iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
IEC

IEC TR 62351-90-2:2018

(Main)

Power systems management and associated information exchange - Data and communications security - Part 90-2: Deep packet inspection of encrypted communications

Power systems management and associated information exchange - Data and communications security - Part 90-2: Deep packet inspection of encrypted communications

IEC TR 62351-90-2:2018, which is a technical report, addresses the need to perform Deep Packet Inspection (DPI) on communication channels secured by IEC 62351. The main focus is the illustration of the state-of-the art of DPI techniques that can be applied to the various kinds of channels, highlighting the possible security risks and implementation costs. Additional, beyond state-of-the-art proposals are also described in order to circumvent the main limits of existing solutions.
It is to be noted that some communications secured by IEC 62351 are not encrypted, but only add integrity and non-repudiation of the message – however they are mentioned here for the sake of completeness around IEC 62351 and DPI

General Information

Status
Published
Publication Date
19-Sep-2018
ICS
01 - GENERALITIES. TERMINOLOGY. STANDARDIZATION. DOCUMENTATION
33.200 - Telecontrol. Telemetering
Technical Committee
TC 57 - Power systems management and associated information exchange
Current Stage
PPUB - Publication issued
Start Date
11-Sep-2018
Completion Date
20-Sep-2018
Ref Project

Buy Standard

IEC TR 62351-90-2:2018 - Power systems management and associated information exchange - Data and communications security - Part 90-2: Deep packet inspection of encrypted communicationsIEC TR 62351-90-2:2018 - Power systems management and associated information exchange - Data and communications security - Part 90-2: Deep packet inspection of encrypted communications
PreviousNext
Technical report
IEC TR 62351-90-2:2018 - Power systems management and associated information exchange - Data and communications security - Part 90-2: Deep packet inspection of encrypted communications
English language
28 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


IEC TR 62351-90-2 ®
Edition 1.0 2018-09
TECHNICAL
REPORT
colour
inside
Power systems management and associated information exchange – Data and
communications security –
Part 90-2: Deep packet inspection of encrypted communications

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.

IEC Catalogue - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
The stand-alone application for consulting the entire The world's leading online dictionary of electronic and
bibliographical information on IEC International Standards, electrical terms containing 21 000 terms and definitions in
Technical Specifications, Technical Reports and other English and French, with equivalent terms in 16 additional
documents. Available for PC, Mac OS, Android Tablets and languages. Also known as the International Electrotechnical
iPad. Vocabulary (IEV) online.

IEC publications search - webstore.iec.ch/advsearchform IEC Glossary - std.iec.ch/glossary
The advanced search enables to find IEC publications by a 67 000 electrotechnical terminology entries in English and
variety of criteria (reference number, text, technical French extracted from the Terms and Definitions clause of
committee,…). It also gives information on projects, replaced IEC publications issued since 2002. Some entries have been
and withdrawn publications. collected from earlier publications of IEC TC 37, 77, 86 and

CISPR.
IEC Just Published - webstore.iec.ch/justpublished
Stay up to date on all new IEC publications. Just Published IEC Customer Service Centre - webstore.iec.ch/csc
details all new publications released. Available online and If you wish to give us your feedback on this publication or
also once a month by email. need further assistance, please contact the Customer Service
Centre: sales@iec.ch.
IEC TR 62351-90-2 ®
Edition 1.0 2018-09
TECHNICAL
REPORT
colour
inside
Power systems management and associated information exchange – Data and

communications security –
Part 90-2: Deep packet inspection of encrypted communications

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 33.200 ISBN 978-2-8322-6038-8

– 2 – IEC TR 62351-90-2:2018  IEC 2018
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
1 Scope . 7
2 Normative references . 7
3 Terms, definitions and abbreviated terms . 8
3.1 Terms and definitions . 8
3.2 Abbreviated terms . 8
4 Overview . 8
5 Monitoring and auditing requirements . 9
5.1 Use cases from utilities . 9
5.2 Use cases from vendors. 9
5.3 A similar use case: Encrypted SIP Calls Recording . 10
6 Overview of encrypted channels in IEC 62351 . 10
6.1 General . 10
6.2 IEC 62351-3 . 10
6.3 IEC TS 62351-4 . 10
6.4 IEC TS 62351-6 . 11
7 DPI for encrypted communication techniques evaluation framework . 11
8 State of the art of ready techniques . 12
8.1 General . 12
8.2 Unencrypted TLS . 12
8.3 Private key sharing . 13
9 State of the art of techniques that need adaptation . 14
9.1 General . 14
9.2 Proxy . 14
9.3 Advanced Middlebox (mcTLS) . 16
9.4 Secure session-key sharing . 18
9.5 Delayed secure session-key sharing . 20
9.6 Application-level mirroring . 21
10 Additional proposals . 23
10.1 Secure private-key sharing . 23
11 State of the art summary . 24
12 Practical considerations for ready techniques . 26
12.1 General . 26
12.2 Unencrypted TLS . 26
12.3 Private-key sharing . 26
12.4 Recommendations to mitigate risks . 26
13 Future challenges . 27
Bibliography . 28

