iTeh Standards logo
EURUSD
Your shopping cart is empty.
IEC

IEC 62351-5:2023

(Main)

Power systems management and associated information exchange - Data and communications security - Part 5: Security for IEC 60870-5 and derivatives

Power systems management and associated information exchange - Data and communications security - Part 5: Security for IEC 60870-5 and derivatives

IEC 62351-5:2023 defines the application profile (A-profile) secure communication mechanism specifying messages, procedures and algorithms for securing the operation of all protocols based on or derived from IEC 60870-5, Telecontrol Equipment and Systems – Transmission Protocols.
For the measures described in this document to take effect, they must be accepted and referenced by the specifications for the protocols themselves. This document is written to enable that process.
The subsequent audience for this document is intended to be the developers of products that implement these protocols.
Portions of this document may also be of use to managers and executives in order to understand the purpose and requirements of the work.
This document is organized working from the general to the specific, as follows:
• Clauses 2 through 4 provide background terms, definitions, and references.
• Clause 5 describes the problems this specification is intended to address.
• Clause 6 describes the mechanism generically without reference to a specific protocol.
• Clauses 7 and 8 describe the mechanism more precisely and are the primary normative part of this specification.
• Clause 9 define the interoperability requirements for this secure communication mechanism.
• Clause 10 describes the requirements for other standards referencing this document.
The actions of an organization in response to events and error conditions described in this document are expected to be defined by the organization’s security policy and they are beyond the scope of this document.
This International Standard cancels and replaces IEC TS 62351-5 published in 2013. It constitutes a technical revision. The primary changes in this International Standard are:
a) The secure communication mechanism is performed on per controlling station/controlled station association.
b) User management to add, change or delete a User, was removed.
c) Symmetric method to change the Update Key was removed.
d) Asymmetric method to the change Update Key was reviewed.
e) Challenge/Reply procedure and concepts were removed.
f) Aggressive Mode concept was replaced with the Secure Data message exchange mechanism.
g) Authenticated encryption of application data was added.
h) The list of permitted security algorithms has been updated.
i) The rules for calculating messages sequence numbers have been updated
j) Events monitoring and logging was added

Gestion des systèmes de puissance et échanges d’informations associées – Sécurité des communications et des données – Partie 5: Aspects de sécurité pour l’IEC 60870-5 et ses dérivés

IEC 62351-5:2023 définit le mécanisme de communication sécurisée du profil d'application (profil A) qui spécifie les messages, les procédures et les algorithmes pour sécuriser le fonctionnement de tous les protocoles fondés sur ou dérivés de l’IEC 60870-5, Matériels et systèmes de téléconduite – Protocoles de transmission.
Pour que les mesures décrites dans le présent document entrent en application, elles doivent être acceptées et référencées par les spécifications des protocoles eux-mêmes. Le présent document est rédigé dans le but de permettre ce processus.
Il est prévu que les lecteurs suivants du présent document soient les personnes chargées d’élaborer les produits qui mettent en œuvre ces protocoles.
Certaines parties du présent document peuvent également être utiles aux gestionnaires et aux cadres dirigeants pour comprendre le but et les exigences du travail.
Ce document est organisé du plus général au plus spécifique, comme suit:
• les Articles 2 à 4 fournissent des termes, des définitions et des références de contexte;
• l’Article 5 décrit les problèmes que la présente spécification est destinée à traiter;
• l’Article 6 décrit le mécanisme de manière générale, sans référence à un protocole spécifique;
• les Articles 7 et 8 décrivent le mécanisme plus précisément. Ils constituent la partie normative principale de la présente spécification;
• l’Article 9 définit les exigences d’interopérabilité pour ce mécanisme de communication sécurisée y compris la relation entre cette norme et la CEI 62351-3 pour la sécurité de la couche transport;
• l’Article 10 décrit les exigences des autres normes qui font référence au présent document.
Il est attendu que les actions d’une organisation en réponse aux événements et conditions d’erreurs décrits dans le présent document soient définies par la politique de sécurité de l’organisme. Elles ne relèvent pas du domaine d’application du présent document.
Cette Norme internationale annule et remplace l'IEC TS 62351-5 parue en 2013. Elle constitue une révision technique. Les modifications principales présentées dans la présente Norme internationale sont les suivantes:
a) le mécanisme de communication sécurisée est réalisé par une association poste de conduite/poste téléconduit;
b) la gestion des Utilisateurs, qui sert à ajouter, modifier ou supprimer un Utilisateur, a été supprimée;
c) la méthode symétrique, qui sert à modifier la Clé de Mise à Jour, a été supprimée;
d) la méthode asymétrique, qui sert à modifier la Clé de Mise à Jour, a été révisée;
e) la procédure et les concepts de Stimulation/Réponse ont été supprimés;
f) le concept de Mode Agressif a été remplacé par le mécanisme d’échange de messages de Données Sécurisées;
g) un chiffrement authentifié des données d’application a été ajouté;
h) la liste des algorithmes de sécurité admis a été mise à jour;
i) les règles de calcul des numéros de séquence des messages ont été mises à jour;
j) la surveillance et l’enregistrement des événements ont été ajoutés.

