eager to have answered on a future episode of the podcast. We’ll listen through them, pick out the right guests in our upcoming lineup to address them, and you’ll hear yourself as a part of the conversation! Energy Central on SpeakPipe: www.speakpipe.com/EnergyCentralPodcast 

 

TRANSCRIPT

Matt Chester:

Hi, and welcome to the Energy Central Power Perspectives Podcast! If you didn’t listen to part 1 of the conversation we had with Mauricio Subieta and Hansen Chan, then I highly recommend you rewind and listen to episode 168 first which has the first half of this two part series. The conversation with Maurico and Hansen was so compelling that we didn’t want to leave any of it on the cutting room floor, which led to the decision to split it into two episodes. So once you’ve listened to part 1 we invite you back here to listen to part 2 of the conversation. So with that, I’ll let podcast host Jason Price take it away once again

 

Jason Price:

So Hansen, I'd like to shift the topic now from threats to more about learning about the utility. So you're out there in the field, can you give us sort of like a perspective on what you're seeing out there? What types of security technology solutions are being used to protect from quantum threats?

 

Hansen Chan:

Yeah, so I think the good news is today there is security solution and technology that can be used to protect from quantum threats. So if you look at a communication networks, so the network actually is a good first line of defense against utility infrastructure, which is essentially power grid substations, power generations, control centers. So sometimes we see some misconception that since it's a private network, so I'm immune from a lot of those cyber threats. But we actually do see firsthand there is fiber tapping and then they can evolve to actually moving communication traffic between substations or commanding a renewable resource's behavior like the wind turbine control. And so those are trying to compromise integrity of your energy system. So we also see the threat that you can inject traffic to try to overwhelm a key IED, standing for intelligent electrode device that do a critical control function.

So all this can be done. So if you do not protect your traffic by encryption, so now that encryption can be broken. So today, a lot of encryption can be broken with quantum computers, so you need to move up to a Quantum-Safe encryption and there are solution at different network layers, which is at the optical layer, you could use a technology like OTN. OTN stands for Optical Transport Network and also MACsec, operating at a digital layer so to encrypt in each of those communication protocol packets.

So those technologies, they use symmetric encryption. So there is no mathematics behind. What you need is just a source to generate the key with excellent and enlarged entropy or randomness so that it cannot be gassed and also a long enough key and then a strong algorithm to encrypt. And in this case it's what we call ADS, Advanced Encryption Standards. So in this case, this is like you have a deadbolt lock, so you can not really pick the lock, you have to use brute force, which means, so it would take a long, long time even though you may have the most powerful computers including quantum computers. So that's how you can actually attain Quantum-Safe protection for utilities.

 

Jason Price:

Okay Hansen, I want to stay with you though. So when you talk about Quantum-Safe in the industry, what's the market reaction like? What are your customers saying in return to your presentations and what you're saying to them?

 

Hansen Chan:

Interesting that you ask. So actually I was actually in Europe a few weeks ago speaking on this topic and also have a lot of engagement with customers. I think utilities, generally speaking, I think are now very alert to this topic as Mauricio mentioned a few times. So very concerned with all kind of threats. They would try to really have the right security posture and be able to defend.

It's really important these days for utilities. Imagine this, utilities operation have evolved from electromechanical-based relay to now microprocessor-based to very software-based and also very much data-driven. So that means your digital attack service also expands, and that's why they are more vulnerable than in the older days when communications is based on these lines, 56 kilobit per second motor connection to control your standard device. So now there's so many IT components. So they are very well aware of the threat and they really want to protect and close it and close the gap.

 

Jason Price:

Okay. I want to ask both of you about this vulnerability really in the context of level of preparedness. So Mauricio then Hansen, how would you rate the average US utility these days? Or if you want to do it in aggregate, how would you rate the industry? And maybe you want to break it out, electric versus gas versus water. Go ahead, Mauricio and then Hansen.

 

Mauricio Subieta:

I think that obviously we've been working with utilities for a while and we've been following up the needs from a best practices performance perspective as well as from a compliance and regulation perspective. There are certain rules now that utilities need to follow that actually imply the actual use of encryption when communication is being transmitted of mission critical data. So from that perspective, utilities have been following up these best practices and requirements for many years now, and we've been with them basically throughout all this journey as they move from legacy technologies like TDM, like basically the previous technologies like ATM and others or because they're using equipment that was basically renewed and jumped into the packet era with the IP and Ethernet.

