Seed Funding Enables GridCOM to Advance Cyber Security Technology
For the past couple of years, a variety of high-level federal officials have sounded increasingly urgent alarms about the vulnerabilities of the U.S. power grid to cyber attack.
In October, for example, former U.S. Defense Secretary Leon Panetta warned that increasingly aggressive hacker groups had developed the technical expertise and software tools needed to shut down the power grid across large parts of the United States. In February, an American computer security firm said it had found that an overwhelming percentage of cyber attacks on U.S. corporations, organizations, and government agencies were originating from a specialized Chinese Army unit in the outskirts of Shanghai. The hacker group is focused increasingly on companies involved in such critical U.S. infrastructure as gas lines, waterworks, and the electrical power grid.
“The probability of an attack is high, and the potential consequences are dire,” according to Duncan Earl, who says he spent 18 years at Tennessee’s Oak Ridge National Laboratory developing IT security technology to address the rising cyber threats from China, Russia, and Iran. The technology, known “quantum encryption,” uses physics to ensure the security of IT communications used by electric utilities today.
Cyber security has become much more of an imperative since utilities began adding computer systems and wireless smart grid technologies in recent years to improve their operational control of the power grid.
Such IT systems use the standardized Internet data protocols known as TCP/IP (Transmission Control Protocol/Internet Protocol). But Earl says Internet protocols come with a big disadvantage for utilities. Data communications for controlling the power grid over such networks cannot use conventional encryption because computerized commands sent by grid operators must be executed in less than 4 milliseconds—and standard encryption techniques would take too long to read the data.
“We’ve got a vulnerable grid, and there’s no going back,” Earl says. “We need a solution, and we need it quickly.”
Under growing pressure to get quantum encryption to market, Earl says he left a cyberwarfare group at Oak Ridge to found GridCOM Technologies, a startup near San Diego commercializing the technology.
GridCOM says it recently secured seed funding from Bakersfield, CA-based Ellis Energy Investments, and is looking to raise Series A funding from venture investors. Earl would not disclose how much funding GridCOM received, citing a contractual agreement with Ellis. But he says the seed funding is enough to pay for prototype development and demonstration tests at the six-employee startup over the next year.
GridCOM’s approach to quantum encryption technology uses a laser to generate photon “twins” that are “entangled,” a term that describes how the twin photons are correlated with identical-but-opposite polarizations. A computer server uses the correlated photons to produce a random encryption key to authenticate and encrypt power grid data and commands.
Earl says the correlated photons behave in accordance with the unique properties of quantum mechanics. Any attempt to intercept or read the authentication key would alter the photons’ physical signature, so the technology provides secure communications without any delay.
Quantum encryption has been under development for more than 20 years, and Earl says the technology is not ready for use in commercial telecommunications. But applying the technology for use in machine-to-machine communications “is not as researchy and is actually pretty easy,” Earl says.
GridCOM plans to offer its technology as a subscription-based service, initially targeting electric utilities. While San Diego Gas & Electric is a potential customer, Earl says GridCOM is working initially with the Northern California Power Agency. Earl says he envisions SDG&E will be a research partner as the company moves to field trials, perhaps as early as next year.