IEC TS 62351-6 pdf download – Power systems management and associated information exchange – Data and communications security – Part 6: Security for IEC 61850

IEC TS 62351-6 pdf download – Power systems management and associated information exchange – Data and communications security – Part 6: Security for IEC 61850
1 Scope and object1.1scope
This part of lEC 62351 specifies messages，procedures,and algorithms for securing theoperation of all protocols based on or derived from the standard lEC 61850.This specificationapplies to at least those protocols listed in Table 1.
Table 1 – Scope of application to standards
Number
Name
IEC 61850-8-1
Communication networks and systems in substations -Part 8-1; Specific
Communication Service Mapping (scSM) – Mappings to MMs (ISo/IEC 9506-1 andISOnIEC 9506-2) and to lsO/IEC 8802-3
IEC 61850-9-2
Communication networks and systems in substations – Part 9-2: Specific
Communication Service Mapping (ScSM) -sampled vaiues over iso/IEC 8802-3
IEC 61850-6
Communication networks and systems in substations – Part 6: Configurationdescription language for communication in electrical substations related to lEDs
1.2Object
The initial audience for this specification is intended to be the members of the working groupsdeveloping or making use of the protocols listed in Table 1.For the measures described inthis specification to take effect,they must be accepted and referenced by the specificationsfor the protocols themselves.This document is written to enable that process.
The subsequent audience for this specification is intended to be the developers of productsthat implement these protocols.
Portions of this specification may also be of use to managers and executives in order tounderstand the purpose and requirements of the work.
2Normative references
The following referenced documents are indispensable for the application of this document.For dated references,only the edition cited applies. For undated references, the latest editionof the referenced document (including any amendments) applies.
IEC 61850(all parts),Communication networks and systems in substations
IEC 61850-6,Communication networks and systems in substations – Part 6: Configurationdescription language for communication in electrical substations related to lEDs
IEC 61850-8-1，Communication networks and systems in substations – Part 8-1: SpecificCommunication Service Mapping (SCSM) – Mappings to MMs (ISO 9506-1 and Iso 9506-2)and to lsO/nIEC 8802-3
IEC 61850-9-2，Communication networks and systems in substations – Part 9-2: SpecificCommunication Service Mapping (SCSM) – Sampled values over lSO/IEC 8802-3
IEC 62351-1，Power systems management and associated information exchange – Data andcommunications security – Part 1 : Communication network and system security – Introductionto security issues
IEC 62351-2，Power systems management and associated information exchange – Data andcommunications security – Part 2: Glossary of terms
IEC 62351-4，Power systems management and associated information exchange – Data andcommunications security – Part 4: Profiles including MMSs
Iso 9506 (all parts), Industrial automation systems – Manufacturing Message Specification
ISO/IEC 8802-3，Information technology – Telecommunications and information exchangebetween systems – Local and metropolitan area networks – Specific requirements – Part 3:Carrier sense multiple access with collision detection (CSMA/CD) access method andphysical layer specifications
ISO/IEC 13239，Information technology – Telecommunications and information exchangebetween systems – High-level data link control (HDLC) procedures
IEEE Std.802.1Q-2003,Virtual Bridged Local Area Networks
RFC 2030, Simple Network Time Protocol (SNTP)Version 4 for lPv4,IPv6 and osI
RFC 2313,PKCS #1:RSA Encryption Version 1.5
RFC 3447，Public-Key Cryptography Standards(PKCS)#1:RSA Cryptography Specificationsversion 2.1
RFC 4634, us secure Hash Algorithms(SHA and HMAC-SHA)
3Definitions
For the purposes of this document, the terms and definitions contained in lEC 62351-2 apply.
4Security issues addressed by this specification
4.1Operational issues affecting choice of security options
For applications using Go0SE and lEC 61850-9-2 and requiring 4 ms response times,multicast configurations and low CPU overhead, encryption is not recommended. Instead, thecommunication path selection process (e.g. the fact that GooSE and SMV are supposed tobe restricted to a logical substation LAN) shall be used to provide confidentiality forinformation exchanges. However，this specification does define a mechanism for allowingconfidentiality for applications where the 4 ms delivery criterion is not a concern.
NOTEThe actual performance characteristics of an implementation claiming conformance to this technicalspecification is outside the scope of this specification.
With the exception of confidentiality， this specification sets forth a mechanism that allows co-existence of secure and non-secure PDUs.
4.2Security threats countered
See lEC 62351-1 for a discussion of security threats and attack methods.
lf encryption is not employed, then the specific threats countered in this part include:
unauthorized modification of information through message level authentication of themessages.
lf encryption is employed, then the specific threats countered in this part include:
.unauthorized access to information through message level authentication and
encryption of the messages;
unauthorized modification (tampering) or theft of information through message levelauthentication and encryption of the messages.
4.3Attack methods countered
The following security attack methods are intended to be countered through the appropriateimplementation of the specification/recommendations found within this document:
man-in-the-middle: this threat will be countered through the use of a MessageAuthentication Code mechanism specified within this document;
tamper detection/message integrity: These threats will be countered through thealgorithm used to create the authentication mechanism as specified within thisdocument;
replay: this threat will be countered through the use of specialized processing statemachines specified within lEC 62351-4 and this document.