General Information

Status
Published
Publication Date
12-Jan-2023
ICS
33.200 - Telecontrol. Telemetering
Technical Committee
TC 57 - Power systems management and associated information exchange
Drafting Committee
WG 15 - TC 57/WG 15
Current Stage
PPUB - Publication issued
Start Date
02-Dec-2022
Completion Date
13-Jan-2023
Ref Project

Relations

Replaces
IEC TS 62351-5:2013 - Power systems management and associated information exchange - Data and communications security - Part 5: Security for IEC 60870-5 and derivatives
Effective Date
05-Sep-2023
Revises
IEC TS 62351-5:2009 - Power systems management and associated information exchange - Data and communications security - Part 5: Security for IEC 60870-5 and derivatives
Effective Date
05-Sep-2023
IEC 62351-5:2023 - Power systems management and associated information exchange - Data and communications security - Part 5: Security for IEC 60870-5 and derivatives Released:1/13/2023IEC 62351-5:2023 - Power systems management and associated information exchange - Data and communications security - Part 5: Security for IEC 60870-5 and derivatives Released:1/13/2023
PreviousNext
Standard
IEC 62351-5:2023 - Power systems management and associated information exchange - Data and communications security - Part 5: Security for IEC 60870-5 and derivatives Released:1/13/2023
English and French language
263 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


IEC 62351-5 ®
Edition 1.0 2023-01
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Power systems management and associated information exchange – Data and
communications security –
Part 5: Security for IEC 60870-5 and derivatives

Gestion des systèmes de puissance et échanges d’informations associés –
Sécurité des communications et des données –
Partie 5: Aspects de sécurité pour l’IEC 60870-5 et ses dérivés

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite ni
utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie et
les microfilms, sans l'accord écrit de l'IEC ou du Comité national de l'IEC du pays du demandeur. Si vous avez des
questions sur le copyright de l'IEC ou si vous désirez obtenir des droits supplémentaires sur cette publication, utilisez
les coordonnées ci-après ou contactez le Comité national de l'IEC de votre pays de résidence.

IEC Secretariat Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.

IEC publications search - webstore.iec.ch/advsearchform IEC Products & Services Portal - products.iec.ch
The advanced search enables to find IEC publications by a Discover our powerful search engine and read freely all the
variety of criteria (reference number, text, technical publications previews. With a subscription you will always have
committee, …). It also gives information on projects, replaced access to up to date content tailored to your needs.
and withdrawn publications.
Electropedia - www.electropedia.org
IEC Just Published - webstore.iec.ch/justpublished
The world's leading online dictionary on electrotechnology,
Stay up to date on all new IEC publications. Just Published
containing more than 22 300 terminological entries in English
details all new publications released. Available online and once
and French, with equivalent terms in 19 additional languages.
a month by email.
Also known as the International Electrotechnical Vocabulary

(IEV) online.
IEC Customer Service Centre - webstore.iec.ch/csc
If you wish to give us your feedback on this publication or need
further assistance, please contact the Customer Service
Centre: sales@iec.ch.
A propos de l'IEC
La Commission Electrotechnique Internationale (IEC) est la première organisation mondiale qui élabore et publie des
Normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.

A propos des publications IEC
Le contenu technique des publications IEC est constamment revu. Veuillez vous assurer que vous possédez l’édition la
plus récente, un corrigendum ou amendement peut avoir été publié.

Recherche de publications IEC - Découvrez notre puissant moteur de recherche et consultez
webstore.iec.ch/advsearchform gratuitement tous les aperçus des publications. Avec un
La recherche avancée permet de trouver des publications IEC abonnement, vous aurez toujours accès à un contenu à jour
en utilisant différents critères (numéro de référence, texte, adapté à vos besoins.
comité d’études, …). Elle donne aussi des informations sur les
projets et les publications remplacées ou retirées. Electropedia - www.electropedia.org

Le premier dictionnaire d'électrotechnologie en ligne au monde,
IEC Just Published - webstore.iec.ch/justpublished
avec plus de 22 300 articles terminologiques en anglais et en
Restez informé sur les nouvelles publications IEC. Just
français, ainsi que les termes équivalents dans 19 langues
Published détaille les nouvelles publications parues.
additionnelles. Egalement appelé Vocabulaire
Disponible en ligne et une fois par mois par email.
Electrotechnique International (IEV) en ligne.

Service Clients - webstore.iec.ch/csc
Si vous désirez nous donner des commentaires sur cette
publication ou si vous avez des questions contactez-nous:
sales@iec.ch.
IEC Products & Services Portal - products.iec.ch

IEC 62351-5 ®
Edition 1.0 2023-01
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Power systems management and associated information exchange – Data and

communications security –
Part 5: Security for IEC 60870-5 and derivatives

Gestion des systèmes de puissance et échanges d’informations associés –

Sécurité des communications et des données –

Partie 5: Aspects de sécurité pour l’IEC 60870-5 et ses dérivés

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 33.200 ISBN 978-2-8322-6017-3

