Modular Security Apparatus for Managing Distributed Cryptography for Command-and-Control Messages on Operational Technology Networks (Module-OT)

D. Saleem
National Renewable Energy Laboratory, Colorado, United States

Poster stand number: W114

Keywords: Cyber Solution, Resilience, End-to-end security, Flexible, Ease of use

Module OT stands for Modular Security Apparatus for Managing Distributed Cryptography for Command-and-Control Messages on Operational Technology Networks (Module-OT). It is a flexible, lightweight, bump- in- the-wire solution acting as a secure conduit for data between for Distributed Energy Resources (DER) systems, or grid-edge devices, focusing on end-to-end security across a network. Its core functionality meets current standards, including validation procedures of the NIST Cryptographic Algorithm Validation Program (CAVP) and the Federal Information Processing Standard (FIPS 140-2). It uses point-to-point, one-to-many, and many-to-many network communications channels to perform its operation. It uses latest industry standard hardware acceleration to enhance cryptographic performance, data throughput, and end-to-end communications latency. It improves system security through encryption, authentication, authorization, certificate management, and user access control. It also allows customization, such as selective encryption based on a preestablished threshold for sensitivity or low-latency application, as well as module replacement without retiring equipment. Additionally, it performs key management, provides data security through whitelisting Internet Protocol addresses and ports, blocks unauthorized connections, controls user access, and allows serial or Ethernet connections for added flexibility. The core software is portable to various Linux-based operating systems and is developed to be customized by the developer and researcher communities.