So we are seeing that they are prepared, however, not all of them are the same level of preparedness and we still need to ensure that the way that they employ those new... Or actually meet those new best practices is done in a way in which is replicable as well as it's something that they can ensure whatever equipment, whatever technology they're bringing into the network is compatible and interoperable with whatever they have deployed.

So from that perspective, I feel that utilities are prepared, but obviously they are prepared for the current state of threats I would call it. We also need to look in the future as I mentioned before, because we need to start building the infrastructure to meet those future potential threats without any problem as utilities move on their regular operations. The other segments are a bit different because their regulation is not there, which is definitely one of the key topics that utilities have that make them implement these technologies. But then again, they're also starting to see how important, because they're all critical infrastructure as I mentioned before, and I think that's very important to understand that any attacks on DOT infrastructure could potentially have large effects in the rest of the population.

So we're seeing more and more interest on this and we are seeing that more and more of these other segments are starting to employ encryption, they're starting to employ best practices. In some cases they're following the guidelines from the electrical segment, even though they're not bound by the regulation, but they're still seeing that complying with those requirements brings benefit to them. And that's one of the messages that we bring to our customers when we have discussions about security posture and how they can meet threats as they come along into the world. Hansen?

 

Hansen Chan:

Yeah, thank you. I think I started to work with utilities back in 2013. This is now probably around 11 years. At that time, utilities were very much very OT-centric in a sense a lot of technology is from in the past based on TDM communications, these lines. The move to IP-based communications with all the new smart intelligence IEDs and software servers, central core system for automation was just a fantasy at that time. But now of course it start to become more and more deployed. I see that as utilities is modernizing, they create automation system, the substation, and I think they have done a fantastic job, arranged the groundwork, arranged awareness, important education.

So I think utilities are getting there, as Mauricio said. So different utilities are on a different pace in the journey, but I think the point is that, so what they do today, so you want to make sure you can also forestall new threats coming up. So that means your posture need to continue to evolve. So that also means, for example, the tools used today, some of the encryption technology used today, so you have to evaluate whether it can withstand a future threat which is looming in the horizon. If not, what can we do? How can new encryption method be deployed and go over to continue to safeguard your network communications, which is the first line of defense of your grid infrastructure. So I think utilities are also starting to be aware of that need and working on that.

 

Jason Price:

Okay. My next question may seem like it's coming out of left field, but I really have to ask this and that is, most of us who are listening are going to think Nokia? You mean that communication technology and hardware company? So you guys are also in the cyber security space. So how far back does the company go in this area? Just give us a little bit of the history of the cybersecurity work that you've been doing at Nokia.

 

Mauricio Subieta:

Well, Nokia has been supporting utilities for many years, over 30 years. It started with the traditional communication systems like Microwave that was used in order to provide the support for LMR systems and their very first communication systems that were point-to-point. Nokia has actually ended up right now the way it is through many acquisitions of other companies, for example, Alcatel, the merger with Alcatel-Lucent and Nokia Siemens, and then the merger between Alcatel-Lucent and Nokia, Nokia Siemens. Now it's basically Nokia. All of those companies in the history really have accompanied the utilities in the migration process, modernization process of their networks. And as such, some of those requirements really were related to cybersecurity.

In most of the conversations that we have with our customers, we try to understand what are their pain points, where they need more help. And as a communications provider, which we understood from very beginning, what they really needed from that side, we understood that one characteristic was to include mechanisms that would ensure the integrity, the confidentiality, and the availability of information, the CIA of actual security. And so those topics really resulted in us employing and developing algorithms and actually mechanisms that were defined and available from basically standards groups to implement them, not only to make sure that their information was secure within our infrastructure, but that information could be secure end-to-end, even when you are working with networks composed from multiple vendors.

So interoperability, security based on open standards, and documented standards, it was very important. And that's the path that we've had. And as you say, we are not known because of our cybersecurity solutions alone or we are well known because of our telecommunication solutions. But one thing leads to the other, cell communications will definitely lead to encryption. And that's why even though we are not necessarily as commonly placed the names of other cybersecurity providers, we are there providing cybersecurity for most of our customers. And we've done a great job because they seem... And their networks are secure.