– 2 – IEC 62351-5:2023 © IEC 2023
CONTENTS
FOREWORD . 6
1 Scope . 8
2 Normative references . 9
3 Terms and definitions . 10
4 Abbreviated terms . 11
5 Problem description . 12
5.1 Overview of clause . 12
5.2 Specific threats addressed . 12
5.3 Design issues . 12
5.3.1 Overview of subclause . 12
5.3.2 Asymmetric communications . 12
5.3.3 Message-oriented . 12
5.3.4 Poor sequence numbers or no sequence numbers . 13
5.3.5 Limited processing power . 13
5.3.6 Limited bandwidth . 13
5.3.7 No access to authentication server . 13
5.3.8 Limited frame length . 13
5.3.9 Limited checksum . 14
5.3.10 Radio systems . 14
5.3.11 Dial-up systems . 14
5.3.12 Variety of protocols affected . 14
5.3.13 Differing data link layers . 14
5.3.14 Long upgrade intervals . 15
5.3.15 Remote sites . 15
5.3.16 Unreliable media . 15
5.4 General principles . 15
5.4.1 Overview of subclause . 15
5.4.2 Application layer only . 15
5.4.3 Generic definition mapped onto different protocols . 15
5.4.4 Bi-directional . 15
5.4.5 Management of cryptographic keys . 15
5.4.6 Backwards tolerance . 16
5.4.7 Upgradeable . 16
5.4.8 Multiple connections . 16
6 Theory of operation . 16
6.1 Overview of clause . 16
6.2 The secure communication . 16
6.2.1 Basic concepts . 16
6.2.2 Association ID . 17
6.2.3 Authenticating . 18
6.2.4 Central Authority . 18
6.2.5 Role Based Access Control (RBAC) . 18
6.2.6 Cryptographic keys . 18
6.2.7 Security statistics . 22
6.2.8 Security events . 22
7 Functional requirements . 22

7.1 Overview of clause . 22
7.2 Procedures Overview . 22
7.3 State machine overview . 23
7.4 Timers and counters . 25
7.5 Security statistics and events . 25
7.5.1 General . 25
7.5.2 Special security thresholds . 29
7.5.3 Security statistics reporting . 29
7.5.4 Security events monitoring and logging . 29
8 Formal procedures . 30
8.1 Overview of subclause . 30
8.2 Distinction between messages and ASDUs . 30
8.2.1 General . 30
8.2.2 Messages datatypes and notations . 30
8.3 Station Association procedure . 30
8.3.1 General . 30
8.3.2 Public key certificates . 31
8.3.3 Configuration of authorized remote stations . 33
8.3.4 Pre-requisites to initiate the Station Association procedure . 33
8.3.5 Messages definition . 33
8.3.6 Controlling station state machine . 42
8.3.7 Controlled station state machine . 52
8.3.8 Verification of remote station’s certificate . 61
8.3.9 Verification of certificates during normal operations . 61
8.3.10 Update Keys derivation . 62
8.3.11 Controlling station directives for Station Association and Update Keys
management . 63
8.3.12 Controlled station directives for Station Association and Update Keys
management . 63
8.3.13 Initializing and updating Stations Association and Update Keys . 65
8.4 Session Key Change procedure . 66
8.4.1 General . 66
8.4.2 Messages definition . 67
8.4.3 Controlling station state machine . 76
8.4.4 Controlled station state machine . 85
8.4.5 Controlling station directives for Session Keys management. 93
8.4.6 Controlled station directives for Session Keys management . 93
8.4.7 Initializing and changing Session Keys . 94
8.5 Secure Data Exchange . 95
8.5.1 General . 95
8.5.2 Messages definition . 96
8.5.3 Controlling station state machine . 100
8.5.4 Controlled station state machine . 105
8.5.5 Controlling station directives for Secure Data Exchange . 109
8.5.6 Controlled station directives for Secure Data Exchange . 109
8.5.7 Example of Secure Data exchange during Station Association . 110
8.5.8 Example of Secure Data Exchange during Session Key Change . 111
9 Interoperability requirements . 113
9.1 Overview of clause . 113

– 4 – IEC 62351-5:2023 © IEC 2023
9.2 Minimum requirements . 113
9.2.1 Overview of subclause . 113
9.2.2 Authentication algorithms . 113
9.2.3 Key wrap / transport algorithms . 113
9.2.4 Cryptographic keys . 114
9.2.5 Cryptographic curves . 114
9.2.6 Configurable values . 114
9.2.7 Cryptographic information . 116
9.3 Options . 116
9.3.1 Overview of subclause . 116
9.3.2 MAC/AEAD algorithms . 117
9.3.3 Key wrap / transport algorithms . 117
9.3.4 Cryptographic curves . 117
9.4 Use with TCP/IP . 117
9.5 Use with redundant channels . 117
10 Requirements for referencing this standard . 118
10.1 Overview of clause . 118
10.2 Selected options . 118
10.3 Message format mapping . 118
10.4 Reference to procedures . 118
10.5 Protocol information . 118
10.6 Controlled station response to unauthorized operations requests . 119
10.7 Transmission of security statistics . 119
10.8 Configurable values . 119
10.9 Protocol implementation conformance statement . 119
Annex A (informative) Security Event mapping to IEC 62351-14 . 120
A.1 General . 120
A.2 Mapping of IEC 62351-5 events specified in this document . 120
Bibliography . 122

Figure 1 – Overview of interaction between Central Authority and stations . 21
Figure 2 – Sequence of procedures . 23
Figure 3 – Station Association procedure . 34
Figure 4 – Station Association – Controlling station state machine . 43
Figure 5 – Station Association – Controlled station state machine . 53
Figure 6 – Example of Association ID, Update Keys and Session Keys initialization. 66
Figure 7 – Session Key Change procedure . 67
Figure 8 – Session Key Change – Controlling station state machine . 77
Figure 9 – Session Key Change – Controlled station state machine . 86
Figure 10 – Example of Session Key initialization and periodic update . 95
Figure 11 – Secure Data Exchange . 96
Figure 12 – Secure Data Exchange – Controlling station state machine . 101
Figure 13 – Secure Data Exchange – Controlled station state machine . 106
Figure 14 – Example of Secure Data Exchange during Station Association . 111
Figure 15 – Example of Secure Data messages exchanged during Session Key
Change . 112