Figure 1 – Unencrypted TLS sample architecture . 12
Figure 2 – Private Key sharing sample architecture . 13
Figure 3 – Proxy scenario sample architecture . 15
Figure 4 – Advanced Middlebox sample architecture . 17

Figure 5 – Secure session-key sharing sample architecture . 18
Figure 6 – Delayed secure session-sharing sample architecture . 20
Figure 7 – Application-level mirroring sample architecture . 22

Table 1 – State of the art summary . 25

– 4 – IEC TR 62351-90-2:2018  IEC 2018
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
POWER SYSTEMS MANAGEMENT
AND ASSOCIATED INFORMATION EXCHANGE –
DATA AND COMMUNICATIONS SECURITY –

Part 90-2: Deep packet inspection
of encrypted communications
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
The main task of IEC technical committees is to prepare International Standards. However, a
technical committee may propose the publication of a technical report when it has collected
data of a different kind from that which is normally published as an International Standard, for
example "state of the art".
IEC TR 62351-90-2, which is a technical report, has been prepared by IEC technical
committee 57: Power systems management and associated information exchange.

The text of this Technical Report is based on the following documents:
Enquiry draft Report on voting
57/1939/DTR 57/2002/RVDTR
Full information on the voting for the approval of this technical report can be found in the
report on voting indicated in the above table.
This document has been drafted in accordance with the ISO/IEC Directives, Part 2.
A list of all parts in the IEC 62351 series, published under the general title Power systems
management and associated information exchange – Data and communications security, can
be found on the IEC website.
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under "http://webstore.iec.ch" in the data related to
the specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
A bilingual version of this publication may be issued at a later date.

IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its cont
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

IEC
IEC 61970-301:2020(Main)
Energy management system application program interface (EMS-API) - Part 301: Common information model (CIM) base

IEC 61970-301:2020 lays down the common information model (CIM), which is an abstract model that represents all the major objects in an electric utility enterprise typically involved in utility operations. By providing a standard way of representing power system resources as object classes and attributes, along with their relationships, the CIM facilitates the integration of network applications developed independently by different vendors, between entire systems running network applications developed independently, or between a system running network applications and other systems concerned with different aspects of power system operations, such as generation or distribution management. SCADA is modeled to the extent necessary to support power system simulation and inter-control centre communication. The CIM facilitates integration by defining a common language (i.e. semantics) based on the CIM to enable these applications or systems to access public data and exchange information independent of how such information is represented internally.
This edition reflects the model content version ‘IEC61970CIM17v38’, dated ‘2020-01-21’, and includes the following significant technical changes with respect to the previous edition:
a) Added Feeder modelling;
b) Added ICCP configuration modelling;
c) Correction of issues found in interoperability testing or use of the standard;
d) Improved documentation;
e) Updated Annex A with custom extensions;
f) Added Annex B Examples of PST transformer modelling;
g) Added Annex C HVDC use cases.

  • Standard
    554 pages
    English language
    sale 15% off
  • Standard
    1158 pages
    English and French language
    sale 15% off
  • Standard
    2320 pages
    English and French language
    sale 15% off
IEC
IEC 61850-7-1:2011/AMD1:2020(Amendment)
Amendment 1 - Communication networks and systems for power utility automation - Part 7-1: Basic communication structure - Principles and models
  • Standard
    209 pages
    English and French language
    sale 15% off
IEC
IEC 61968-5:2020(Main)
Application integration at electric utilities - System interfaces for distribution management - Part 5: Distributed energy optimization

IEC 61968-5:2020 is the description of a set of functions that are needed for enterprise integration of DERMS functions. These exchanges are most likely between a DERMS and a DMS. However, since this is an enterprise integration standard which may leverage IEC 61968-100:2013 for application integration (using web services or JMS) or other loosely-coupled implementations, there are no technical limitations for systems with which a DERMS might exchange information. Also, it should be noted that a DERMS might communicate with individual DER using a variety of standards and protocols such as IEC 61850, IEEE 2030.5, Distribution Network Protocol (DNP), Sunspec Modbus, or perhaps Open Field Message Bus (OpenFMB). One role of the DERMS is to manage this disparity and complexity of communications on the behalf of the system operator. However, the communication to individual DER is out of scope of this standard. Readers should look to those standards to understand communication to individual DER’s smart inverter.
The scope will be limited to the following use case categories:
• DER group creation – a mechanism to manage DER in aggregate
• DER group maintenance – a mechanism to add, remove, or modify the members and/or aggregated capabilities of a given group of DER
• DER group deletion – removing an entire group
• DER group status monitoring – a mechanism for quantifying or ascertaining the current capabilities and/or status of a group of DER
• DER group forecast – a mechanism for predicting the capabilities and/or status of a group of DER for a given time period in the future
• DER group dispatch – a mechanism for requesting that specified capabilities of a group of DER be dispatched to the grid
• DER group voltage ramp rate control – a mechanism for requesting that a DER group following a ramp rate curve
• DER group connect/disconnect – a mechanism to request that DER either isolate themselves, or reconnect to the grid as needed.

  • Standard
    99 pages
    English and French language
    sale 15% off
IEC
IEC TR 61850-90-12:2020(Main)
Communication networks and systems for power utility automation - Part 90-12: Wide area network engineering guidelines

IEC TR 61850-90-12:2020, which is a Technical Report, is intended for an audience familiar with electrical power automation based on IEC 61850 and related power system management, and particularly for data network engineers and system integrators. It is intended to help them to understand the technologies, configure a wide area network, define requirements, write specifications, select components, and conduct tests.
This document provides definitions, guidelines, and recommendations for the engineering of WANs, in particular for protection, control and monitoring based on IEC 61850 and related standards.
This document addresses substation-to-substation communication, substation-to-control centre, and control centre-to-control centre communication. In particular, this document addresses the most critical aspects of IEC 61850 such as protection related data transmission via GOOSE and SMVs, and the multicast transfer of large volumes of synchrophasor data.
The document addresses issues such as topology, redundancy, traffic latency and quality of service, traffic management, clock synchronization, security, and maintenance of the network.
This document contains use cases that show how utilities tackle their WAN engineering. This second edition cancels and replaces the first edition published in 2015. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) extension of use case with respect to distribution and customer-side applications;
b) extensions of wireless access technologies as well as power line communication ones applicable to the above-mentioned use case;
c) revisions regarding radio communication technology performance;
d) extension of network migration with respect to packet switched network;
e) a new mapping of multiprotocol label switching technology to teleprotection.

  • Technical report
    259 pages
    English language
    sale 15% off
IEC
IEC TS 61850-1-2:2020(Main)
Communication networks and systems for power utility automation - Part 1-2: Guideline on extending IEC 61850

IEC TS 61850-1-2:2020, which is a technical specification, is intended for any users but primarily for standardization bodies that are considering using IEC 61850 as a base standard within the scope of their work and are willing to extend it as allowed by the IEC 61850 standards. This document identifies the required steps and high-level requirements in achieving such extensions of IEC 61850 and provides guidelines for the individual steps.
Within that scope, this document addresses the following cases:
• The management of product-level standards for products that have an interface based on IEC 61850
• The management of domain-level standards based on IEC 61850
• The management of transitional standards based on IEC 61850
• The management of private namespaces based on IEC 61850
• The development of standards offering the mapping of IEC 61850 data model at CDC level
• The development and management of IEC 61850 profiles for domains (underlying the role of IEC TR 62361-103 and IEC TR 61850-7-6)
This document includes both technical and process aspects:
On the technical side, this document:
• Reminds the main basic requirements (mostly referring to the appropriate parts of the series which host the requirements or recommendations)
• Lists all possible flexibilities offered by the standards
• Defines which flexibilities are allowed/possible per type of extension cases
On the process side, the document covers:
• The initial analysis of how the existing IEC 61850 object models and/or communication services may be applied and what allowed extensions may be required for utilizing them in new or specific domains (including private ones). The results of that step are expected to be documented
• The extension of the IEC 61850 object models for new domains. The typical associated work is to identify existing logical nodes which can be reused "as is", to determine if existing logical nodes can be extended, or to define new logical nodes
• The purpose and process to use transitional namespaces, which are expected to be merged eventually into an existing standard namespace
• The management of standard namespaces
• The development of private namespaces

