OpenADR and Cyber SecurityOpenADR Security Certificates Overview Cyber Security is an important component of the Smart Grid. OpenADR works with you to help fulfill our role in ensuring strong Cyber Security in the Smart Grid. In order to fulfill industry security requirements and NIST Cyber Security guidelines, the OpenADR Alliance maintains its own Public Key Infrastructure (PKI). The PKI is uses server and client side digital certificates that act as digital keys to ensure only clients and servers communicate with each and their communication is secure. This means that manufacturers of both OpenADR certified OpenADR Servers (VTN) and OpenADR certified Clients (VEN) need to purchase valid OpenADR-specific digital certificates to authenticate communication links. This provides a strong security mechanism for the transport layer. Common security mechanisms include RSA and ECC algorithms. Another important requirement from the NIST recommendations involves digital certificate management. OpenADR has mechanisms in place that allow the control, authorization, issuance, and revocation of digital certificates in order to maintain control of its PKI and maintain an accounting of the connection between manufacturer <–> client device <–> certificate. The OpenADR Alliance has partnered with Kyrio** (http://www.kyrio.com), an independent entity that operates and manages the OpenADR PKI on behalf of the Alliance. The following figure provides a high level view of the mechanisms that have been put in place. The digital certificates are governed by the OpenADR Alliance Certificate Policy.
NOTE: OpenADR Certification should not be confused with an OpenADR Digital Certificate. OpenADR Certification means that VTNs and VENs have undergone OpenADR testing and conform to the current OpenADR interface specification. Part of this testing also checks whether the systems can handle the minimum security requirements. Passing testing, plus additional paperwork, enables the systems to claim to be OpenADR Certified. A list of certified devices can be found at - http://www.openadr.org/products. This certification does not mean that the manufacturers have valid Digital Certificates built into their systems yet. Manufacturers achieving OpenADR Certification need to obtain the Digital Certificates via the OpenADR/Kyrio portal. Kyrio partners with Symantec, a well-known digital certificate service provider, to handle the issuance of OpenADR Digital Certificates. Manufacturers can then embed the digital certificates into their certified products at time of manufacture. Different types of certificates are available to manufacturers depending on their development stage.
OpenADR Certificates can be obtained through the OpenADR/Kyrio portal: To obtain production certificates, please contact Kyrio: Digital Certificate Account Coordinator Kyrio, Inc. Email: info@kyrio.com Any other questions can be addressed to certification@openadr.org. ** Kyrio was previously NetworkFX. Therefore you may encounter some references to NetworkFX in the documentation. |