Table 1 – Scope of application to standards . 8
Table 2 – Summary of symmetric keys used . 19
Table 3 – Summary of asymmetric keys used . 19
Table 4 – States used in the controlling station state machine . 24
Table 5 – States used in the controlled station state machine . 24
Table 6 – Summary of timers and counters used . 25
Table 7 – Security statistics and associated events . 26
Table 8 – Elliptic curves . 31
Table 9 – Association Request message . 35
Table 10 – Association Response message . 36
Table 11 – Update Key Change Request message. 38
Table 12 – Data Included in MAC calculation (in order) . 40
Table 13 – Update Key Change Response message . 40
Table 14 – Data Included in MAC calculation (in order) . 41
Table 15 – Controlling station state machine: Station Association . 44
Table 16 – Controlled station state machine: Station Association . 54
Table 17 – List of pre-defined role-to-permission assignment . 64
Table 18 – Session Request message . 68
Table 19 – Session Response message . 70
Table 20 – Data Included in MAC calculation (in order) . 71
Table 20 – Session Key Change Request message . 72
Table 21 – Data Included in WKD (in order) . 73
Table 22 – Example of Session Key order . 74
Table 23 – Data Included in the MAC calculation (in order) . 74
Table 25 – Session Key Change Response message . 75
Table 26 – Data Included in the MAC calculation (in order) . 75
Table 27 – Controlling station state machine: Session Key Change . 78
Table 28 – Controlled station state machine: Session Key Change . 87
Table 29 – Secure Data message . 97
Table 29 – Secure Data Payload using MAC algorithm . 98
Table 31 – Data included in the MAC calculation in Secure Data Payload (in order) . 99
Table 32 – AEAD algorithm parameters to generate the Secure Data Payload (in order) . 99
Table 33 – Controlling station state machine: Secure Data Exchange . 102
Table 34 – Controlled station state machine: Secure Data Exchange . 107
Table 35 – Configuration of cryptographic information . 116
Table 36 – Legend for configuration of cryptographic information. 116
Table A.1 – Security event logs defined in IEC 62351-5 Ed.1 mapped to IEC 62351-14 . 120

– 6 – IEC 62351-5:2023 © IEC 2023
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
POWER SYSTEMS MANAGEMENT AND ASSOCIATED INFORMATION
EXCHANGE – DATA AND COMMUNICATIONS SECURITY –

Part 5: Security for IEC 60870-5 and derivatives

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international
co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and
in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports,
Publicly Available Specifications (PAS) and Guides (hereafter referred to as "IEC Publication(s)"). Their
preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with
may participate in this preparatory work. International, governmental and non-governmental organizations liaising
with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for
Standardization (ISO) in accordance with conditions determined by agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence between
any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent
rights. IEC shall not be held responsible for identifying any or all such patent rights.
IEC 62351-5 has been prepared by IEC technical committee 57: Power systems management
and associated information exchange. It is an International Standard.
This International Standard cancels and replaces IEC TS 62351-5 published in 2013. It
constitutes a technical revision. The primary changes in this International Standard are:
a) The secure communication mechanism is performed on per controlling station/controlled
station association.
b) User management to add, change or delete a User, was removed.
c) Symmetric method to change the Update Key was removed.
d) Asymmetric method to the change Update Key was reviewed.
e) Challenge/Reply procedure and concepts were removed.
f) Aggressive Mode concept was replaced with the Secure Data message exchange
mechanism.
g) Authenticated encryption of application data was added.

h) The list of permitted security algorithms has been updated.
i) The rules for calculating messages sequence numbers have been updated
j) Events monitoring and logging was added.
NOTE The following print types are used:
CAPITALIZATION has been used in the text of this document to formally identify the most
important components of the described security mechanism. These components include: 1)
data items e.g. Update Keys, Session Keys; 2) procedure names, e.g. Station Association,
Session Key Change; message names, e.g. Association Request, Session Request; 3) state
names, e.g. Session Established, Wait for Session Response; 5) statistics e.g. Authentication
Errors, Unexpected Messages and 5) event names e.g. Reply Timeout, Rx Invalid Session Key
Change.
The text of this International Standard is based on the following documents:
Draft Report on voting
57/2516/FDIS 57/2555/RVD
Full information on the voting for its approval can be found in the report on voting indicated in
the above table.
The language used for the development of this International Standard is English.
This document was drafted in accordance with ISO/IEC Directives, Part 2, and developed in
accordance with ISO/IEC Directives, Part 1 and ISO/IEC Directives, IEC Supplement, available
at www.iec.ch/members_experts/refdocs. The main document types developed by IEC are
described in greater detail at www.iec.ch/standardsdev/publications.
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under webstore.iec.ch in the data related to the
specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
IMPORTANT – The "colour inside" logo on the cover page of this document indicates that it
contains colours which are considered to be useful for the correct understanding of its
contents. Users should therefore print this document using a colour printer.

