Smart Grid Security

Scalable Key Management Solutions for Critical Infrastructure Protection

Sypris’ Smart Grid Security solution provides the Energy Sector with a Cryptographic Key Management System (CKMS) that leverages the best practices of fielded DoD key management systems to protect high value data, and command and control information, while also providing the capability to quickly recover from a cryptographic key compromise situation or to fend off cyber attack by use of an autonomous key distribution scheme. This scalable key management solution provides generation, distribution, and revocation of keys to allow the utilities to manage and distribute cryptographic keys to provide secure communication flows between and within the Smart Grid domains.

Smart grid security - Key Management with CompartmentalizationKey Management with Compartmentalization

This Cryptographic Key Management System allows the utilities to compartmentalize the secure communications (i.e., use different keys for different locations or types of devices) into groups to isolate high value Smart Grid devices to better manage the risk associated with a compromised key. For example, should a disclosure of a cryptographic key for a residential smart meter occur, devices in the Distribution, Transmission, and Bulk Generation domains remain secure. Utility Operations will have the capability to control the compartmentalization of the keyed network groups using CKMS based on their trade off assessment of less management overhead of group keys versus greater security achieved through compartmented Smart Grid devices.

Another key benefit of CKMS is the centralization of key generation. By centralizing the key generation capability at CKMS within the Utility Operations, the strength and validity of the key can be assured, while also leaving the processing power and entropy at a computer that can satisfy these requirements instead of at smaller devices that are situated within the network.

Autonomous secure key distribution within the network (across potentially unsecure communication links) is accomplished via a hybrid approach. Smart Grid devices will have a certificate (asymmetric) that includes a public and private key. CKMS will initiate a rekey of symmetric key through just a few affiliated Smart Grid devices. The Smart Grid devices will then automatically propagate the key to authorized peers, where the authorized peers will then automatically propagate to their authorized peers, and so on. Smart Grid devices that are no longer considered authorized will not receive the new symmetric key; and therefore, be keyed out of the network.

More information

For additional information about Sypris' Smart Grid, download the brochure.

Get the brochure