Encryption Offers Security Applications for the Power Industry

Issue 4 and Volume 106.

Cryptography is the science of information security, most often associated with scrambling cleartext into ciphertext. Making information unreadable is called encryption and unscrambling it is decryption. Encryption security has broad applications across all areas of commerce, including power production.

“Currently, a lot of data systems in power production facilities are wide open, so anyone can access them,” says John Droge, vice president of Rainbow Mykotronx. “In some cases, the systems are simply password-protected, and passwords are very easy to hack. Sometimes, all users are even assigned the same password to simplify administration. Unfortunately, that also makes getting into the system extremely easy.”

Mykotronx builds custom cryptographic solutions that require two-factor authentication to prove the identity and authorization level of the user, meaning there are two forms of identification required. For example, to access an ATM, the user needs both an ATM card and a PIN.

“Power production facilities have unique needs for protecting the information that controls these facilities and protecting the information that comes out of them,” says Droge. “Custom cryptography provides solutions that can protect this information by meeting requirements that can’t be met with off-the-shelf products.”

One such cryptic security solution is the Rainbow Mykotronx C2 custom cryptography program. Typical customers can include utilities and power generators.

Droge says custom cryptography is not a product per se, but more of a service. “Rainbow Mykotronx has created the C2 program through which they develop a new security solution or device that meets a power producer’s unique regulatory, physical, environmental, performance or form-factor needs.

For example, if the security solution must be physically located near a radio transmitter or magnetic field that may disrupt other electronic devices or communications, a hardened system can be built that would not be affected by it. If a remote facility is able to turn off a pump or a power grid through a unique command, that command has the appropriate level of authentication and information security around it so that a terrorist or a hacker or other subversive would not be able to turn it off.

From a technology and logistical standpoint, “There are differences in the power industry from other industries. For example, typically, security devices for a bank would be physically located in an office environment. However, a power plant may need to operate a security device from on top of a power pole, or in the tundra or on a mountaintop. It may be in a manned or an unmanned facility. In the power industry, the security device must be protected from a hostile environment that includes threats ranging from weather to animals to human tampering.”