– 8 – IEC 62351-5:2023 © IEC 2023
POWER SYSTEMS MANAGEMENT AND ASSOCIATED INFORMATION
EXCHANGE – DATA AND COMMUNICATIONS SECURITY –

Part 5: Security for IEC 60870-5 and derivatives

1 Scope
This part of IEC 62351 defines the application profile (A-profile) secure communication
mechanism specifying messages, procedures and algorithms for securing the operation of all
protocols based on or derived from IEC 60870-5, Telecontrol Equipment and Systems –
Transmission Protocols. This document applies to at least those protocols listed in Table 1.
Table 1 – Scope of application to standards
Number Name
IEC 60870-5-101 Companion standard for basic telecontrol tasks
IEC 60870-5-102 Companion standard for the transmission of integrated totals in electric power systems
IEC 60870-5-103 Companion standard for the informative interface of protection equipment
IEC 60870-5-104 Network access for IEC 60870-5-101 using standard transport profiles
Distributed Network Protocol (defined in IEEE Std 1815, based on IEC 60870-1 through
DNP3
IEC 60870-5 and maintained jointly by the DNP Users Group and the IEEE)

The initial audience for this document is intended to be the members of the working groups
developing the protocols listed in Table 1.
For the measures described in this document to take effect, they must be accepted and
referenced by the specifications for the protocols themselves. This document is written to
enable that process. The working groups in charge of taking this document to the specific
protocols listed in Table 1 may choose not to do so.
The subsequent audience for this document is intended to be the developers of products that
implement these protocols.
Portions of this document may also be of use to managers and executives in order to understand
the purpose and requirements of the work.
This document is organized working from the general to the specific, as follows:
• Clauses 2 through 4 provide background terms, definitions, and references.
• Clause 5 describes the problems this specification is intended to address.
• Clause 6 describes the mechanism generically without reference to a specific protocol.
• Clauses 7 and 8 describe the mechanism more precisely and are the primary normative
part of this specification.
• Clause 9 define the interoperability requirements for this secure communication
mechanism, including the relationship of this standard to IEC 62351-3 for transport layer
security.
• Clause 10 describes the requirements for other standards referencing this document.

The actions of an organization in response to events and error conditions described in this
document are expected to be defined by the organization’s security policy and they are beyond
the scope of this document.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies.
For undated references, the latest edition of the referenced document (including any
amendments) applies.
IEC 60870-5 (all parts), Telecontrol equipment and systems – Part 5: Transmission protocols
IEC TS 62351-1, Power systems management and associated information exchange – Data
and communications security – Part 1: Communication network and system security –
Introduction to security issues
IEC TS 62351-2, Power systems management and associated information exchange – Data
and communications security – Part 2: Glossary of terms
IEC 62351-3, Power systems management and associated information exchange – Data and
communications security – Part 3: Communication network and system security – Profiles
including TCP/IP
IEC 62351-7, Power systems management and associated information exchange – Data and
communications security – Part 7: Network and System Management (NSM) data object models
IEC 62351-8, Power systems management and associated information exchange – Data and
communications security – Part 8: Role-based access control for power system management
IEC 62351-14, Power systems management and associated information exchange – Data and
communications security – Part 14: Cyber security event logging
IETF RFC 2104, HMAC: Keyed-Hashing for Message Authentication
IETF RFC 3394, Advanced Encryption Standard (AES) Key Wrap Algorithm
IETF RFC 5116, An Interface and Algorithms for Authenticated Encryption
IETF RFC 5869, HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
IETF RFC 7693, The BLAKE2 Cryptographic Hash and Message Authentication Code (MAC)
IETF RFC 7748, Elliptic Curve for Security
SEC2-V2, Standards for Efficient Cryptography SEC2: Recommended Elliptic Curve Domain
Parameters – Version 2.0
___________
Under preparation. Stage at the time of publication: IEC ACDV 62351-14:2021.

– 10 – IEC 62351-5:2023 © IEC 2023
3 Terms and definitions
For the purposes of this document, the terms and definitions given in IEC TS 62351-2 and the
following apply.
ISO and IEC maintain terminological databases for use in standardization at the following
addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
3.1
association ID
pair of values that uniquely identify the communication link between a controlling station and a
controlled station and the related set of cryptographic keys
3.2
central authority
entity whose scope is the entire organization for which the purpose is to provide authentication
information to devices and systems of the organization to authorize them to communicate. The
Central Authority may or may not also be a Certificate Authority
3.3
communication link
the communication channel that connects two communicating entities. This link may be an
actual physical link or it may be a logical link that uses one or more actual physical links.
3.4
control direction
direction of transmission from the controlling station to a controlled station
[SOURCE: IEC 60870-5-101:2003, 3.3]
3.5
controlled station
station which is monitored, or commanded and monitored by a master (controlling) station
Note 1 to entry: It is commonly called an "outstation" or "slave" in some specifications.
[SOURCE: IEC TR 60870-1-3:1997, 3, modified (addition of "(controlling" and Note 1 to entry)]
3.6
controlling station
station which performs the telecontrol of controlled stations
Note 1 to entry: It is commonly called a "master" or "master station" in some specifications.
[SOURCE: IEC TR 60870-1-3:1997, 3, modified (replacement of "outstations" with "controlled
stations)]
3.7
local station
station nearest to the observer when the process is the same on both the controlling and
controlled station
3.8
monitoring direction
direction of transmission from a controlled station to a controlling station
[SOURCE: IEC 60870-5-101:2003, 3.4]

