IEC 62351 is the current standard for security in energy management systems an associated data exchange. It describes
measures to comply with the four major requirements for secure data communications / data processing: confidentiality, data integrity,
authentication and non-repudiation.
IEC 62351 includes the following individual standards:
Overview of the entire document IEC 62351 and introduction to IT security aspects for the operation of power supply systems
Glossary of terms and abbreviations
End-to-end data traffic protection of TCP/IP-based connections using TLS [RFC5246] with mandatory mutual authentication of client and server based on X.509 certificates
Security measure for MMS-based protocols (e.g. IEC 60870-6, IEC 61850) by securing the transport layer according to IEC 62351-3 and definition
of an authentication mechanism "SECURE" on the application layer for MMS associations using X.509 certificates
Security for IEC 60870-5 and derived protocols (e.g. IEC 60870-5-104 / IEC 60870-5-101 / DNP 3.0) on the application layer through the means of authorizing
the access to cricital resources of a substation based on role-based access control (RBAC) and statistical recording of security relevant incidents
Security for IEC 61850 protocol by using VLAN marks and X.509 signatures on GOOSE and SMV telegrams
Security through the use of networking and system administration tools in order to enable monitoring of power grid infrastructure, i.e.
using MIB definitions for IEDs, which provide relevant system information about the device and the communication lines via the SNMP protocol in a
Definition of methods to process and to manage access rights for users and services based on a role based access control (RBAC) scheme.
The identity information, as wells as the role name is stored in an access token (ASN.1 syntax), which is exchanged in a cryptographically secure way
between the systems using different transport mechanisms, i.e. X.509 certificates, X.509 attribute certificates, software token.
An LDAP system centrally manages the access tokens and enables the access (PUSH- / PULL-mechanism) to the identity information of the communication partner.
Furthermore, predefined default roles are established (see table below) and the access rights in the context of IEC 61850 are defined (e.g. listing of
all objects within a "logical device").
"Cyber security", the key management for power supply systems, deals with the correct and safe usage of safety-critical parameters, e.g. passwords,
encryption keys and the whole life cycle of cryptographic information (enrollment, creation, distribution, installation, usage, storage and removal).
For algorithms applying asymmetric cryptography, the handling of digital certificates (public / private key), the necessary infrastructure
(PKI, X.509 certificates) and the mechanisms concerning different management aspects (e.g. certificate request (SCEP, CMP) certificate revocation (CRL, OCSP),
are defined. A secure distribution mechanism based on GDOI [RFC6407] and the IKEv2 protocol [RFC7427] is presented for the usage of symmetric keys,
e.g. session keys.
The norm explains security architectures of the entire IT infrastructure, with additional focus on special security requirements in the field of power
generation. Critical points of the communication architecture are identified (e.g. substation control center, substation automation) and appropriate
security mechanisms (e.g. data encryption, user authentication) are proposed. The application of the mechanisms from IEC 62351 and well-proven standards
from the IT domain (e.g. VPN tunnel, secure FTP, HTTPS) are combined to cope with the security requirements.
Security for XML files through embedding of the original XML content into an XML container, which enables optional data encryption, X.509 signature for authenticity
of XML data, date of issue and access control of XML data.
The following illustration shows the mapping of the different IEC 62351 parts to standardized protocols in the domain of energy management: