iTeh Standards logo
EURUSD
Your shopping cart is empty.
SIST

SIST EN IEC 62351-5:2023

(Main)

Power systems management and associated information exchange - Data and communications security - Part 5: Security for IEC 60870-5 and derivatives (IEC 62351-5:2023)

Power systems management and associated information exchange - Data and communications security - Part 5: Security for IEC 60870-5 and derivatives (IEC 62351-5:2023)

This part of IEC 62351 defines the application authentication mechanism (A-profile) specifying messages, procedures and algorithms for securing the operation of all protocols based on or derived from IEC 60870-5: Telecontrol Equipment and Systems - Transmission Protocols.
This Standard applies to at least those protocols listed in Table 1.
[Table 1]
The initial audience for this International Standard is intended to be the members of the working groups developing the protocols listed in Table 1.
For the measures described in this standard to take effect, they must be accepted and referenced by the specifications for the protocols themselves. This document is written to enable that process. The working groups in charge of take this standard to the specific protocols listed in Table 1 may choose not to do so.
The subsequent audience for this specification is intended to be the developers of products that implement these protocols.
Portions of this standard may also be of use to managers and executives in order to understand the purpose and requirements of the work.
This document is organized working from the general to the specific, as follows:
- Clauses 2 through 4 provide background terms, definitions, and references.
- Clause 5 describes the problems this specification is intended to address.
- Clause 6 describes the mechanism generically without reference to a specific protocol.
- Clauses 7 and 8 describe the mechanism more precisely and are the primary normative part of this specification.
- Clause 9 define the interoperability requirements for this authentication mechanism.
- Clause 10 describes the requirements for other standards referencing this specification
Unless specifically labelled as informative or optional, all clauses of this specification are normative.

Energiemanagementsysteme und zugehöriger Datenaustausch – IT-Sicherheit für Daten und Kommunikation – Teil 5: Sicherheit für IEC 60870-5 und Derivate (IEC 62351-5:2023)

Gestion des systèmes de puissance et échanges d’informations associées - Sécurité des communications et des données - Partie 5: Aspects de sécurité pour l’IEC 60870-5 et ses dérivés (IEC 62351-5:2023)

IEC 62351-5:2023 définit le mécanisme de communication sécurisée du profil d'application (profil A) qui spécifie les messages, les procédures et les algorithmes pour sécuriser le fonctionnement de tous les protocoles fondés sur ou dérivés de l’IEC 60870-5, Matériels et systèmes de téléconduite – Protocoles de transmission.
Pour que les mesures décrites dans le présent document entrent en application, elles doivent être acceptées et référencées par les spécifications des protocoles eux-mêmes. Le présent document est rédigé dans le but de permettre ce processus.
Il est prévu que les lecteurs suivants du présent document soient les personnes chargées d’élaborer les produits qui mettent en œuvre ces protocoles.
Certaines parties du présent document peuvent également être utiles aux gestionnaires et aux cadres dirigeants pour comprendre le but et les exigences du travail.
Ce document est organisé du plus général au plus spécifique, comme suit:
• les Articles 2 à 4 fournissent des termes, des définitions et des références de contexte;
• l’Article 5 décrit les problèmes que la présente spécification est destinée à traiter;
• l’Article 6 décrit le mécanisme de manière générale, sans référence à un protocole spécifique;
• les Articles 7 et 8 décrivent le mécanisme plus précisément. Ils constituent la partie normative principale de la présente spécification;
• l’Article 9 définit les exigences d’interopérabilité pour ce mécanisme de communication sécurisée y compris la relation entre cette norme et la CEI 62351-3 pour la sécurité de la couche transport;
• l’Article 10 décrit les exigences des autres normes qui font référence au présent document.
Il est attendu que les actions d’une organisation en réponse aux événements et conditions d’erreurs décrits dans le présent document soient définies par la politique de sécurité de l’organisme. Elles ne relèvent pas du domaine d’application du présent document.
Cette Norme internationale annule et remplace l'IEC TS 62351-5 parue en 2013. Elle constitue une révision technique. Les modifications principales présentées dans la présente Norme internationale sont les suivantes:
a) le mécanisme de communication sécurisée est réalisé par une association poste de conduite/poste téléconduit;
b) la gestion des Utilisateurs, qui sert à ajouter, modifier ou supprimer un Utilisateur, a été supprimée;
c) la méthode symétrique, qui sert à modifier la Clé de Mise à Jour, a été supprimée;
d) la méthode asymétrique, qui sert à modifier la Clé de Mise à Jour, a été révisée;
e) la procédure et les concepts de Stimulation/Réponse ont été supprimés;
f) le concept de Mode Agressif a été remplacé par le mécanisme d’échange de messages de Données Sécurisées;
g) un chiffrement authentifié des données d’application a été ajouté;
h) la liste des algorithmes de sécurité admis a été mise à jour;
i) les règles de calcul des numéros de séquence des messages ont été mises à jour;
j) la surveillance et l’enregistrement des événements ont été ajoutés.

Upravljanje elektroenergetskega sistema in pripadajoča izmenjava informacij - Varnost podatkov in komunikacij - 5. del: Varnost za IEC 60870-5 in izpeljanke (IEC 62351-5:2023)

Ta del standarda IEC 62351 opredeljuje mehanizem za ugotavljanje pristnosti uporabe (profil A), ki določa sporočila, postopke in algoritme za zavarovanje delovanja vseh protokolov, ki temeljijo na standardu IEC 60870-5 ali iz njega izhajajo: Oprema in sistemi na daljinsko vodenje – Protokoli prenosa.
Ta standard se uporablja vsaj za protokole, navedene v preglednici 1.
[Preglednica 1]
Namembni uporabniki tega mednarodnega standarda so člani delovnih skupin, ki razvijajo protokole, navedene v preglednici 1.
Ukrepi, opisani v tem standardu, stopijo v veljavo, ko so sprejeti in sklicevani v samih specifikacijah protokolov. Ta dokument je napisan, da se omogoči ta postopek. Delovne skupine, odgovorne za razvoj tega standarda za posebne protokole iz preglednice 1, se lahko odločijo, da tega ne bodo storile.
Posledično je ta specifikacija namenjena razvijalcem proizvodov, ki izvajajo te protokole.
Deli tega standarda lahko pomagajo tudi direktorjem in vodjem pri razumevanju namena in zahtev dela.
Ta dokument je organiziran od splošnega do posebnega, kot sledi:
– V točkah od 2 do 4 so navedeni osnovni izrazi, opredelitve in sklicevanja.
– V točki 5 so opisani problemi, ki naj bi jih ta specifikacija obravnavala.
– V točki 6 je mehanizem opisan na splošno brez sklicevanja na poseben protokol.
– Točki 7 in 8 natančneje opisujeta mehanizem in predstavljata glavni normativni del te specifikacije.
– Točka 9 opredeljuje zahteve za interoperabilnost tega mehanizma za ugotavljanje pristnosti.
– Točka 10 opisuje zahteve za druge standarde, ki se sklicujejo na to specifikacijo.
Če niso posebej označeni kot informativni ali neobvezni, so vsi členi te specifikacije normativni.

General Information

Status
Published
Publication Date
12-Mar-2023
ICS
29.240.30 - Control equipment for electric power systems
35.240.50 - IT applications in industry
Technical Committee
PSE - Power systems management
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
01-Mar-2023
Due Date
06-May-2023
Completion Date
13-Mar-2023
Ref Project
EN IEC 62351-5:2023 - Power systems management and associated information exchange - Data and communications security - Part 5: Security for IEC 60870-5 and derivatives

Overview

SIST EN IEC 62351-5:2023 (IEC 62351-5:2023) defines an application authentication mechanism (A-profile) to secure protocols based on or derived from IEC 60870-5 (telecontrol equipment and transmission protocols). The standard specifies messages, procedures and algorithm references to enable secure station association, session key management and authenticated data exchange at the application layer. It is written so protocol working groups can reference and adopt these measures and so product developers can implement interoperable security for power system telecontrol.

Key topics and technical requirements

  • Application authentication (A-profile): message formats and procedures for mutual authentication and secure associations between controlling and controlled stations.
  • Station Association and Session Key Change: formal procedures, state machines, timers, counters and directives to establish and refresh session keys.
  • Secure Data Exchange: authenticated and integrity-protected delivery of ASDUs/messages within IEC 60870-5 derivatives.
  • Cryptographic key management: key derivation, Update Keys and Session Keys, and requirements for lifecycle management.
  • Certificates and central authority: use of public-key certificates, verification procedures and optional central authority roles.
  • Operational constraints addressed: asymmetric communications, limited bandwidth and processing, limited frame lengths, radio and dial‑up links, unreliable media and legacy device constraints.
  • Monitoring and logging: security statistics, thresholds, events and interoperability logging requirements.
  • Normative references to cryptographic primitives: standards and RFCs such as HMAC (RFC 2104), AES Key Wrap (RFC 3394), authenticated encryption interfaces (RFC 5116), HKDF (RFC 5869), BLAKE2 (RFC 7693), elliptic-curve guidance (RFC 7748, SEC2).
  • Normative structure: Clauses 7–8 are the primary normative procedures; clauses 2–6 give definitions, threats and theory; clause 9 defines interoperability requirements.

Practical applications and who uses it

  • Power utilities and grid operators implementing SCADA/telecontrol over IEC 60870-5-101/103/104 and derivative protocols.
  • Protocol working groups responsible for updating IEC 60870-5 profiles to reference A-profile security.
  • Device and firmware developers building RTUs, IEDs, master stations and gateways requiring interoperable authentication and session key management.
  • Security architects and managers evaluating control‑system cybersecurity requirements, compliance and secure upgrade paths for legacy infrastructure.

Related standards (for implementation)

  • IEC 60870-5 series (telecontrol transmission protocols)
  • Other IEC 62351 parts (Part 1 intro, Part 2 glossary, Part 3 TCP/IP profiles, Part 7 NSM data models, Part 8 RBAC, Part 14 logging)
  • IETF RFCs referenced for cryptographic primitives and key derivation

Keywords: IEC 62351-5:2023, SIST EN IEC 62351-5, IEC 60870-5 security, A-profile, application authentication, power systems cybersecurity, telecontrol, SCADA security, station association, session key management.

SIST EN IEC 62351-5:2023 - BARVESIST EN IEC 62351-5:2023 - BARVE
PreviousNext
Standard
SIST EN IEC 62351-5:2023 - BARVE
English language
126 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Frequently Asked Questions

SIST EN IEC 62351-5:2023 is a standard published by the Slovenian Institute for Standardization (SIST). Its full title is "Power systems management and associated information exchange - Data and communications security - Part 5: Security for IEC 60870-5 and derivatives (IEC 62351-5:2023)". This standard covers: This part of IEC 62351 defines the application authentication mechanism (A-profile) specifying messages, procedures and algorithms for securing the operation of all protocols based on or derived from IEC 60870-5: Telecontrol Equipment and Systems - Transmission Protocols. This Standard applies to at least those protocols listed in Table 1. [Table 1] The initial audience for this International Standard is intended to be the members of the working groups developing the protocols listed in Table 1. For the measures described in this standard to take effect, they must be accepted and referenced by the specifications for the protocols themselves. This document is written to enable that process. The working groups in charge of take this standard to the specific protocols listed in Table 1 may choose not to do so. The subsequent audience for this specification is intended to be the developers of products that implement these protocols. Portions of this standard may also be of use to managers and executives in order to understand the purpose and requirements of the work. This document is organized working from the general to the specific, as follows: - Clauses 2 through 4 provide background terms, definitions, and references. - Clause 5 describes the problems this specification is intended to address. - Clause 6 describes the mechanism generically without reference to a specific protocol. - Clauses 7 and 8 describe the mechanism more precisely and are the primary normative part of this specification. - Clause 9 define the interoperability requirements for this authentication mechanism. - Clause 10 describes the requirements for other standards referencing this specification Unless specifically labelled as informative or optional, all clauses of this specification are normative.

This part of IEC 62351 defines the application authentication mechanism (A-profile) specifying messages, procedures and algorithms for securing the operation of all protocols based on or derived from IEC 60870-5: Telecontrol Equipment and Systems - Transmission Protocols. This Standard applies to at least those protocols listed in Table 1. [Table 1] The initial audience for this International Standard is intended to be the members of the working groups developing the protocols listed in Table 1. For the measures described in this standard to take effect, they must be accepted and referenced by the specifications for the protocols themselves. This document is written to enable that process. The working groups in charge of take this standard to the specific protocols listed in Table 1 may choose not to do so. The subsequent audience for this specification is intended to be the developers of products that implement these protocols. Portions of this standard may also be of use to managers and executives in order to understand the purpose and requirements of the work. This document is organized working from the general to the specific, as follows: - Clauses 2 through 4 provide background terms, definitions, and references. - Clause 5 describes the problems this specification is intended to address. - Clause 6 describes the mechanism generically without reference to a specific protocol. - Clauses 7 and 8 describe the mechanism more precisely and are the primary normative part of this specification. - Clause 9 define the interoperability requirements for this authentication mechanism. - Clause 10 describes the requirements for other standards referencing this specification Unless specifically labelled as informative or optional, all clauses of this specification are normative.

SIST EN IEC 62351-5:2023 is classified under the following ICS (International Classification for Standards) categories: 29.240.30 - Control equipment for electric power systems; 35.240.50 - IT applications in industry. The ICS classification helps identify the subject area and facilitates finding related standards.

You can purchase SIST EN IEC 62351-5:2023 directly from iTeh Standards. The document is available in PDF format and is delivered instantly after payment. Add the standard to your cart and complete the secure checkout process. iTeh Standards is an authorized distributor of SIST standards.

Standards Content (Sample)


SLOVENSKI STANDARD
01-april-2023
Upravljanje elektroenergetskega sistema in pripadajoča izmenjava informacij -
Varnost podatkov in komunikacij - 5. del: Varnost za IEC 60870-5 in izpeljanke (IEC
62351-5:2023)
Power systems management and associated information exchange - Data and
communications security - Part 5: Security for IEC 60870-5 and derivatives (IEC 62351-
5:2023)
Energiemanagementsysteme und zugehöriger Datenaustausch – IT-Sicherheit für Daten
und Kommunikation – Teil 5: Sicherheit für IEC 60870-5 und Derivate (IEC 62351-
5:2023)
Gestion des systèmes de puissance et échanges d’informations associées - Sécurité des
communications et des données - Partie 5: Aspects de sécurité pour l’IEC 60870-5 et
ses dérivés (IEC 62351-5:2023)
Ta slovenski standard je istoveten z: EN IEC 62351-5:2023
ICS:
29.240.30 Krmilna oprema za Control equipment for electric
elektroenergetske sisteme power systems
35.240.50 Uporabniške rešitve IT v IT applications in industry
industriji
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN IEC 62351-5

NORME EUROPÉENNE
EUROPÄISCHE NORM February 2023
ICS 33.200
English Version
Power systems management and associated information
exchange - Data and communications security - Part 5: Security
for IEC 60870-5 and derivatives
(IEC 62351-5:2023)
Gestion des systèmes de puissance et échanges Energiemanagementsysteme und zugehöriger
d'informations associées - Sécurité des communications et Datenaustausch - IT-Sicherheit für Daten und
des données - Partie 5: Aspects de sécurité pour l'IEC Kommunikation - Teil 5: Sicherheit für IEC 60870-5 und
60870-5 et ses dérivés Derivate
(IEC 62351-5:2023) (IEC 62351-5:2023)
This European Standard was approved by CENELEC on 2023-02-17. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the
Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Türkiye and the United Kingdom.

European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2023 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN IEC 62351-5:2023 E

European foreword
The text of document 57/2516/FDIS, future edition 1 of IEC 62351-5, prepared by IEC/TC 57 "Power
systems management and associated information exchange" was submitted to the IEC-CENELEC
parallel vote and approved by CENELEC as EN IEC 62351-5:2023.
The following dates are fixed:
• latest date by which the document has to be implemented at national (dop) 2023-08-17
level by publication of an identical national standard or by endorsement
• latest date by which the national standards conflicting with the (dow) 2026-02-17
document have to be withdrawn
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.
Any feedback and questions on this document should be directed to the users’ national committee. A
complete listing of these bodies can be found on the CENELEC website.
Endorsement notice
The text of the International Standard IEC 62351-5:2023 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standard indicated:
IEC 60870-5-101:2003 NOTE Approved as EN 60870-5-101:2003 (not modified)
IEC 60870-5-102 NOTE Approved as EN 60870-5-102
IEC 60870-5-103 NOTE Approved as EN 60870-5-103
IEC 60870-5-104 NOTE Approved as EN 60870-5-104
Annex A
(normative)
Normative references to international publications
with their corresponding European publications
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments)
applies.
NOTE 1 Where an International Publication has been modified by common modifications, indicated by (mod), the
relevant EN/HD applies.
NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available
here: www.cenelec.eu.
Publication Year Title EN/HD Year
IEC 60870-5 series Telecontrol equipment and systems – EN 60870-5 series
Part 5: Transmission protocols
IEC/TS 62351-1 - Power systems management and - -
associated information exchange - Data
and communications security - Part 1:
Communication network and system
security - Introduction to security issues
IEC/TS 62351-2 - Power systems management and - -
associated information exchange - Data
and communications security - Part 2:
Glossary of terms
IEC 62351-3 - Power systems management and EN 62351-3 -
associated information exchange - Data
and communications security - Part 3:
Communication network and system
security - Profiles including TCP/IP
IEC 62351-7 - Power systems management and EN 62351-7 -
associated information exchange - Data
and communications security - Part 7:
Network and System Management (NSM)
data object models
IEC 62351-8 - Power systems management and EN IEC 62351-8 -
associated information exchange - Data
and communications security - Part 8:
Role-based access control for power
system management
IEC 62351-14 - Power systems management and - -
associated information exchange - Data
and communications security - Part 14:
Cyber security event logging
Under preparation. Stage at the time of publication: IEC ACDV 62351-14:2021.
IETF RFC 2104 - HMAC: Keyed-Hashing for Message - -
Authentication
IETF RFC 3394 - Advanced Encryption Standard (AES) Key - -
Wrap Algorithm
IETF RFC 5116 - An Interface and Algorithms for - -
Authenticated Encryption
IETF RFC 5869 - HMAC-based Extract-and-Expand Key - -
Derivation Function
IETF RFC 7693 - The BLAKE2 Cryptographic Hash and - -
Message Authentication Code (MAC)
IETF RFC 7748 - Elliptic Curves for Security - -
SEC2-V2 - Standards for Efficient Cryptography - -
SEC2: Recommended Elliptic Curve
Domain parameters - Version 2.0

IEC 62351-5 ®
Edition 1.0 2023-01
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Power systems management and associated information exchange – Data and

communications security –
Part 5: Security for IEC 60870-5 and derivatives

Gestion des systèmes de puissance et échanges d’informations associés –

Sécurité des communications et des données –

Partie 5: Aspects de sécurité pour l’IEC 60870-5 et ses dérivés

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 33.200 ISBN 978-2-8322-6017-3

– 2 – IEC 62351-5:2023 © IEC 2023
CONTENTS
FOREWORD . 6
1 Scope . 8
2 Normative references . 9
3 Terms and definitions . 10
4 Abbreviated terms . 11
5 Problem description . 12
5.1 Overview of clause . 12
5.2 Specific threats addressed . 12
5.3 Design issues . 12
5.3.1 Overview of subclause . 12
5.3.2 Asymmetric communications . 12
5.3.3 Message-oriented . 12
5.3.4 Poor sequence numbers or no sequence numbers . 13
5.3.5 Limited processing power . 13
5.3.6 Limited bandwidth . 13
5.3.7 No access to authentication server . 13
5.3.8 Limited frame length . 13
5.3.9 Limited checksum . 14
5.3.10 Radio systems . 14
5.3.11 Dial-up systems . 14
5.3.12 Variety of protocols affected . 14
5.3.13 Differing data link layers . 14
5.3.14 Long upgrade intervals . 15
5.3.15 Remote sites . 15
5.3.16 Unreliable media . 15
5.4 General principles . 15
5.4.1 Overview of subclause . 15
5.4.2 Application layer only . 15
5.4.3 Generic definition mapped onto different protocols . 15
5.4.4 Bi-directional . 15
5.4.5 Management of cryptographic keys . 15
5.4.6 Backwards tolerance . 16
5.4.7 Upgradeable . 16
5.4.8 Multiple connections . 16
6 Theory of operation . 16
6.1 Overview of clause . 16
6.2 The secure communication . 16
6.2.1 Basic concepts . 16
6.2.2 Association ID . 17
6.2.3 Authenticating . 18
6.2.4 Central Authority . 18
6.2.5 Role Based Access Control (RBAC) . 18
6.2.6 Cryptographic keys . 18
6.2.7 Security statistics . 22
6.2.8 Security events . 22
7 Functional requirements . 22

IEC 62351-5:2023 © IEC 2023 – 3 –
7.1 Overview of clause . 22
7.2 Procedures Overview . 22
7.3 State machine overview . 23
7.4 Timers and counters . 25
7.5 Security statistics and events . 25
7.5.1 General . 25
7.5.2 Special security thresholds . 29
7.5.3 Security statistics reporting . 29
7.5.4 Security events monitoring and logging . 29
8 Formal procedures . 30
8.1 Overview of subclause . 30
8.2 Distinction between messages and ASDUs . 30
8.2.1 General . 30
8.2.2 Messages datatypes and notations . 30
8.3 Station Association procedure . 30
8.3.1 General . 30
8.3.2 Public key certificates . 31
8.3.3 Configuration of authorized remote stations . 33
8.3.4 Pre-requisites to initiate the Station Association procedure . 33
8.3.5 Messages definition . 33
8.3.6 Controlling station state machine . 42
8.3.7 Controlled station state machine . 52
8.3.8 Verification of remote station’s certificate . 61
8.3.9 Verification of certificates during normal operations . 61
8.3.10 Update Keys derivation . 62
8.3.11 Controlling station directives for Station Association and Update Keys
management . 63
8.3.12 Controlled station directives for Station Association and Update Keys
management . 63
8.3.13 Initializing and updating Stations Association and Update Keys . 65
8.4 Session Key Change procedure . 66
8.4.1 General . 66
8.4.2 Messages definition . 67
8.4.3 Controlling station state machine . 76
8.4.4 Controlled station state machine . 85
8.4.5 Controlling station directives for Session Keys management. 93
8.4.6 Controlled station directives for Session Keys management . 93
8.4.7 Initializing and changing Session Keys . 94
8.5 Secure Data Exchange . 95
8.5.1 General . 95
8.5.2 Messages definition . 96
8.5.3 Controlling station state machine . 100
8.5.4 Controlled station state machine . 105
8.5.5 Controlling station directives for Secure Data Exchange . 109
8.5.6 Controlled station directives for Secure Data Exchange . 109
8.5.7 Example of Secure Data exchange during Station Association . 110
8.5.8 Example of Secure Data Exchange during Session Key Change . 111
9 Interoperability requirements . 113
9.1 Overview of clause . 113

– 4 – IEC 62351-5:2023 © IEC 2023
9.2 Minimum requirements . 113
9.2.1 Overview of subclause . 113
9.2.2 Authentication algorithms . 113
9.2.3 Key wrap / transport algorithms . 113
9.2.4 Cryptographic keys . 114
9.2.5 Cryptographic curves . 114
9.2.6 Configurable values . 114
9.2.7 Cryptographic information . 116
9.3 Options . 116
9.3.1 Overview of subclause . 116
9.3.2 MAC/AEAD algorithms . 117
9.3.3 Key wrap / transport algorithms . 117
9.3.4 Cryptographic curves . 117
9.4 Use with TCP/IP . 117
9.5 Use with redundant channels . 117
10 Requirements for referencing this standard . 118
10.1 Overview of clause . 118
10.2 Selected options . 118
10.3 Message format mapping . 118
10.4 Reference to procedures . 118
10.5 Protocol information . 118
10.6 Controlled station response to unauthorized operations requests . 119
10.7 Transmission of security statistics . 119
10.8 Configurable values . 119
10.9 Protocol implementation conformance statement . 119
Annex A (informative) Security Event mapping to IEC 62351-14 . 120
A.1 General . 120
A.2 Mapping of IEC 62351-5 events specified in this document . 120
Bibliography . 122

Figure 1 – Overview of interaction between Central Authority and stations . 21
Figure 2 – Sequence of procedures . 23
Figure 3 – Station Association procedure . 34
Figure 4 – Station Association – Controlling station state machine . 43
Figure 5 – Station Association – Controlled station state machine . 53
Figure 6 – Example of Association ID, Update Keys and Session Keys initialization. 66
Figure 7 – Session Key Change procedure . 67
Figure 8 – Session Key Change – Controlling station state machine . 77
Figure 9 – Session Key Change – Controlled station state machine . 86
Figure 10 – Example of Session Key initialization and periodic update . 95
Figure 11 – Secure Data Exchange . 96
Figure 12 – Secure Data Exchange – Controlling station state machine . 101
Figure 13 – Secure Data Exchange – Controlled station state machine . 106
Figure 14 – Example of Secure Data Exchange during Station Association . 111
Figure 15 – Example of Secure Data messages exchanged during Session Key
Change . 112

IEC 62351-5:2023 © IEC 2023 – 5 –
Table 1 – Scope of application to standards . 8
Table 2 – Summary of symmetric keys used . 19
Table 3 – Summary of asymmetric keys used . 19
Table 4 – States used in the controlling station state machine . 24
Table 5 – States used in the controlled station state machine . 24
Table 6 – Summary of timers and counters used . 25
Table 7 – Security statistics and associated events . 26
Table 8 – Elliptic curves . 31
Table 9 – Association Request message . 35
Table 10 – Association Response message . 36
Table 11 – Update Key Change Request message. 38
Table 12 – Data Included in MAC calculation (in order) . 40
Table 13 – Update Key Change Response message . 40
Table 14 – Data Included in MAC calculation (in order) . 41
Table 15 – Controlling station state machine: Station Association . 44
Table 16 – Controlled station state machine: Station Association . 54
Table 17 – List of pre-defined role-to-permission assignment . 64
Table 18 – Session Request message . 68
Table 19 – Session Response message . 70
Table 20 – Data Included in MAC calculation (in order) . 71
Table 20 – Session Key Change Request message . 72
Table 21 – Data Included in WKD (in order) . 73
Table 22 – Example of Session Key order . 74
Table 23 – Data Included in the MAC calculation (in order) . 74
Table 25 – Session Key Change Response message . 75
Table 26 – Data Included in the MAC calculation (in order) . 75
Table 27 – Controlling station state machine: Session Key Change . 78
Table 28 – Controlled station state machine: Session Key Change . 87
Table 29 – Secure Data message . 97
Table 29 – Secure Data Payload using MAC algorithm . 98
Table 31 – Data included in the MAC calculation in Secure Data Payload (in order) . 99
Table 32 – AEAD algorithm parameters to generate the Secure Data Payload (in order) . 99
Table 33 – Controlling station state machine: Secure Data Exchange . 102
Table 34 – Controlled station state machine: Secure Data Exchange . 107
Table 35 – Configuration of cryptographic information . 116
Table 36 – Legend for configuration of cryptographic information. 116
Table A.1 – Security event logs defined in IEC 62351-5 Ed.1 mapped to IEC 62351-14 . 120

– 6 – IEC 62351-5:2023 © IEC 2023
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
POWER SYSTEMS MANAGEMENT AND ASSOCIATED INFORMATION
EXCHANGE – DATA AND COMMUNICATIONS SECURITY –

Part 5: Security for IEC 60870-5 and derivatives

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international
co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and
in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports,
Publicly Available Specifications (PAS) and Guides (hereafter referred to as "IEC Publication(s)"). Their
preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with
may participate in this preparatory work. International, governmental and non-governmental organizations liaising
with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for
Standardization (ISO) in accordance with conditions determined by agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence between
any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent
rights. IEC shall not be held responsible for identifying any or all such patent rights.
IEC 62351-5 has been prepared by IEC technical committee 57: Power systems management
and associated information exchange. It is an International Standard.
This International Standard cancels and replaces IEC TS 62351-5 published in 2013. It
constitutes a technical revision. The primary changes in this International Standard are:
a) The secure communication mechanism is performed on per controlling station/controlled
station association.
b) User management to add, change or delete a User, was removed.
c) Symmetric method to change the Update Key was removed.
d) Asymmetric method to the change Update Key was reviewed.
e) Challenge/Reply procedure and concepts were removed.
f) Aggressive Mode concept was replaced with the Secure Data message exchange
mechanism.
g) Authenticated encryption of application data was added.

IEC 62351-5:2023 © IEC 2023 – 7 –
h) The list of permitted security algorithms has been updated.
i) The rules for calculating messages sequence numbers have been updated
j) Events monitoring and logging was added.
NOTE The following print types are used:
CAPITALIZATION has been used in the text of this document to formally identify the most
important components of the described security mechanism. These components include: 1)
data items e.g. Update Keys, Session Keys; 2) procedure names, e.g. Station Association,
Session Key Change; message names, e.g. Association Request, Session Request; 3) state
names, e.g. Session Established, Wait for Session Response; 5) statistics e.g. Authentication
Errors, Unexpected Messages and 5) event names e.g. Reply Timeout, Rx Invalid Session Key
Change.
The text of this International Standard is based on the following documents:
Draft Report on voting
57/2516/FDIS 57/2555/RVD
Full information on the voting for its approval can be found in the report on voting indicated in
the above table.
The language used for the development of this International Standard is English.
This document was drafted in accordance with ISO/IEC Directives, Part 2, and developed in
accordance with ISO/IEC Directives, Part 1 and ISO/IEC Directives, IEC Supplement, available
at www.iec.ch/members_experts/refdocs. The main document types developed by IEC are
described in greater detail at www.iec.ch/standardsdev/publications.
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under webstore.iec.ch in the data related to the
specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
IMPORTANT – The "colour inside" logo on the cover page of this document indicates that it
contains colours which are considered to be useful for the correct understanding of its
contents. Users should therefore print this document using a colour printer.

– 8 – IEC 62351-5:2023 © IEC 2023
POWER SYSTEMS MANAGEMENT AND ASSOCIATED INFORMATION
EXCHANGE – DATA AND COMMUNICATIONS SECURITY –

Part 5: Security for IEC 60870-5 and derivatives

1 Scope
This part of IEC 62351 defines the application profile (A-profile) secure communication
mechanism specifying messages, procedures and algorithms for securing the operation of all
protocols based on or derived from IEC 60870-5, Telecontrol Equipment and Systems –
Transmission Protocols. This document applies to at least those protocols listed in Table 1.
Table 1 – Scope of application to standards
Number Name
IEC 60870-5-101 Companion standard for basic telecontrol tasks
IEC 60870-5-102 Companion standard for the transmission of integrated totals in electric power systems
IEC 60870-5-103 Companion standard for the informative interface of protection equipment
IEC 60870-5-104 Network access for IEC 60870-5-101 using standard transport profiles
Distributed Network Protocol (defined in IEEE Std 1815, based on IEC 60870-1 through
DNP3
IEC 60870-5 and maintained jointly by the DNP Users Group and the IEEE)

The initial audience for this document is intended to be the members of the working groups
developing the protocols listed in Table 1.
For the measures described in this document to take effect, they must be accepted and
referenced by the specifications for the protocols themselves. This document is written to
enable that process. The working groups in charge of taking this document to the specific
protocols listed in Table 1 may choose not to do so.
The subsequent audience for this document is intended to be the developers of products that
implement these protocols.
Portions of this document may also be of use to managers and executives in order to understand
the purpose and requirements of the work.
This document is organized working from the general to the specific, as follows:
• Clauses 2 through 4 provide background terms, definitions, and references.
• Clause 5 describes the problems this specification is intended to address.
• Clause 6 describes the mechanism generically without reference to a specific protocol.
• Clauses 7 and 8 describe the mechanism more precisely and are the primary normative
part of this specification.
• Clause 9 define the interoperability requirements for this secure communication
mechanism, including the relationship of this standard to IEC 62351-3 for transport layer
security.
• Clause 10 describes the requirements for other standards referencing this document.

IEC 62351-5:2023 © IEC 2023 – 9 –
The actions of an organization in response to events and error conditions described in this
document are expected to be defined by the organization’s security policy and they are beyond
the scope of this document.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies.
For undated references, the latest edition of the referenced document (including any
amendments) applies.
IEC 60870-5 (all parts), Telecontrol equipment and systems – Part 5: Transmission protocols
IEC TS 62351-1, Power systems management and associated information exchange – Data
and communications security – Part 1: Communication network and system security –
Introduction to security issues
IEC TS 62351-2, Power systems management and associated information exchange – Data
and communications security – Part 2: Glossary of terms
IEC 62351-3, Power systems management and associated information exchange – Data and
communications security – Part 3: Communication network and system security – Profiles
including TCP/IP
IEC 62351-7, Power systems management and associated information exchange – Data and
communications security – Part 7: Network and System Management (NSM) data object models
IEC 62351-8, Power systems management and associated information exchange – Data and
communications security – Part 8: Role-based access control for power system management
IEC 62351-14, Power systems management and associated information exchange – Data and
communications security – Part 14: Cyber security event logging
IETF RFC 2104, HMAC: Keyed-Hashing for Message Authentication
IETF RFC 3394, Advanced Encryption Standard (AES) Key Wrap Algorithm
IETF RFC 5116, An Interface and Algorithms for Authenticated Encryption
IETF RFC 5869, HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
IETF RFC 7693, The BLAKE2 Cryptographic Hash and Message Authentication Code (MAC)
IETF RFC 7748, Elliptic Curve for Security
SEC2-V2, Standards for Efficient Cryptography SEC2: Recommended Elliptic Curve Domain
Parameters – Version 2.0
___________
Under preparation. Stage at the time of publication: IEC ACDV 62351-14:2021.

– 10 – IEC 62351-5:2023 © IEC 2023
3 Terms and definitions
For the purposes of this document, the terms and definitions given in IEC TS 62351-2 and the
following apply.
ISO and IEC maintain terminological databases for use in standardization at the following
addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
3.1
association ID
pair of values that uniquely identify the communication link between a controlling station and a
controlled station and the related set of cryptographic keys
3.2
central authority
entity whose scope is the entire organization for which the purpose is to provide authentication
information to devices and systems of the organization to authorize them to communicate. The
Central Authority may or may not also be a Certificate Authority
3.3
communication link
the communication channel that connects two communicating entities. This link may be an
actual physical link or it may be a logical link that uses one or more actual physical links.
3.4
control direction
direction of transmission from the controlling station to a controlled station
[SOURCE: IEC 60870-5-101:2003, 3.3]
3.5
controlled station
station which is monitored, or commanded and monitored by a master (controlling) station
Note 1 to entry: It is commonly called an "outstation" or "slave" in some specifications.
[SOURCE: IEC TR 60870-1-3:1997, 3, modified (addition of "(controlling" and Note 1 to entry)]
3.6
controlling station
station which performs the telecontrol of controlled stations
Note 1 to entry: It is commonly called a "master" or "master station" in some specifications.
[SOURCE: IEC TR 60870-1-3:1997, 3, modified (replacement of "outstations" with "controlled
stations)]
3.7
local station
station nearest to the observer when the process is the same on both the controlling and
controlled station
3.8
monitoring direction
direction of transmission from a controlled station to a controlling station
[SOURCE: IEC 60870-5-101:2003, 3.4]

IEC 62351-5:2023 © IEC 2023 – 11 –
3.9
remote station
station farther from the observer when the process is the same on both the controlling and
controlled station
3.10
telecontrol
control of operational equipment at a distance using the transmission of information by
telecommunication techniques
Note 1 to entry: Telecontrol may comprise any combination of command, alarm, indication, metering, protection
and tripping facilities, without any use of speech messages.
[SOURCE: IEC TR 60870-1-3:1997, 3]
4 Abbreviated terms
Refer to IEC TS 62351-2 for a list of applicable abbreviated terms. The following terms are
included here because they are specifically used in the affected protocols and also used in the
discussion of this secure communication mechanism.
A-Profile Application Profile. Security for the application layer.
AEAD Authenticated Encryption with Associated Data. Function to encrypt and
authenticate data (providing confidentiality and authentication). Note that
AEAD also supports integrity protection of additional data, which is not
encrypted.
AID Association ID. Value identifying a single connection between controlling
and Control
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...

記事タイトル:SIST EN IEC 62351-5:2023 - 電力システムの管理と関連情報交換 - データと通信のセキュリティ - 第5部:IEC 60870-5および派生物に対するセキュリティ(IEC 62351-5:2023) 記事内容:このIEC 62351の一部は、IEC 60870-5に基づいたまたは派生したすべてのプロトコルの運用を保護するためのメッセージ、手順、アルゴリズムを指定するアプリケーションの認証メカニズム(A-プロファイル)を定義しています。 この標準は、少なくとも表1にリストされたプロトコルに適用されます。 [表1] この国際標準の最初の対象読者は、表1にリストされたプロトコルの開発グループのメンバーを対象としています。 この標準に記載された措置が効果を発揮するためには、それらのプロトコルの仕様によって受け入れられ、参照される必要があります。この文書は、そのプロセスを可能にするために作成されました。表1にリストされた特定のプロトコルに関してこの標準を担当する作業グループは、これを行わない選択をするかもしれません。 この仕様の後続の対象読者は、これらのプロトコルを実装する製品の開発者を対象としています。 この標準の一部は、目的と要件を理解するために、管理者やエグゼクティブにも役立つ場合があります。 このドキュメントは、次のように一般的なものから具体的なものへと組織されています: - 2〜4節では、背景用語、定義、および参照を提供します。 - 5節では、この仕様が対処する問題を説明します。 - 6節では、特定のプロトコルに言及せずに、一般的なメカニズムを説明します。 - 7節と8節では、より詳細なメカニズムを説明し、この仕様の主要な規定部分です。 - 9節では、この認証メカニズムの相互運用性要件を定義します。 - 10節では、この仕様を参照する他の標準の要件を説明します。 明示的に情報提供されない限り、この仕様のすべての節は規範的なものです。

The article discusses the standard SIST EN IEC 62351-5:2023, which focuses on power systems management and data and communications security. The standard defines an application authentication mechanism for protocols based on or derived from IEC 60870-5. The initial target audience for this standard is the working groups developing these protocols and subsequent audience is the developers of products implementing them. The standard is organized in several clauses, starting with background information, followed by a description of the problems addressed, a generic mechanism, and more precise details. Interoperability requirements and requirements for other standards referencing this specification are also included. All clauses of this standard are normative unless stated otherwise.

SIST EN IEC 62351-5:2023 - 전력 시스템 관리 및 관련 정보 교환 - 데이터 및 통신 보안 - 부분 5: IEC 60870-5 및 파생품에 대한 보안 (IEC 62351-5:2023) 이 IEC 62351의 일부는 IEC 60870-5: 텔레컨트롤 장비 및 시스템 - 전송 프로토콜에서 기반 또는 파생된 모든 프로토콜에 대한 운영 보안을 위한 메시지, 절차 및 알고리즘을 지정하는 응용 인증 메커니즘 (A-프로필)을 정의합니다. 이 표준은 표 1에 나열된 최소한의 프로토콜에 적용됩니다. [표 1] 이 국제 표준의 초기 대상자는 표 1에 나열된 프로토콜 개발 작업 그룹의 구성원을 대상으로합니다. 이 표준에 설명된 조치가 적용되려면 해당 프로토콜의 사양에서 수락하고 참조해야합니다. 이 문서는 이 과정을 가능하게하기 위해 작성되었습니다. 표 1에 나열된 구체적인 프로토콜에 대한이 표준을 담당하는 작업 그룹은 이러한 조치를 취하지 않을 수 있습니다. 이 사양에 따라 제품을 구현하는 개발자를 대상으로하는 이 사양의 후속 대상자입니다. 이 표준의 일부는 업무의 목적과 요구사항을 이해하기 위해 관리자와 임원들에게도 유용할 수 있습니다. 이 문서는 다음과 같이 일반적인 것부터 구체적인 것까지 조직화되어 있습니다: - 2 ~ 4 절은 배경 용어, 정의 및 참조를 제공합니다. - 5 절은이 사양이 해결하려는 문제를 설명합니다. - 6 절은 특정 프로토콜을 참조하지 않고 일반적인 메커니즘을 설명합니다. - 7 및 8 절은 메커니즘을 더 정확하게 설명하며이 사양의 주요 규정 부분입니다. - 9 절은이 인증 메커니즘에 대한 상호 운용성 요구 사항을 정의합니다. - 10 절은이 사양을 참조하는 다른 표준에 대한 요구 사항을 설명합니다. 명시적으로 설명 또는 선택적으로 표시되지 않은 경우 이 사양의 모든 절은 규범적입니다.

This May Also Interest You

SIST
SIST EN IEC 62351-9:2023(Main)
Power systems management and associated information exchange - Data and communications security - Part 9: Cyber security key management for power system equipment (IEC 62351-9:2023)
EN IEC 62351-9:2023

IEC 62351-9:2023 specifies cryptographic key management, primarily focused on the management of long-term keys, which are most often asymmetric key pairs, such as public-key certificates and corresponding private keys. As certificates build the base this document builds a foundation for many IEC 62351 services (see also Annex A). Symmetric key management is also considered but only with respect to session keys for group-based communication as applied in IEC 62351-6. The objective of this document is to define requirements and technologies to achieve interoperability of key management by specifying or limiting key management options to be used.
This document assumes that an organization (or group of organizations) has defined a security policy to select the type of keys and cryptographic algorithms that will be utilized, which may have to align with other standards or regulatory requirements. This document therefore specifies only the management techniques for these selected key and cryptography infrastructures. This document assumes that the reader has a basic understanding of cryptography and key management principles.
The requirements for the management of pairwise symmetric (session) keys in the context of communication protocols is specified in the parts of IEC 62351 utilizing or specifying pairwise communication such as:
• IEC 62351-3 for TLS by profiling the TLS options
• IEC 62351-4 for the application layer end-to-end security
• IEC TS 62351-5 for the application layer security mechanism for IEC 60870-5-101/104 and IEEE 1815 (DNP3)
The requirements for the management of symmetric group keys in the context of power system communication protocols is specified in IEC 62351-6 for utilizing group security to protect GOOSE and SV communication. IEC 62351-9 utilizes GDOI as already IETF specified group-based key management protocol to manage the group security parameter and enhances this protocol to carry the security parameter for GOOSE, SV, and PTP.
This document also defines security events for specific conditions which could identify issues which might require error handling. However, the actions of the organisation in response to these error conditions are beyond the scope of this document and are expected to be defined by the organizations security policy.
In the future, as public-key cryptography becomes endangered by the evolution of quantum computers, this document will also consider post-quantum cryptography to a certain extent. Note that at this time being no specific measures are provided.
This second edition cancels and replaces the first edition published in 2017. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) Certificate components and verification of the certificate components have been added;
b) GDOI has been updated to include findings from interop tests;
c) GDOI operation considerations have been added;
d) GDOI support for PTP (IEEE 1588) support has been added as specified by IEC/IEEE 61850-9-3 Power Profile;
e) Cyber security event logging has been added as well as the mapping to IEC 62351-14;
f) Annex B with background on utilized cryptographic algorithms and mechanisms has been added.

  • Standard
    147 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 62351-3:2023(Main)
Power systems management and associated information exchange - Data and communications security - Part 3: Communication network and system security - Profiles including TCP/IP (IEC 62351-3:2023)
EN IEC 62351-3:2023

IEC 62351-3:2023 specifies how to provide confidentiality, integrity protection, and message level authentication for protocols that make use of TCP/IP as a message transport layer and utilize Transport Layer Security when cyber-security is required. This may relate to SCADA and telecontrol protocols, but also to additional protocols if they meet the requirements in this document.
IEC 62351-3 specifies how to secure TCP/IP-based protocols through constraints on the specification of the messages, procedures, and algorithms of Transport Layer Security (TLS) (TLSv1.2 defined in RFC 5246, TLSv1.3 defined in RFC 8446). In the specific clauses, there will be subclauses to note the differences and commonalities in the application depending on the target TLS version. The use and specification of intervening external security devices (e.g., "bump-in-the-wire") are considered out-of-scope.
In contrast to previous editions of this document, this edition is self-contained in terms of completely defining a profile of TLS. Hence, it can be applied directly, without the need to specify further TLS parameters, except the port number, over which the communication will be performed. Therefore, this part can be directly utilized from a referencing standard and can be combined with further security measures on other layers. Providing the profiling of TLS without the need for further specifying TLS parameters allows declaring conformity to the described functionality without the need to involve further IEC 62351 documents.
This document is intended to be referenced as a normative part of other IEC standards that have the need for providing security for their TCP/IP-based protocol exchanges under similar boundary conditions. However, it is up to the individual protocol security initiatives to decide if this document is to be referenced.
The document also defines security events for specific conditions, which support error handling, security audit trails, intrusion detection, and conformance testing. Any action of an organization in response to events to an error condition described in this document are beyond the scope of this document and are expected to be defined by the organization’s security policy.
This document reflects the security requirements of the IEC power systems management protocols. Should other standards bring forward new requirements, this document may need to be revised.
This second edition cancels and replaces the first edition published in 2014, Amendment 1:2018 and Amendment 2:2020. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) Inclusion of the TLSv1.2 related parameter required in IEC 62351-3 Ed.1.2 to be specified by the referencing standard. This comprises the following parameter:
• Mandatory TLSv1.2 cipher suites to be supported.
• Specification of session resumption parameters.
• Specification of session renegotiation parameters.
• Revocation handling using CRL and OCSP.
• Handling of security events.
b) Inclusion of a TLSv1.3 profile to be applicable for the power system domain in a similar way as for TLSv1.2 session.

  • Standard
    52 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    52 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 62351-6:2021(Main)
Power systems management and associated information exchange - Data and communications security - Part 6: Security for IEC 61850
EN IEC 62351-6:2020

IEC 62351-6:2020 specifies messages, procedures, and algorithms for securing the operation of all protocols based on or derived from the IEC 61850 series. This document applies to at least those protocols listed below:
IEC 61850-8-1 Communication networks and systems for power utility automation – Part 8-1: Specific communication service mapping (SCSM) – Mappings to MMS (ISO/IEC 9506-1 and ISO/IEC 9506-2) and to ISO/IEC 8802-3
IEC 61850-8-2 Communication networks and systems for power utility automation – Part 8-2: Specific communication service mapping (SCSM) – Mapping to Extensible Messaging Presence Protocol (XMPP)
IEC 61850-9-2 Communication networks and systems for power utility automation – Part 9-2: Specific communication service mapping (SCSM) – Sampled values over ISO/IEC 8802-3
IEC 61850-6 Communication networks and systems for power utility automation – Part 6: Configuration description language for communication in power utility automation systems related to IEDs
The initial audience for this document is intended to be the members of the working groups developing or making use of the protocols listed in Table 1. For the measures described in this specification to take effect, they must be accepted and referenced by the specifications for the protocols themselves. This document is written to enable that process.
The subsequent audience for this document is intended to be the developers of products that implement these protocols.
Portions of this document may also be of use to managers and executives in order to understand the purpose and requirements of the work.

  • Standard
    37 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 62351-4:2019/A1:2020(Amendment)
Power systems management and associated information exchange - Data and communications security - Part 4: Profiles including MMS and derivatives
EN IEC 62351-4:2018/A1:2020
  • Amendment
    44 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 62351-8:2020(Main)
Power systems management and associated information exchange - Data and communications security - Part 8: Role-based access control for power system management
EN IEC 62351-8:2020

IEC 62351-8: 2020 is to facilitate role-based access control (RBAC) for power system management. RBAC assigns human users, automated systems, and software applications (collectively called "subjects" in this document) to specified "roles", and restricts their access to only those resources, which the security policies identify as necessary for their roles.
As electric power systems become more automated and cyber security concerns become more prominent, it is becoming increasingly critical to ensure that access to data (read, write, control, etc.) is restricted. As in many aspects of security, RBAC is not just a technology; it is a way of running a business. RBAC is not a new concept; in fact, it is used by many operating systems to control access to system resources. Specifically, RBAC provides an alternative to the all-or-nothing super-user model in which all subjects have access to all data, including control commands.
RBAC is a primary method to meet the security principle of least privilege, which states that no subject should be authorized more permissions than necessary for performing that subject’s task. With RBAC, authorization is separated from authentication. RBAC enables an organization to subdivide super-user capabilities and package them into special user accounts termed roles for assignment to specific individuals according to their associated duties. This subdivision enables security policies to determine who or what systems are permitted access to which data in other systems. RBAC provides thus a means of reallocating system controls as defined by the organization policy. In particular, RBAC can protect sensitive system operations from inadvertent (or deliberate) actions by unauthorized users. Clearly RBAC is not confined to human users though; it applies equally well to automated systems and software applications, i.e., software parts operating independent of user interactions.
The following interactions are in scope:
– local (direct wired) access to the object by a human user; by a local and automated computer agent, or built-in HMI or panel;
– remote (via dial-up or wireless media) access to the object by a human user;
– remote (via dial-up or wireless media) access to the object by a remote automated computer agent, e.g. another object at another substation, a distributed energy resource at an end-user’s facility, or a control centre application.
While this document defines a set of mandatory roles to be supported, the exchange format for defined specific or custom roles is also in scope of this document.
Out of scope for this document are all topics which are not directly related to the definition of roles and access tokens for local and remote access, especially administrative or organizational tasks.