3.9
remote station
station farther from the observer when the process is the same on both the controlling and
controlled station
3.10
telecontrol
control of operational equipment at a distance using the transmission of information by
telecommunication techniques
Note 1 to entry: Telecontrol may comprise any combination of command, alarm, indication, metering, protection
and tripping facilities, without any use of speech messages.
[SOURCE: IEC TR 60870-1-3:1997, 3]
4 Abbreviated terms
Refer to IEC TS 62351-2 for a list of applicable abbreviated terms. The following terms are
included here because they are specifically used in the affected protocols and also used in the
discussion of this secure communication mechanism.
A-Profile Application Profile. Security for the application layer.
AEAD Authenticated Encryption with Associated Data. Function to encrypt and
authenticate data (providing confidentiality and authentication). Note that
AEAD also supports integrity protection of additional data, which is not
encrypted.
AID Association ID. Value identifying a single connection between controlling
and Controlled stations.
ASDU Application Service Data Unit. The application layer message submitted to
lower layers for transmission.
C.ing Controlling (referred to the controlling Station).
C.led Controlled (referred to the controlled Station).
HKDF HMAC-based Extract-and-Expand Key Derivation Function. Function to
derive a symmetric cryptographic key.
HMAC Keyed-Hash Message Authentication Code. Function to authenticate data
using a secret cryptographic key.
IKM Input Keying Material. Data provided to the HKDF-Extract function to
generate a pseudo-random key (PRK).
KEK Key Encryption Key. A secret key used to encrypt another secret key.
MAC Message Authentication Code. The calculated value used by a station to
authenticate and check the integrity of an Application Protocol Data Unit.
PRK Pseudo-Random Key. Data provided to the HKDF-Expand function to
generate a secret key.
T-Profile Transport Profile. Security for transport layer (TCP/IP)
TCP/IP Transmission Control Protocol/Internet Protocol.

– 12 – IEC 62351-5:2023 © IEC 2023
5 Problem description
5.1 Overview of clause
Clause 5 describes:
• the security threats that this document is intended to address;
• the unique design problems in implementing secure communication for IEC 60870-5 and
derived protocols;
• the resulting design principles behind the mechanism.
5.2 Specific threats addressed
This document shall address only the following security threats, as defined in IEC TS 62351‑2:
• spoofing;
• tampering;
• replay;
• eavesdropping
5.3 Design issues
5.3.1 Overview of subclause
Subclause 5.3 describes the challenges faced in developing a secure communication proposal
that can be applied to all the IEC 60870-5 and derived protocols. Subclause 5.3 is supplied for
the benefit of security experts reviewing this document who may not be familiar with the
electrical utility protocol environment.
5.3.2 Asymmetric communications
All the protocols affected by this specification share the concept of inequality between the
communication stations. In each of these protocols there is a designated controlling station and
a designated controlled station, each having different roles, responsibilities, procedures and
message formats. In particular, the controlling station is in many cases responsible for flow
control and media access control.
The existence of a definite controlled/controlling station designation has two impacts on the
design of this secure communication mechanism:
• the format of messages in each direction will almost certainly differ, even if the functions
are the same;
• Session key distribution is simplified because they will always be issued by the controlling
station.
5.3.3 Message-oriented
All of the affected protocols are message-oriented. Connection authentication is done once to
establish session keys, which in turn are used afterwards to support message authentication.
Message authentication must be performed on a messag
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...

This May Also Interest You

IEC
IEC 62351-7:2025(Main)
Power systems management and associated information exchange - Data and communications security - Part 7: Network and System Management (NSM) data object models

IEC 62351-7:2025 defines network and system management (NSM) data object models that are specific to power system operations. These NSM data objects will be used to monitor the health of networks and systems, to detect possible security intrusions, and to manage the performance and reliability of the information infrastructure. The goal is to define a set of abstract objects that will allow the remote monitoring of the health and condition of IEDs (Intelligent Electronic Devices), RTUs (Remote Terminal Units), DERs (Distributed Energy Resources) systems and other systems that are important to power system operations.
Power systems operations are increasingly reliant on information infrastructures, including communication networks, IEDs, and self-defining communication protocols. Therefore, management of the information infrastructure has become crucial to providing the necessary high levels of security and reliability in power system operations.
The telecommunication infrastructure that is in use for the transport of telecontrol and automation protocols is already subject to health and condition monitoring control, using the concepts developed in the IETF Simple Network Management Protocol (SNMP) standards for network management. However, power system specific devices (like teleprotection, telecontrol, substation automation, synchrophasors, inverters and protections) need instead a specific solution for monitoring their health.
The NSM objects provide monitoring data for IEC protocols used for power systems (IEC 61850, IEC 60870-5-104) and device specific environmental and security status. As a derivative of IEC 60870-5-104, IEEE 1815 DNP3 is also included in the list of monitored protocols. The NSM data objects use the naming conventions developed for IEC 61850, expanded to address NSM issues. For the sake of generality these data objects, and the data types of which they are comprised, are defined as abstract models of data objects.
In addition to the abstract model, in order to allow the integration of the monitoring of power system devices within the NSM environment in this part of IEC 62351, a mapping of objects to the SNMP protocol of Management Information Base (MIBs) is provided.
The objects that are already covered by existing MIBs are not defined here but are expected to be compliant with existing MIB standards. For example protocols including EST, SCEP, RADIUS, LDAP, GDOI are not in scope.
This edition of IEC 62351-7 cancels and replaces IEC 62351-7 published in 2017. This new edition constitutes a technical revision and includes the following significant technical changes with respect to IEC 62351-7:
a) Reviewed and enriched the NSM object data model;
b) UML model adopted for NSM objects description;
c) SNMP protocol MIBs translation included as Code Components

