IEC 62351 is a standard developed by WG15 of IEC TC57. This is developed for handling the security of TC 57 series of protocols including IEC 60870-5 series, IEC 60870-6 series, IEC 61850 series, IEC 61970 series & IEC 61968 series. The different security objectives include authentication of data transfer through digital signatures, ensuring only authenticated access, prevention of eavesdropping, prevention of playback and spoofing, and intrusion detection.
- IEC 62351-1 — Introduction to the standard
- IEC 62351-2 — Glossary of terms
- IEC 62351-3 — Security for any profiles including TCP/IP.
- IEC 62351-4 — Security for any profiles including MMS (e.g., ICCP-based IEC 60870-6, IEC 61850, etc.).
- Authentication for MMS
- TLS (RFC 2246)is inserted between RFC 1006 & RFC 793 to provide transport layer security
- IEC 62351-5 — Security for any profiles including IEC 60870-5 (e.g., DNP3 derivative)
- TLS for TCP/IP profiles and encryption for serial profiles.
- IEC 62351-6 — Security for IEC 61850 profiles.
- IEC 62351-7 — Security through network and system management.
- IEC 62351-8 — Role-based access control.
- Covers the access control of users and automated agents to data objects in power systems by means of role-based access control (RBAC).
- IEC 62351-9 — Key Management
- Describes the correct and safe usage of safety-critical parameters, e.g. passwords, encryption keys.
- Covers the whole life cycle of cryptographic information (enrollment, creation, distribution, installation, usage, storage and removal).
- Methods for algorithms using asymmetric cryptography
- A secure distribution mechanism based on GDOI and the IKEv2 protocol is presented for the usage of symmetric keys, e.g. session keys.
- IEC 62351-10 — Security Architecture
- Explanation of security architectures for the entire IT infrastructure
- Identifying critical points of the communication architecture, e.g. substation control center, substation automation
- Appropriate mechanisms security requirements, e.g. data encryption, user authentication
- Applicability of well-proven standards from the IT domain, e.g. VPN tunnel, secure FTP, HTTPS
- IEC 62351-11 — Security for XML Files
- Embedding of the original XML content into an XML container
- Date of issue and access control for XML data
- X.509 signature for authenticity of XML data
- Optional data encryption