Nothing is 100% secure, nothing is 100% invulnerable. That's just unfortunately the reality of any communication systems. However, being prepared for those has been one of the key tenants for us, Nokia, in developing new technologies and bringing solutions. For example, like the Quantum-Safe Networks, we've been talking about this for many years and we're just basically putting a little more emphasis now on the marketing world and so that people can understand what we can provide, but our customers are also aware of how our solutions are helping them meet the current and future requirements. And I know Hansen, you want to add something to that?

 

Hansen Chan:

Yeah, I think cybersecurity obviously is a very big, broad, and deep subject. So I think you have probably have heard about the term defense in depth, multi-layer, security posture security framework. So I think there's many, many different technologies deployed for protection of different kind of attacks. So in Nokia, but particularly in IP and our offering. So we are actually very focused to provide network security from powerful hardware that can actually do packet inspection inside the payload to look for some virus signature, attack signature inside the payload, inside of IP packets without compromising the performance of the router to a smart AI machine learning algorithm to detect such attack.

So the network itself is a very good first line of defense. I think it's important to understand that. So don't waste the capabilities in the network to leverage them to protect your infrastructure. So I think Nokia is pretty good at, so in conjunction with security technology and tools from other companies. So I think you need to have this multi-layer defense in-depth mindset so that you can integrate and orchestrate different security tools together to safeguard your own infrastructure as the threat you want.

 

Jason Price:

Okay. And Hansen, I want to stay with you. So I want to understand what should utilities be doing as say, practical next steps in order to prepare for a Quantum-Safe environment?

 

Hansen Chan:

I think they need to keep themselves informed and updated as the technology of cyber attack evolve, particularly in Quantum-Safe Networking. So in the US, NIST is doing a lot of research and publish a lot of reports, and they're also standardizing new post-quantum cryptography, PQC algorithms. So a lot of those technologies are coming up. So I think utilities need to also understand those and see how those can benefit or can be applicable to their utilities. And then on the other hand, so it is not just about encryption, so there are also the human layer ransomware, phishing, etc. So also you have to really train up the culture in the company so that you have a very strong security posture that will deter any bad hackers from trying to take down or to compromise the power.

 

Jason Price:

So let's talk big picture for a moment. How do you see this new landscape impacting business practices in the utility industry? Mauricio and then Hansen.

 

Mauricio Subieta:

I think that with new threats always come new mechanisms to mitigate the vulnerabilities or the exposure to such attacks. And I feel the path that utilities have basically come through all these years is basically the same thing that's going to continue happening. It is a matter of, like Hansen said, continuous education, understanding of what the threats are, what the technologies are, and so there's a lot of input from us vendors to not only bring in the new technologies that are going to help them mitigate those threats, but also provide the proper information on what those threats really are.

As a matter of us developing the technologies that will make sure the networks are safe, we understand in detail and we can pass this information to a group of people that are by the very definition in the business of supporting an electrical grid, not necessarily a communications or a cryptography system. So that education and that continuous engagement with our customers I feel has made the utilities ready and will continue making them at least available to understand what the threats are, be aware of the threats, be aware of the changes, and continue their forward path of trying to really keep up with how technology is evolving and how they can reap the benefits of set technology. Hansen.

 

Hansen Chan:

Yeah, I think quantum computer itself can also be good use for utilities. So I think on the impact on the landscape, on the positive side, I think quantum computer could be a tool for utilities to use for simulation, render simulation. So collaboration with universities and other quantum computer industry leaders can collaborate with them and do pretty good use. But on the other hand, proactively safeguard the infrastructure. So we protect from any future threat coming down from those bad hackers who may have access to quantum computers.

 

Jason Price:

I feel this is such an important conversation and long overdue on Energy Central. So I really appreciate you sharing this, and we're going to give you the final word, both of you. But we have now reached a point in our show called the lightning round, which gives us an opportunity to learn a little bit more about you, the person rather than you, the professional. So I'm going to ask a series of questions and you keep your answer to one word or phrase. So are you both ready?

