PJM Retiring Weak Encryption on Internet-Facing Websites
Transport Layer Security (TLS) is a widely-used security protocol that encrypts data sent over the Internet between two endpoints, most commonly when loading websites over HTTPS. Over time, new attacks against TLS and the encryption algorithms it uses have been discovered, creating risks for data integrity and safety. As a result, network connections utilizing obsolete protocols are left in vulnerable positions and are at a higher risk of exploitation by hackers. Therefore, PJM is retiring obsolete TLS protocol configurations in PJM internet-facing websites. As a way to provide more secure access to the PJM websites, PJM aims to discontinue supporting TLS 1.0 or TLS 1.1 protocols and certain insecure ciphers such as 3DES cipher and the TLS_RSA_* ciphers in TLS 1.2.
In the browser and browser-less production environments, PJM will retire obsolete TLS protocol configuration changes on November 1, 2021. After this date, TLS 1.2 encryption will be required to connect to PJM websites.
PJM asks that your organization share this information within your organization with technical staff who manage the setup of desktops/laptops and server applications used to connect to PJM’s applications. For more information on how to update the non-compliant source device (browser or browser-less) deployments so that TLS protocol configurations can be updated, PJM has provided the Weak Encryption Remediation Guide as a reference. Adapt2 is happy to help in keeping your organization informed on the latest market changes.