The main objective of this project is to demonstrate a significant reduction of cyber risk to Facility-Related Control Systems (FRCS) through the implementation of an Enterprise Java Beans Certificate Authority (EJBCA) and client software in a microgrid control system as a proof of concept (PoC) for a Closed Restricted Network (CRN) Public Key Infrastructure (PKI) solution, or operation FRCS networks as CA clients of a management enclave CA.

PrimeKey’s EJBCA Enterprise Software is a complete private PKI implementation running on the control system and supporting all CA (Certificate Authority), RA (Registration Authority) and VA (Validation Authority) functionality. EJBCA is a standards-based PKI solution with over 15 years of continuous development and improvement. Deployed in an offline air-gap or CRN environment, it uses CA signing to maintain a trust chain without needing real-time connectivity. Multiple concurrent trust chains can be supported by the system including Utility CA and related client/agent software, and the equipment vendor’s or the customer’s PKI. The issuance of certificates to end devices or users of the system is ultimately flexible and provided through a variety of methods including Application Programming Interfaces (APIs), protocols and web-based human interfaces. The connectivity required is extremely low bandwidth with minimal network dependency. Online Certificate Status Protocol (OCSP) methods of certificate validation is maintained on a real-time basis.

The CRN PKI solution for FRCS is expected to provide several benefits to the Department of Defense, including:

• Enhanced security through strong, automated means of authentication and digital signatures in FRCS environments.
• Enhanced resiliency of FRCS networks through stronger confidentiality, integrity and availability of FRCS files and communications.
• Higher confidence for receiving organizations (Reciprocity) and Authorizing Officials (AOs) of FRCS risk levels and no need for PKI waivers.
• Accelerated realization of actual energy savings through quicker implementation of new energy saving FRCS technologies.
• Applicability for any CRN, not just FRCS networks.