Dive Brief:
- Honeywell is partnering with Quantinuum to integrate quantum computing-hardened encryption keys into its smart utility meters, it announced Sept. 7.
- The integration will use Quantinuum’s Quantum Origin technology to increase reliability and trust in sectors vulnerable to data breaches, Honeywell said in a release.
- The technology company expects the encryption keys to protect end-user data from advanced cybersecurity threats, particularly as it relates to critical infrastructure, it said.
Dive Insight:
Utilities, which handle massive amounts of customer and business data, are becoming increasingly vulnerable to security threats. A Skybox Security research study found that 87% of utilities have experienced at least one security breach in the past 36 months. Customer data accounted for 58% of all data stolen from energy and utility firms in 2021, according to a 2022 data breach investigations report from Verizon. A survey KRC Research conducted on behalf of Honeywell in 2021 found that seven in 10 managers are concerned about whether they have an adequate level of operational cybersecurity to protect their facilities, highlighting this vulnerability.
Honeywell Smart Energy and Thermal Solutions’ smart meters for commercial and residential applications will now be equipped with “verifiably unpredictable keys from Quantinuum” which will create a robust cyber defense of its devices, Honeywell told Facilities Dive in an email.
Kinnera Angadi, chief technology officer of Smart Energy and Thermal Solutions at Honeywell, said facilities managers whose buildings have Honeywell smart meters looking to implement this cybersecurity technology can designate a security administrator, proactively monitor security events and subscribe to security alerts.
Security administrator duties involve “setting and reviewing the periodic rekeying schedule for all meters and [overseeing] the system for any vulnerabilities, ensuring a fortified head end/software application,” while security monitoring involves utilizing “the system’s ability to record and [provide] alerts on security events, facilitating swift response measures,” Angadi said in an email interview.
Quantinuum’s Quantum Origin software delivers encryption keys generated by a quantum computer. The tool supports traditional algorithms, such as RSA and Advanced Encryption Standard, as well as post-quantum cryptography algorithms, Honeywell said in an email.
Honeywell noted in its release that Quantum Origin uses quantum computing to introduce a degree of randomness, while creating keys that are rendered genuinely unpredictable, to bolster data security for utility customers. The company says incorporating Quantum Origin into its Smart Energy and Thermal Solutions smart meters will be crucial for tackling growing data security requirements, particularly those concerning critical infrastructure.
Tony Uttley, president and COO of Quantinuum, points to the need for facilities managers to acquaint themselves with the existence of such technology. “We’re getting to the point where once you know it exists, you can’t unknow it,” he said in an interview.
The first step for facilities managers is to think about what digital assets they’re handling that need to be protected the most, Uttley said, adding that the quantum computing-hardened encryption keys will help facilities managers and operators build more resiliency in their customer data protection efforts. This includes safeguarding critical infrastructure such as generators in hospitals.
“That’s where we typically have the most value,” he noted. “In those areas where you have those crown jewels, whether that’s customer data or critical infrastructure or keeping a facility running, that’s where we can help harden the encryption infrastructure that’s in place.” Wherever a key is on the spectrum of predictability, it is hardened to a “completely unpredictable level,” he said.
Uttley said he believes that embedding Quantum Origin into smart meters will help facilities staff avoid the costs of a security breach. Facilities managers should consider the vulnerability profile of the data, assets and facilities they are responsible for managing, as well as the risk of business loss and the dilution of trust that follows a cybersecurity attack, he said.