 

Mauricio Subieta:

Go for it.

 

Jason Price:

Okay. And we'll go Mauricio, how about you first and followed up by Hansen? Here we go.

 

Mauricio Subieta:

Sounds good.

 

Jason Price:

Okay. Favorite way to spend a day off?

 

Mauricio Subieta:

Fishing.

 

Hansen Chan:

For me is to read a book on Western history after 1789.

 

Jason Price:

Favorite meal to prepare for yourself or your loved one at home?

 

Mauricio Subieta:

Paella.

 

Hansen Chan:

For me it's tacos.

 

Jason Price:

Do you have any hidden talents or maybe hobbies that would surprise your colleagues?

 

Mauricio Subieta:

I keep mine secret. I can juggle six balls at a time, but I keep it so secret nobody can see it.

 

Hansen Chan:

Well, for me, I love playing and now more actually listening to classical competitions, especially those by J.S. Bach.

 

Jason Price:

Very nice. All right. And we're collecting lightning rounds from previous podcasts to ask future guests, and we had on the show Megan Truman of Burns & McDonnell recently ask the following, what piece of technology are you most excited about in the year 2024 and beyond that you think is going to have lasting impacts on the utility industry? Mauricio.

 

Mauricio Subieta:

AI. I think that's one of the things that has happened that has upended everything. Before that ChatGPT announcement came, I think AI was a subject of science fiction movies only. Now it is a matter of going into a website and start asking questions. I think everybody's used it for one reason or another, and I think that has completely changed on how things are going to work. I feel that not only the effect it's going to have in the entertainment industry, in the educational side, and security and defense and other things is going to completely change and push the technology forward in a way that it's going to be remembered as a milestone in human history.

 

Jason Price:

Okay, Hansen?

 

Hansen Chan:

So for me, actually, coincidentally is AI, but I think my question now is that to actually unleash our AI, you need three things. You need computer hardware, you need data, and networks. So for utilities, so now GPU is available and utilities are deploying more, monitoring software application, a single phaser. So there are tons of data, right? And utilities are also invested to modernize the network so that those data collected in the field in substations or in the distribution system can be transported back to the data center. So these are really the right conditions for AI to be leveraged by utilities. It'll make the power grid operate better.

 

Jason Price:

All right, gentlemen. And now I want to turn the table where you can ask a future guest a question. And I will tell you that we do have in the lineup, a chief cyber security officer who is going to be joining the show. So if you'd like to ask that person a specific question, we certainly would position it for that. But yeah, please Mauricio, go ahead.

 

Mauricio Subieta:

My question to him would be or her would be, what is the most disruptive piece of technology that could be used in cyber security in the age of AI?

 

Jason Price:

Okay, Hansen.

 

Hansen Chan:

Yeah. For me it's not really security related. We're thinking more, we are now moving or transitioning to the clean energy resources, so there are costs and benefits. So actually how can we distribute a benefit and share the cost in the equitable way across all communities, including less privileged regions in other countries? How can we promote inclusivity and also economic fairness through this critical transition?

 

Jason Price:

Okay. And then lastly, what are you most motivated by? Mauricio?

 

Mauricio Subieta:

I think my motivation really relies on the kind of work that I do. I think that I've met the right kind of people. I feel very happy to be working at Nokia. This is just one of the things that helps me really enjoy what I do is just my normal activity. So my motivation, I think it's the safety and security and what I can find in my work right now.

 

Jason Price:

Fantastic. Hansen?

 

Hansen Chan:

Yeah, actually for me, it's really the people that I work with. So we have a very collaborative culture, supporting each other to resolve any problem, challenges on the way. And then it is a journey that we have been together with many of my colleagues. So that is what motivates me to work every day.

 

Jason Price:

Great. Well, nice job navigating the lightning round. And I mentioned you both have the final words. So knowing that our listening audience are utility professionals, what's the lasting piece of advice you hope people take away from today's conversation? Mauricio?

 

Mauricio Subieta:

I'm just going to reiterate the fact of being continually aware of what's happening with technology and how that technology can help the utility people on the IT and the OT world make their lives easier is one of the things that they should continue doing. And we're more than happy to help them with not just the technology, but also sharing our experience. We consider utilities our partners and as such, we bring a lot of wealth of information, a lot of experience from the utilities that we cover around the world. And as such, I think that was something that I would recommend is continue asking us questions, continue engaging with us, we'll be more than happy to answer any queries that you have and happy to be with them.