  • Standard
    130 pages
    English language
    sale 15% off
  • Standard
    140 pages
    French language
    sale 15% off
  • Standard
    270 pages
    English and French language
    sale 15% off
IEC
IEC TR 62746-2:2025(Main)
Systems interface between customer energy management system and the power management system - Part 2: Use cases

IEC TR 62746-2:2025, which is a technical report, describes the main pillars of interoperability to assist different IEC Technical Committees in defining their interfaces and messages covering the whole chain between a Smart Grid and Smart Home/Building/Industrial area.
The main topics of this document are:
– To describe an architecture model from a logical point of view;
– To describe a set of user stories that describe a number of situations related to energy flexibility and demand side management as well as an outline of potential upcoming Smart Building and Smart Home scenarios. The set of user stories does not have the ambition to list all home and building (energy) management possibilities, but is meant as a set of examples that are used as input in use cases and to check that the set of use cases is complete;
– To describe a set of use cases based on the user stories and architecture. The use cases describe scenarios in which the communication between elements of the architecture are identified;
– To further detail the communication, identified in the use cases, by describing the messages and information to be exchanged.
This document can also be used as a blueprint for further smart home solutions like remote control, remote monitoring, ambient assistant living and so forth.
This technical report will be regularly revised by introducing new use cases and updating the current use cases. The use cases presented in this document are not going to be included in the IEC Use Case Management Repository (UCMR). The data models of some use cases presented here are defined in the second edition of IEC 62746-4 . The smart grid architecture model presented in this document is created in coordination with IEC TC13, SC23, and TC57
This second edition cancels and replaces the first edition published in 2015. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) The Architecture Model of the Smart Grid Coordination Group (Figure 6) has been replaced with the draft Architecture Model of TC57 in collaboration with SC23K and TC13;
b) The use cases from Edition 1 (2015) with the following IDs have been removed from the current document: JWG2000, JWG2001, JWG2010, JWG202x, JWG2041, JWG2042, JWG1111, WGSP2120, JWG30xx;
c) The use cases from Edition 1 (2015) with the following IDs: JWG1100, JWG1101, JWG-SPUC1102, and JWG1103 have been replaced with the use case JWG1100;
d) The following use cases have been added to the current document: JWG3000, JWG3001, JWG3002, JWG3003, JWG3004, JWG3005, JWG3006, JWG4000.

  • Technical report
    229 pages
    English language
    sale 15% off
IEC
IEC TR 61850-90-20:2025(Main)
Communication networks and systems for power utility automation - Part 90-20: Use cases of redundancy in systems

IEC TR 61850-90-20:2025, which is a technical report, describes use cases of redundancy in systems.
This document considers use cases of duplication of function and devices and covers redundancy of information flow at message level. Functional safety is out of scope of this document. To keep focus on details relevant for this document, some figures and drawings do not show electrical wiring, redundant coils, etc, where this is not important for the use case.
This document is not a guideline on the design of redundancy systems; guidance on designing redundancy systems can be found in textbooks

  • Technical report
    31 pages
    English language
    sale 15% off
IEC
IEC 61850-10:2012/AMD1:2025(Amendment)
Amendment 1 - Communication networks and systems for power utility automation - Part 10: Conformance testing
  • Standard
    72 pages
    English language
    sale 15% off
  • Standard
    75 pages
    French language
    sale 15% off
  • Standard
    147 pages
    English and French language
    sale 15% off
IEC
IEC 61850-10:2012(Main)
Communication networks and systems for power utility automation - Part 10: Conformance testing

IEC 61850-10:2012 specifies standard techniques for testing of conformance of client, server and sampled value devices and engineering tools, as well as specific measurement techniques to be applied when declaring performance parameters. The use of these techniques will enhance the ability of the system integrator to integrate IEDs easily, operate IEDs correctly, and support the applications as intended. The major technical changes with regard to the previous edition are as follows:
- updates to server device conformance test procedures;
- additions of certain test procedures (client device conformance, sampled values device conformance, (engineering) tool related conformance, GOOSE performance).

  • Standard
    190 pages
    English language
    sale 15% off
  • Standard
    170 pages
    English and French language
    sale 15% off
IEC
IEC TS 61850-6-3:2025(Main)
Communication networks and systems for power utility automation - Part 6-3: Format of machine-processable rules for validation of IEC 61850 XML-based files

IEC TS 61850-6-3:2025, which is a Technical Specification, describes how to use and define formal rules, in a machine-processable format: OCL, that can be imported and interpreted by tools.
The following main use cases are supported:
– Validate SCL files at every stage of the specification and engineering process;
– Verify the conformity of a SCL file after completion of the upgrading/downgrading rules;
– Extend standard OCL rules with private OCL rules
The purpose of this document is limited to the publication of the format and method to write correct and structured rules. The rules themselves are published as code components of the corresponding IEC 61850 parts.

