OpenADR and Cyber Security

Certificate Policy

Get Test Certificates for Development and Testing Here

Cyber Security is an important component of the Smart Grid. OpenADR works with you to help fulfill our role in ensuring strong Cyber Security in the Smart Grid.

In order to fulfill industry security requirements and NIST Cyber Security guidelines, the OpenADR Alliance maintains its own Public Key Infrastructure (PKI). The PKI uses server and client side digital certificates that act as digital keys to ensure only clients and servers communicate with each other and their communication is secure.

This means that manufacturers of both OpenADR certified OpenADR Servers (VTN) and OpenADR certified Clients (VEN) need to purchase valid OpenADR-specific digital certificates to authenticate communication links. This provides a strong security mechanism for the transport layer. Common security mechanisms include RSA and ECC algorithms.

Another important requirement from the NIST recommendations involves digital certificate management. OpenADR has mechanisms in place that allow the control, authorization, issuance, and revocation of digital certificates in order to maintain control of its PKI and maintain an accounting of the connection between manufacturer <–> client device <–> certificate.

The OpenADR Alliance has partnered with Eonti (https://eonti.com/openadr). The digital certificates are governed by the OpenADR Alliance Certificate Policy.

NOTE: OpenADR Certification should not be confused with an OpenADR Digital Certificate. OpenADR Certification means that VTNs and VENs have undergone OpenADR testing and conform to the current OpenADR interface specification. Part of this testing also checks whether the systems can handle the minimum security requirements. Passing testing, plus additional paperwork, enables the systems to claim to be OpenADR Certified. A list of certified devices can be found at - https://products.openadr.org/. This certification does not mean that the manufacturers have valid Digital Certificates built into their systems yet. Manufacturers achieving OpenADR Certification need to obtain the Digital Certificates  Manufacturers can then embed the digital certificates into their certified products at time of manufacture.

Different types of certificates are available to manufacturers depending on their development stage.

  1. Test Security Certificates – These certificates are not valid for real communication. However, they can be used for free for testing purposes. They are also used during certification testing.
  2. Evaluation Certificates – These certificates are valid for real implementations. However, they are only valid for a limited time (60-90 days). These certificates could be used for further interoperability testing with existing live systems. See the link at the top of this page.
  3. Production Certificates – These certificates have a longer validity period (20 years) and should be used for real implementations

OpenADR Certificates can be obtained from Eonti (https://eonti.com/openadr).

Registration Authority Contact Information:

Eonti Inc.
1345 Plaza Court North, Suite 3A
Lafayette, CO 80026
Tel: (303) 378-7693

Email: [email protected]

You may encounter some references to NetworkFX or Kyrio in the documentation. These used to be previous providers.