A power utility network includes a network of geographically distributed power substations. Each substation hosts a large number of intelligent electronic devices (IEDs) to monitor, control and protect power equipment in the substation. Effective monitoring requires robust, reliable secure communications between the IEDs. To that end, IEDs within a substation need to establish secure communications with each other and with IEDs in the other substations. The IEDs encrypt their communications and enable message authentication and integrity using cryptographic keys in accordance with an authentication and cryptographic policy. Conventionally, a dedicated key server may originate the cryptographic keys and distribute the keys to the IEDs across the many substations in accordance with a key management protocol, such as the Group Domain of Interpretation (GDOI) protocol. Use of a dedicated GDOI key server is relatively simple, but disadvantageously represents a single point failure, in that a failure of the dedicated key server, or interruptions in the communication links between the dedicated key server and any of the large number of IEDs, prevents dissemination of the necessary cryptographic information, and thus interrupts the secure communications. From the power safety and protection perspective, this would be unacceptable. Furthermore, individually configuring each of a large number of key servers is a management burden, may result in misconfigurations, and thus poses a security risk.