|
|
 |
SPYRUS PKI Case Studies - California ISO Uses Powerful SPYRUS PKI Solutions
"We shaved a year off our deployment schedule and were able to eliminate the VPN implementation step. Significant cost savings were realized due to SPYRUS's integrated solution." -California ISO
In 1996, California lawmakers enacted historic legislation allowing consumers to choose their energy suppliers in order to create a competitive marketplace for public utilities. The California Legislature conceived the not-forprofit corporation, the California Independent System Operator (California ISO), to manage the power transmission grid and to facilitate markets for electricity reliability products. This required the implementation of a reliable security infrastructure; California ISO chose the SPYRUS Public Key security solution to satisfy these information security requirements. The SPYRUS Public Key solution is an integrated product suite of all the critical high assurance Public Key Infrastructure (PKI) products necessary to implement e-business initiatives and to meet the auditable requirements for secure transactions and data.
The California ISO Challenge
It is a gigantic task for California ISO to securely manage the generation and sale of more than $7 billion in electrical energy each year. From its headquarters in Folsom, near Sacramento, California ISO's automated command and control network regulates the manufacturing and metering of power from remote generators located throughout California.
When California ISO became operational, the network consisted of a statewide virtual private network (VPN) that ran Internet Protocol (IP) over dedicated lease lines. California ISO assembled a team to implement the network’s firewall security and to plan security for the network’s eventual move from a dedicated private network to the Internet, which would lower costs and allow for easier system expansion. During the next 15 months, the Cryptographic Universal Design Architecture (CUDA-ISOTM) team developed criteria, selected vendors, and began to deploy a master security solution across the California ISO network. Demanding Security Requirements The California ISO security solution had to have open standards and be non-proprietary. The CUDA-ISO team identified confidentiality, ease of use, scalability, and a life expectancy of at least ten years as the essential system requirements. Confidentiality was vital because unauthorized access to privileged trading information could give an unfair advantage to energy auction participants. Ease of use was essential to California ISO's many and diverse clients, including utility, generator and transmission companies and energy traders. Scalability of the on line security system was essential to accommodate additional electrical generating plants and traders over time. California ISO's CUDA-ISO team researched a myriad of available products and suppliers, and selected SPYRUS for its Public Key solution.
Powering Up Security
Charged with managing the power transmission grid and coordinating the flow of electricity throughout the state, California ISO quickly recognized its critical need for a high-assurance security infrastructure. The power agency selected the SPYRUS PKI, as the best solution for meeting these requirements. The SPYRUS system is currently operational in a number of different California ISO applications using a variety of SPYRUS security products and solutions. High-assurance LYNKS Privacy Cards for power generation, mediumassurance bundles of Rosetta Smart Cards and Personal Access Readers for secure messaging, and basic-assurance browser software certificates for trading services are all utilized to provide a robust and comprehensive security solution.
Flexible Policy Management
The SPYRUS PKI hierarchy also offered California ISO a variety of policy applications and provided control over the issuance of certificates and policies to its many utility customers. Using SPYRUS security technology, the CUDA-ISO team was able to develop and deploy new applications on demand. Our flexible architecture planned for expansion at all levels within the California ISO network and allowed for the addition of CAs for privileged levels of authorization needed for secure business transactions. "This flexibility was the key differentiator between the SPYRUS solution we chose and the others we evaluated," said the California ISO. "The SPYRUS Configurable Policy Module (CPM) gave us affordable choices for fitting security into our business model and timeframe requirements."
Another important difference to the California ISO was the breadth of products offered by SPYRUS. Stated the California ISO, "They had a product suite that completely spanned our lines of business. For example, we can have a very high level of security on the SPYRUS Rosetta Smart Cards and SPYRUS Personal Access Readers (PAR) because of the close integration with the CA. It's working well, and it fits our needs."
Secure Applications OnLine
To reduce the cost of expensive dedicated leased lines, California ISO wanted to use the Internet wherever feasible. Working with SPYRUS, the power entity successfully implemented a number of secure e-business applications, including the following:
- Online trading over an extended Internet/Extranet network, enabling buyers and sellers of power to access an online auction of transmission rights through use of software certificates.
- Online dispatch of power generation through use of high-assurance LYNKS Privacy Cards.
- Online meter access through use of the SPYRUS RES (Rosetta Executive Suite) Library, enabling online meter reading by third parties of the kilowatts being supplied to customers throughout the transmission system.
- Online invoicing submission through a secured system.
- Online problem management to track problem resolution quickly and efficiently.
California ISO will also support online network load balancing for more than 500 users and will additionally deliver a RES-based online scheduling interface to support real-time power trading services to cover spot imbalances of power.
Scheduling notification, another smart card-based application, automatically alerts electric generation facilities to outstanding bids to purchase energy and prompts them to respond to the request. By responding, the facility commits to producing a specific number of kilowatts of electricity. This step guarantees that electric generation plants across the state have the opportunity to compete fairly in the open market.
Around California, close to 600 electricity dispatchers will use SPYRUS Rosetta Smart Cards and PAR smart card readers to conduct their transactions with California ISO. And California ISO's CUDA-ISO team will be implementing an Internet-enabled application that will use a software certificate embedded in each user's browser to allow investors to securely buy, sell, and trade futures online. All of the applications are securely managed by the hierarchical SPYRUS PKI, comprising four Certification Authorities (CAs) and two Registration Authorities (RAs), with additional expansion planned at all levels within the network.
Protecting the Bottom Line
The CUDA-ISO team's initial efforts concentrated on defining California ISO's security architecture and application requirements and then implementing a VPN with proxy management. The flexibility of the SPYRUS security policy has enabled California ISO to develop and deploy network applications rapidly. All future California ISO applications must conform to CUDA-ISO specifications and will migrate to the new security policy. The California ISO stated, "We're tossing out the VPN and the proxy and are going to go fully integrated because we're just evolving so fast. We shaved a year off our deployment schedule and were able to eliminate the VPN implementation step. Significant cost savings were realized due to SPYRUS' integrated solution." The CUDA-ISO team at California ISO has successfully deployed a SPYRUS Public Key solution into a pre-existing critical infrastructure, enabling the organization to offer a broad range of services and add levels of security not previously available to the energy industry in California or anywhere else in the world. E-business is already a reality in today's marketplace. SPYRUS enabled California ISO to enter this new environment with the highest level of confidence, knowing that their missioncritical transactions would be tightly secured. Not only did SPYRUS eliminate security concerns in a costeffective manner, the solution allowed California ISO to implement innovative e-business applications that reduced operational costs.
|
|