  • Technical specification
    45 pages
    English language
    sale 15% off
  • Technical specification
    49 pages
    English language
    sale 15% off
IEC
IEC 61968-1:2020(Main)
Application integration at electric utilities - System interfaces for distribution management - Part 1: Interface architecture and general recommendations

IEC 61968-1:2020 is the first in a series that, taken as a whole, defines interfaces for the major elements of an interface architecture for power system management and associated information exchange.
This document identifies and establishes recommendations for standard interfaces based on an Interface Reference Model (IRM). Subsequent clauses of this document are based on each interface identified in the IRM. This set of standards is limited to the definition of interfaces. They provide for interoperability among different computer systems, platforms, and languages. IEC 61968-100 gives recommendations for methods and technologies to be used to implement functionality conforming to these interfaces.
As used in IEC 61968, distribution management consists of various distributed application components for the utility to manage electrical distribution networks. These capabilities include monitoring and control of equipment for power delivery, management processes to ensure system reliability, voltage management, demand-side management, outage management, work management, network model management, facilities management, and metering. The IRM is specified in Clause 3. The IRM defines the high-level view of the TC 57 reference architecture and the detailed in the relevant 61968 series, 61970 series or 62325 series. The goal of the IRM is to provide a common relevant context view for TC 57 that covers domains like transmission, distribution, market, generation, consumer, regional reliability operators, and regulators.
This third edition cancels and replaces the second edition published in 2012. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) update of IRM section, which has been out of date since the 2nd edition;
b) update to IRM model using ArchiMate modelling language;
c) addition of missing business functions and business objects;
d) alignment with newly released documents from the technical committee;
e) alignment with IEC 61968-100;
f) update of annexes.

  • Standard
    214 pages
    English and French language
    sale 15% off
IEC
IEC 62351-3:2014(Main)
Power systems management and associated information exchange - Data and communications security - Part 3: Communication network and system security - Profiles including TCP/IP

IEC 62351-3:2014 specifies how to provide confidentiality, integrity protection, and message level authentication for SCADA and telecontrol protocols that make use of TCP/IP as a message transport layer when cyber-security is required. Although there are many possible solutions to secure TCP/IP, the particular scope of this part is to provide security between communicating entities at either end of a TCP/IP connection within the end communicating entities. This part of IEC 62351 reflects the security requirements of the IEC power systems management protocols.

  • Standard
    29 pages
    English and French language
    sale 15% off
  • Standard
    65 pages
    English and French language
    sale 15% off
  • Standard
    86 pages
    English and French language
    sale 15% off
IEC
IEC 62351-3:2014/AMD2:2020(Amendment)
Amendment 2 - Power systems management and associated information exchange - Data and communications security - Part 3: Communication network and system security - Profiles including TCP/IP
  • Standard
    21 pages
    English and French language
    sale 15% off
IEC
IEC 61850-9-2:2011/AMD1:2020(Amendment)
Amendment 1 - Communication networks and systems for power utility automation - Part 9-2: Specific communication service mapping (SCSM) - Sampled values over ISO/IEC 8802-3
  • Standard
    45 pages
    English and French language
    sale 15% off
IEC
IEC 61850-7-4:2010(Main)
Communication networks and systems for power utility automation - Part 7-4: Basic communication structure - Compatible logical node classes and data object classes

IEC 61850-7-4:2010 specifies the information model of devices and functions generally related to common use regarding applications in systems for power utility automation. It also contains the information model of devices and function-related applications in substations. In particular, it specifies the compatible logical node names and data object names for communication between intelligent electronic devices (IED). This includes the relationship between logical nodes and data objects. Major technical changes with regard to the previous edition are as follows:
- corrections and clarifications according to technical issues raised by the users' community; extensions for new logical nodes for the power quality domain;
- extensions for the model for statistical and historical statistical data;
- extensions regarding IEC 61850-90-1;
- extensions for new logical nodes for monitoring functions according to IEC 62271;
- new logical nodes from IEC 61850-7-410 and IEC 61850-7-420 of general interest.
This publication is of core relevance for Smart Grid.

  • Standard
    179 pages
    English language
    sale 15% off
  • Standard
    490 pages
    English language
    sale 15% off
  • Standard
    421 pages
    English and French language
    sale 15% off