  • Technical specification
    33 pages
    English language
    sale 15% off
IEC
IEC 62488-1:2025(Main)
Power line communication systems for power utility applications - Part 1: Planning of analogue and digital power line carrier systems operating over HV electricity grids

IEC 62488-1:2025 applies to the planning of analogue (APLC), digital (DPLC) and hybrid analogue-digital (ADPLC) power line carrier communication systems operating over HV electric power networks. The object of this document is to establish the planning of the services and performance parameters for the operational requirements to transmit and receive data efficiently and reliably.
Such analogue and digital power line carrier systems are used by the different electricity supply industries and integrated into their communication infrastructure using common communication technologies such as radio links, fibre optic and satellite networks
This second edition cancels and replaces the first edition published in 2012. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) Complete revision of this edition with respect to the previous edition with the main focus on planning of analogue and digital power line carrier systems operating over HV power networks;
b) A general structure of a bidirectional point-to-multipoint APLC, DPLC or ADPLC link has been introduced;
c) Introduction of a new approach for global frequency planning.

  • Standard
    105 pages
    English language
    sale 15% off
  • Standard
    112 pages
    French language
    sale 15% off
  • Standard
    217 pages
    English and French language
    sale 15% off
IEC
IEC TS 61850-7-7:2018/AMD1:2023/COR1:2025(Amendment)
Corrigendum 1 - Amendment 1 - Communication networks and systems for power utility automation - Part 7-7: Machine-processable format of IEC 61850-related data models for tools
  • Technical specification
    3 pages
    English language
    sale 15% off
IEC
IEC TS 60870-5-7:2025(Main)
Telecontrol equipment and systems - Part 5-7: Transmission protocols - Security extensions to IEC 60870-5-101 and IEC 60870-5-104 protocols (applying IEC 62351)

IEC TS 60870-5-7:2025, which is a technical specification, describes messages and data formats for implementing IEC 62351-5:2023 for secure communication as an extension to IEC 60870-5-101 and IEC 60870-5-104.
The purpose of this document is to permit the receiver of any IEC 60870-5-101/-104 Application Protocol Data Unit (APDU) to verify that the APDU was transmitted by an authorized user and that the APDU was not modified in transit.
This document is also intended to be used, together with the definitions of IEC 62351-3:2023, in conjunction with the IEC 60870-5-104 companion standard.
The state machines, message sequences, and procedures for exchanging these messages are defined in IEC 62351-5:2023. This document describes only the message formats, selected options, critical operations, addressing considerations and other adaptations required to implement IEC 62351 in the IEC 60870-5-101 and IEC 60870-5-104 protocols.
In addition to the previous edition, this new edition of this document also addresses role-based access control, by utilizing the IEC 62351-8 RBAC approach and the already defined role to permission mapping from IEC 62351-5:2023.
The scope of this document does not include security for IEC 60870-5-102 or IEC 60870-5-103. IEC 60870-5-102 is in limited use only and will therefore not be addressed. Users of IEC 60870-5-103 desiring a secure solution need to implement IEC 61850 using the security measures from in IEC 62351 referenced in IEC 61850.
Management of keys, certificates or other cryptographic credentials within devices or on communication links other than IEC 60870-5-101/104 is out of the scope of this document and might be addressed by other IEC 62351 publications in the future.
This second edition cancels and replaces the first edition published in 2013. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) This edition has been completely revised with respect to the previous edition;
b) Alignment with updated versions of IEC 62351-3:2023 and IEC 62351-5:2023;
c) Definition of specific profiles for application layer and transport layer;
d) Introduction of Session Initiation Request to handle situations in which the called station reestablishes a connection;
e) Inclusion of multicast security for the unbalanced mode of IEC 60870-5-101 including key management;
f) Consideration of RBAC based on IEC 62351-8.
This Technical Specification is to be used in conjunction with IEC 62351-5:2023 and IEC 60870-5-104:2016.

  • Technical specification
    50 pages
    English language
    sale 15% off
IEC
IEC TR 61850-90-30:2025(Main)
Communication networks and systems for power utility automation - Part 90-30: IEC 61850 Function Modelling in SCL

IEC TR 61850-90-30:2025, which is a Technical Report, describes extensions of the SCL Substation/Process Section allowing the creation of a comprehensive, IED and hardware independent specification of an IEC 61850 based power system.
It addresses how to:
• decompose functions in SCL
• show function classifications in SCL
• relate functions with the SCL Substation and Process Section
• relate functions to Logical Nodes and IEDs/Specification IEDs
• present information flow between functions in a hardware/implementation independent way
• position Functions in relation to "Application Schemes", "Distributed Functions", "Protection Schemes"
• consider the relationship to Basic Application Profiles (BAP) defined in IEC TR 61850-7-6
The document addresses the engineering process as far as it is related to the specification of Functions and their instantiation in IEC 61850 based power system. This includes the impact on the SCL Process Section during system configuration.
The engineering process related to the definition of Applications and their instantiation is addressed in the Basic Application Profile Document (BAP) in IEC TR 61850-7-6.
The System Configuration process is described in IEC 61850-6.
Modifications and extensions of SCL are done in a way to guarantee backwards compatibility.
In addition, this document introduces:
• Some further elements to SCL that improve the content and usefulness of SSD files and facilitate the handling of SCL files for engineering purposes,
• New variants of IED specific files: ISD file and FSD files,
• Evolution of the engineering rights management, to first improve the usage of SED and add a new concept of System Configuration Collaboration (SCC file) which allows collaboration on the same project with different engineers.

  • Technical report
    184 pages
    English language
    sale 15% off