I’m thrilled to share significant progress in an important initiative to confront the emerging threat that quantum computing poses to energy cybersecurity in the UK. Cambridge Consultants is collaborating front and centre on a project initiated with National Energy System Operator (NESO) to create a novel assessment framework to identify risks and ultimately create a prioritised mitigation approach. We’ve made a breakthrough that could provide intelligence to cyber security professionals without the need for them to have quantum expertise.
More on that in a moment – but first let me wind back to April last year, when I set out the background to the initiative. At the heart of the issue is the cyber arms race being driven by the development of quantum computing, which threatens to make current encryption standards obsolete. The implications for the critical national infrastructure of energy – as well as transport, communications and healthcare – are clear and concerning.
Called ‘Network Security in a Quantum Future’ the NESO project is all about developing a better understanding of quantum computing risks – and ways to protect national energy assets and network. The development of a strategy and plan for implementing future improvements is one of the key objectives.
The organisation – which is the national energy system operator for Great Britain – liked the proposal I wrote after teaming up with some of my network contacts at Warwick and Edinburgh universities. The ideas won funding from the Strategic Innovation Fund, an Ofgem programme managed in partnership with the government’s Innovate UK, national innovation agency.
We set to work on a discovery phase, which involved developing reports that highlighted what was known about the threat, as well as potential directions for developing quantum aware risk management within the energy sector. The lack of tools available to enable this was very evident. It was clear to us that the academic nature of existing papers on the subject didn’t allow for dynamic interpretation of a host of imponderables – from the impact of differing timelines to hypothetical analysis of improvements.
Quantum risk awareness and quantum threat tracking
During our next stage of work the team applied itself to the creation of two assets: a quantum aware risk management (Q-ARM) tool and a quantum threat tracker (QTT) module. The conceptual development of these instruments was enabled by the multidisciplinary expertise within CC, which spans quantum scientists, cybersecurity specialists and energy system strategists.
The QTT module is grounded in CC’s broad quantum expertise, infused with great ideas from our friends at Edinburgh University. It’s a really cool piece of kit that enables stakeholders to understand how and when threats might materialise. The Q-ARM tool focuses on empowering system operators in the UK, providing insights into how to identify assets within a network that are threatened, the type of attacks that could be enabled by quantum, and the levels of associated risk. All this in a format that make immediate sense to people.
When building these modules, we made sure that the key functionality happens without the need for people to understand quantum at all. The users would be provided with recommended actions without having to engage with the quantum technologies that are under the bonnet. This is a potential boon for the industry that could utilise such tools without having to invest in a whole new and expensive skillset.
Such capabilities also play to the need for a speedy response to the emerging threats. The government’s National Cyber Security Centre recently shared a recommended time frame – between now and 2031 – which the energy system’s critical infrastructure needs to work to. With such a strong imperative to put a plan of action in place, we see our tools as a route to understanding the necessary transition, building plans in a sensible and reproducible way, and gaining a data-driven understanding of where the biggest security challenges will come from.
Cost-effectiveness is also top of mind for us. The concepts we’ve created are about enabling energy operators to act in a way that is economically practical – they can consider where the real risk lie and target those rather than conducting root and branch activity that might actually induce further problems.
We’re very hopeful of developing both the QTT module and Q-ARM tool during further phases of the project to deliver even greater value in securing the UK energy sector – but even now our progress is bearing fruit in other areas of CC collaboration. We’re already using some of the capabilities we’ve pioneered to explore quantum computing solutions in other sectors. Interestingly, the ideas we’ve brought to life can help our clients understand and identify the opportunities – not just the threats – of quantum computing. Do reach out to me if you find that, or any aspect of this topic, intriguing!