  • Standard
    77 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 62351-3:2015/A2:2020(Amendment)
Power systems management and associated information exchange - Data and communications security - Part 3: Communication network and system security - Profiles including TCP/IP
EN 62351-3:2014/A2:2020
  • Amendment
    13 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 62351-4:2019(Main)
Power systems management and associated information exchange - Data and communications security - Part 4: Profiles including MMS and derivatives
EN IEC 62351-4:2018

1.1 General
This part of IEC 62351 extends the scope of IEC TS 62351-4:2007 [1]1 by specifying a compatibility mode that provides interoperation with implementation based on IEC TS 62351- 4:2007 and by specifying extended capabilities referred to as native mode.
This part of IEC 62351 specifies security requirements both at the transport layer and at the application layer. While IEC TS 62351-4:2007 primarily provided some limited support at the application layer for authentication during handshake for the Manufacturing Message Specification (MMS) based applications, this document also provides support for extended integrity and authentication both for the handshake phase and for the data transfer phase. It provides for shared key management and data transfer encryption at the application layer and it provides security end-to-end (E2E) with zero or more intermediate entities. While IEC TS 62351-4:2007 only provides support for systems based on the MMS, i.e. systems using an Open Systems Interworking (OSI) protocol stack, this document also provides support for application protocols using other protocol stacks, e.g. an Internet protocol suite (see 4.1).
This support is extended to protect application protocols using XML encoding. This extended security at the application layer is referred to as E2E-security.
In addition to E2E security, this part of IEC 62351 also provides mapping to environmental protocols carrying the security related information. Only OSI and XMPP environments are currently considered.
It is intended that this part of IEC 62351 be referenced as a normative part of standards that have a need for using application protocols, e.g., MMS, in a secure manner. It is anticipated that there are implementations, in particular Inter-Control Centre Communications Protocol (ICCP) implementations that are dependent on the IEC TS 62351- 4:2007 specifications of the T-profile and the A-security-profile. The specifications from IEC TS 62351-4:2007 are therefore included in this part of IEC 62351. Implementations supporting these specifications will interwork with implementation based on IEC TS 62351-4:2007.
NOTE The A-security-profile is in the strict sense not a profile, but the term is here kept for historical reasons.
This document represents a set of mandatory and optional security specifications to be implemented to protect application protocols.
The initial audience for this document is the members of the working groups developing or making use of protocols. For the measures described in this part of IEC 62351 to take effect, they shall be accepted and referenced by the specifications for the protocols themselves.
The subsequent audience for this document is the developers of products that implement these protocols and the end user that want to specify requirements for its own environment.
Portions of this document may also be of use to managers and executives in order to understand the purpose and requirements of the work.

  • Standard
    113 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 62351-3:2015/A1:2018(Amendment)
Power systems management and associated information exchange - Data and communications security - Part 3: Communication network and system security - Profiles including TCP/IP
EN 62351-3:2014/A1:2018

This part of IEC 62351 specifies how to provide confidentiality, integrity protection, and message level authentication for SCADA and telecontrol protocols that make use of TCP/IP as a message transport layer when cyber-security is required.
Although there are many possible solutions to secure TCP/IP, the particular scope of this part is to provide security between communicating entities at either end of a TCP/IP connection within the end communicating entities. The use and specification of intervening external security devices (e.g. “bump-in-the-wire”) are considered out-of-scope.
This part of IEC 62351 specifies how to secure TCP/IP-based protocols through constraints on the specification of the messages, procedures, and algorithms of Transport Layer Security (TLS) (defined in RFC 5246) so that they are applicable to the telecontrol environment of the IEC. TLS is applied to protect the TCP communication. It is intended that this standard be referenced as a normative part of other IEC standards that have the need for providing security for their TCP/IP-based protocol. However, it is up to the individual protocol security initiatives to decide if this standard is to be referenced.
This part of IEC 62351 reflects the security requirements of the IEC power systems management protocols. Should other standards bring forward new requirements, this standard may need to be revised.

  • Amendment
    11 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 62351-7:2018(Main)
Power systems management and associated information exchange - Data and communications security - Part 7: Network and System management (NSM) data object models
EN 62351-7:2017

IEC 62351-7:2017 defines network and system management (NSM) data object models that are specific to power system operations. These NSM data objects will be used to monitor the health of networks and systems, to detect possible security intrusions, and to manage the performance and reliability of the information infrastructure. The goal is to define a set of abstract objects that will allow the remote monitoring of the health and condition of IEDs (Intelligent Electronic Devices), RTUs (Remote Terminal Units), DERs (Distributed Energy Resources) systems and other systems that are important to power system operations. This new edition constitutes a technical revision and includes the following significant technical changes with respect to IEC TS 62351-7 (2010): NSM object data model reviewed and enriched; UML model adopted for NSM objects description; SNMP protocol MIBs translation included as Code Components.
The Code Components included in this IEC standard are also available as electronic machine
readable file at: http://www.iec.ch/tc57/supportdocuments/IEC_62351-7.MIBS.light.zip.

  • Standard
    237 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 62351-9:2017(Main)
Power systems management and associated information exchange - Data and communications security - Part 9: Cyber security key management for power system equipment
EN 62351-9:2017

IEC 62351-9:2017(E) specifies cryptographic key management, namely how to generate, distribute, revoke, and handle public-key certificates and cryptographic keys to protect digital data and its communication. Included in the scope is the handling of asymmetric keys (e.g. private keys and public-key certificates), as well as symmetric keys for groups (GDOI). This document assumes that other standards have already chosen the type of keys and cryptography that will be utilized, since the cryptography algorithms and key materials chosen will be typically mandated by an organization’s own local security policies and by the need to be compliant with other international standards. This document therefore specifies only the management techniques for these selected key and cryptography infrastructures. The objective is to define requirements and technologies to achieve interoperability of key management. The purpose of this document is to guarantee interoperability among different vendors by specifying or limiting key management options to be used. This document assumes that the reader understands cryptography and PKI principles.

  • Standard
    88 pages
    English language
    sale 10% off
    e-Library read for
    1 day