Cybersecurity experts have sounded the alarm for years: Hackers are ogling the US power grid. The threat isn’t merely hypothetical—a group affiliated with the Russian government gained remote access to energy companies’ computers, the Department of Homeland Security published last March. In some cases, the hackers could even directly send commands to mess with hardware, which meant they could have cut off the power entirely to customers’ homes. To shut these hackers out, utility companies need better security.

One group of physicists think they have a patch: quantum-encrypted power stations.

They tested the idea this February, hauling several SUVs’ worth of lasers, electronics, and extremely sensitive detectors from Oak Ridge National Laboratory in Oak Ridge, Tennessee, down to Chattanooga. After a hundred-mile drive, they pulled the vehicles up to EPB, the local utility company, and hooked up their machines to some of EPB’s unused optical fiber. Over the period of a week, they repeatedly directed infrared light down the fiber in a 25-mile loop and monitored the properties of the light as it went out and back, out and back. And during that demo, they showed how two different quantum encryption systems could be integrated into existing grid infrastructure. “We’re hoping to show that the concept can be deployed today,” says physicist Nick Peters of Oak Ridge lab.

Using this equipment, they successfully sent and received a series of numbers known as a key using a protocol known as quantum key distribution, or QKD, which guarantees that nobody has tampered with the numbers. QKD secures data by exploiting the strange rules of quantum mechanics. Roughly, here’s how it works: The sender beams single infrared photons oriented in different directions—polarizations—that correspond to 1s and 0s. A receiver measures those orientations. Then, the sender and receiver compare some of their numbers. In quantum mechanics, if you measure a photon’s polarization, you instantly alter it from one state to another. If a hacker had tried to intercept the photons, they would have introduced a telltale statistical error in the numbers, and you would know that the connection was not secure. “QKD gives you the confidence that the key has not changed from when it was sent,” says Donna Dodson, a cybersecurity expert at the National Institute of Standards and Technology.

LEARN MORE The WIRED Guide to Quantum Computing

If the stats look good, the sender and receiver can go ahead and use that key to scramble a message. “It’s based on your trust of physics,” Peters says. This is in contrast with conventional encryption methods, which guarantee security by assuming computers aren’t fast enough to decipher their algorithms in a reasonable amount of time. Peters’ group thinks that a utility company could use quantum-encrypted data to communicate with their hardware. For someone to intercept or change a quantum-encrypted data stream, they’d have to defy quantum mechanics.

The approach comes with technical challenges, of course. One challenge is simply the reality of working on the grid itself. It’s a mishmash of transformers, switches, and sundry parts installed over various years, and grafting on any new technology is difficult. “You can’t just shut the power off,” says physicist Tom Venhaus of Los Alamos National Laboratory, who collaborated on the project. “It’s like working on a car with its engine running.”

But perhaps the biggest challenge is getting the technology to work over long distances. You can send a photon only about 100 miles through fiber-optic cable before its quantum properties change too much to recover its information. In the Chattanooga demo, the physicists extended the distance by converting the quantum signal to classical bits. They then fed those classical bits into a different quantum encryption system, which could reproduce the key and transmit it farther. This means that you could put various encryption machines inside various power substations and use them as relays to secure wider swaths of the grid. In order to communicate with the substation hardware, you’d need to know what the key is. The system would prevent a hacker from measuring and duplicating the key, which is one way of keeping them from gaining access to the hardware.