SICAM GridPass - Certificate manager

Evolution in Substation Automation – Digital substation connectivity brings responsibilities


Cyber security for power systems







Cyber Security with Defense-in-Depth

Cyber Security for Power Systems -
The Challenges of Securing Digitalized Power Systems

Cybersecurity is at the forefront of network operators’ considerations in digitalizing power systems.
Cybersecurity is best achieved with a defense-in-depth approach. Combining multiple security controls.
These include:

  • Identity management

  • Access control

  • Secure communication

  • Malware protection

  • Data protection

  • Settings protection

Management of these security controls can become a cumbersome and time-consuming activity with the ever increasing number of digitalized and interconnected products and services in power systems. Establishing a public key infrastructure (PKI) helps cope with these increasing demands in a scalable manner by bringing certificate-based security to power systems.
SICAM GridPass - based on international standards, manages digital certificates automatically to enable effective and efficient management of security controls, thereby forming a cornerstone of a scalable PKI for the next-generation substations.

SICAM GridPass manages the following aspects:

  • Authenticate: Check identity and authenticity of automated signing requests

  • Issue: Sign certificates automatically or manually

  • Renew: Renew certificates

  • Revoke:  Manage and publish a list of revoked certificates

SICAM GridPass – Features at a glance:

  • Manage X.509 digital certificates for OT use

  • Create or import Certificate Authorities (CA)

  • Automated certificate signing and management using EST (enrollment over secure transport) protocol in adherence to IEC 62351-9

  • Manual certificate creation and export incl. private key using PKI standards

  • Certificate Revocation List (CRL) distribution point service

  • Web-based engineering and administration

  • Role-based Access Control in adherence to  IEC 62351-8 with role-based views

  • Support for local users and RADIUS-based centrally managed users

  • Logging of security-relevant events over Syslog

  • Only one installation (software license for 50, 250, 1,000 or 10,000 clients) required in your network