 

Hansen Chan:

For me two words, stay ahead, stay ahead of the threat, protect the grid.

 

Jason Price:

Okay. Well, I mean this has been a great conversation. We certainly are excited to see what our listeners will think and surely they'll do so in the comment section of Energy Central where we post this episode. So hopefully you both can hop in and answer any questions that may pop up. But until then, we just want to thank you both for sharing your insights with us on today's episode of the podcast.

 

Mauricio Subieta:

Well thank you very much. It was a great opportunity spending time with you guys.

 

Hansen Chan:

Thank you Jason, thank you everybody for staying until the end.

 

Jason Price:

No, I'm sure they will. And you can always reach Mauricio and Hansen through the Energy Central platform where they welcome your questions and comments. We also want to give a shout out of thanks to the podcast sponsor that made today's episode possible. Thanks to Nokia, it's time to start making great communications Quantum-Safe. Power utilities are extending IEC 61850 enabled automation beyond substations to power the journey to software centric, data-driven grid operations. But sending IEC 61850 communications over the WAN exposes the grid to cyber threats that put confidentiality, integrity, and availability at risk. The white paper from Nokia entitled Securing IEC 61850 Communications, explores the major threats to IEC 61850 communications in the WAN, including eavesdropping and in the middle, denial of service and future quantum computing attacks.

Find out why it's time for utilities to start building a quantum ready cyber defense and how they can do it with a multilayer defense in depth approach that encompasses encryption, firewalls, access control lists, and network segmentation. Download the white paper from Nokia in the show notes or the EnergyCentral.com post for this episode today. And once again, I'm your host Jason Price. Plug in and stay fully charged in the discussion by hopping into the community at EnergyCentral.com. And we'll see you next time at the Energy Central Power Perspectives Podcast.


About Energy Central Podcasts

The ‘Energy Central Power Perspectives™ Podcast’ features conversations with thought leaders in the utility sector. At least twice monthly, we connect with an Energy Central Power Industry Network community member to discuss compelling topics that impact professionals who work in the power industry. Some podcasts may be a continuation of thought-provoking posts or discussions started in the community or with an industry leader that is interested in sharing their expertise and doing a deeper dive into hot topics or issues relevant to the industry.

The ‘Energy Central Power Perspectives™ Podcast’ is the premiere podcast series from Energy Central, a Power Industry Network of Communities built specifically for professionals in the electric power industry and a place where professionals can share, learn, and connect in a collaborative environment. Supported by leading industry organizations, our mission is to help global power industry professionals work better. Since 1995, we’ve been a trusted news and information source for professionals working in the power industry, and today our managed communities are a place for lively discussions, debates, and analysis to take place. If you’re not yet a member, visit www.EnergyCentral.com to register for free and join over 200,000 of your peers working in the power industry.

The Energy Central Power Perspectives™ Podcast is hosted by Jason PriceCommunity Ambassador of Energy Central. Jason is a Business Development Executive at West Monroe, working in the East Coast Energy and Utilities Group. Jason is joined in the podcast booth by the producer of the podcast, Matt Chester, who is also the Community Manager of Energy Central and energy analyst/independent consultant in energy policy, markets, and technology.  

If you want to be a guest on a future episode of the Energy Central Power Perspectives™ Podcast, let us know! We’ll be pulling guests from our community members who submit engaging content that gets our community talking, and perhaps that next guest will be you! Likewise, if you see an article submitted by a fellow Energy Central community member that you’d like to see broken down in more detail in a conversation, feel free to send us a note to nominate them.  For more information, contact us at [email protected]. Podcast interviews are free for Expert Members and professionals who work for a utility.  We have package offers available for solution providers and vendors. 

Happy listening, and stay tuned for our next episode! Like what you hear, have a suggestion for future episodes, or a question for our guest? Leave a note in the comments below.

All new episodes of the Energy Central Power Perspectives™ Podcast will be posted to the relevant Energy Central community group, but you can also subscribe to the podcast at all the major podcast outlets, including: