VAR Installs Two-Factor Authentication At Utility Plant
This VAR sold a security solution by applying two-factor authentication to meet maintenance safety requirements.
Two-factor authentication — also called strong authentication — sounds complicated, but it’s actually a relatively simple concept. It is a process of confirming an individual’s identity by using two separate methods of identification. Experts describe it as, “Something you have and something you know.” That reference refers to one type of two-factor authentication that uses a token (a key fob or smart card) and a PIN. Typical uses for this type of technology are network authentication, online banking, B2B transactions, electronic commerce, and government security. Not so typical is how security provider Pegasus Technologies implemented two-factor authentication at a utility plant.
Pegasus provides IT-based security solutions — many of them based on CRYPTOCard’s two-factor authentication solutions. In one of the company’s most unique installations, Pegasus installed a two-factor identification solution for the Lower Colorado River Authority’s (LCRA) Fayette Power Project near La Grange, TX. Pegasus won the LCRA pilot project because of past experience in the energy vertical market.
Identify New Applications For Two-Factor Authentication
LCRA places red tags on equipment when it is taken out of service for maintenance purposes. In many cases, the equipment can store electrical energy, air pressure, water pressure, or even super-heated steam — all very dangerous to an unsuspecting employee. Once the machinery has been identified, a list of boundary equipment is generated which details all of the equipment that must be shut off in conjunction with the repair. In order to ensure the safety of LCRA’s crews, the maintenance staff issues more than 3,000 red tags per year.
The problem was time. LCRA indicated that 60% of the time required to issue red tags was spent traveling between the plant and the clearance station (1/2-hour round-trip). LCRA needed a way to electronically verify that each piece of equipment was indeed tagged, without a maintenance worker having to travel between the plant and the clearance station.
“A phone call would not provide true identification, as anyone could make the call,” explains Matthew Tucker, VP of sales for Pegasus Technologies. “We had to come up with a method for confirming identities digitally over the telephone.”
Pegasus suggested CRYPTOCard two-factor authentication. A trial of the new system involved a file server at the clearance station loaded with CRYPTOCard’s CRYPTO-SERVER software. A maintenance employee was provided a CRYPTOCard RB-1 token (the size of a credit card). When the maintenance worker tagged a piece of equipment, he called the clearance station. The clearance station operator received a code from the CRYPTO-SERVER. The maintenance worker pushed the button on the token (something he had) and entered his PIN number (something he knew). The token returned a code that matched the code generated at the clearance station. A match means that two-factor authentication was successful, and the piece of equipment was verified as “locked out.”
After a two-month pilot project, the LCRA was convinced the cost savings would more than offset the cost of the Pegasus/CRYPTOCard solution. According to Tucker, the actual payback time was seven months. As a result of the CRYPTOCard solution, the customer is saving 450 worker hours per year. More than 200 LCRA employees now use the CRYPTOCard technology for authentication, and Pegasus is now selling this solution to other utility companies.