3.3.3 IEC 62351 (Power systems management and associated information exchange – Data and communications security)

3.3.3.1 Focus

The scope of the IEC 62351 series is information security for power system control operations. The primary objective is to undertake the development of standards for security of the communication protocols defined by IEC TC 57, specifically the IEC 60870-5 series, the IEC 60870-6 series, the IEC 61850 series, the IEC 61970 series, and the IEC 61968 series.

The figure below presents an overview of IEC 62351 parts, as well as the mapping of IEC 62351 standards to IEC TC 57 communication standards.

Figure 1: Overview of IEC 62351 and mapping to IEC TC 57 communication standards (Source: TC 57 WG 15- January 2017)

3.3.3.2 Associated Evaluation Scheme and Governance

IEC 62351-100-1, currently under development, aims at specifying common available procedures and definitions for conformance and/or interoperability testing of the IEC 62351-5, the IEC 608705-7 and their recommendations over the IEC 62351-3. These are the security extensions for IEC 60870-5 and derivatives.

3.3.3.3 Process

Under development.

3.3.3.4 Practice

Not known. 

3.3.3.5 Relation to other standards / schemes

IEC 60870-5 and its derivatives, IEC 60870-6 (TASE.2), and IEC 61850. 

3.3.2 IEEE C37.240 (Cybersecurity Requirements for Substation Automation, Protection, and Control Systems)

3.3.2.1 Focus

This document provides technical requirements for substation cybersecurity. It presents sound engineering practices that can be applied to achieve high levels of cybersecurity of automation, protection, and control systems independent of voltage class or criticality of cyber assets. Cybersecurity includes trust and assurance of data in motion, data at rest, and incident response.

These requirements are categorized as follows:

•        High level requirements and priorities for interface categories.

•        System communications components.

•        Functional Requirements.

•        User authentication and authorization.

•        Data-in-motion protection.

•        Configuration management.

•        Security event auditing and analysis/incident response.

•        Security testing.

3.3.2.2 Associated Evaluation Scheme and Governance

There is no official evaluation scheme regarding this standard.

The Institute of Electrical and Electronics Engineers (IEEE) is a member based organization. Its activities include developing standards dedicated to advance technology for the benefit of humanity. 3.3.2.3 Process None.

3.3.2.4 Practice

Not publicly known. 3.3.2.5 Formal Status

None.

3.3.2.6 Relation to other standards / schemes

Related standards include:

• IEC 62351-8, Power systems management and associated information exchange—Data and communications security—Part 8: Role-based access control) 

3.3.1 IEEE 1686 (Substation Intelligent Electronic Devices (IEDs) Cyber Security Capabilities)

3.3.1.1 Focus

This standard defines the functions and features to be provided in intelligent electronic devices (IEDs) to accommodate critical infrastructure protection programs. Security regarding the access, operation, configuration, firmware revision and data retrieval from an IED are addressed. More info: https://standards.ieee.org/findstds/standard/1686-2013.html

3.3.1.2 Associated Evaluation Scheme and Governance

Use of an IEEE standard is wholly voluntary. The existence of an IEEE standard does not imply that there are no other ways to produce, test, measure, purchase, market, or provide other goods and services related to the scope of the IEEE standard.

The IEE 1686 standard is sponsored by the IEE PES Power & Energy Society (http://www.ieeepes.org/) that provides the world's largest forum for sharing the latest in technological developments in the electric power industry.

NIST (the National Institute of Standards and Technologies) has been tasked with laying out a plan for the transformation of the U.S.’s aging energy infrastructure into interoperable Smart Grid. As part of their task, they’ve put together an open forum for members to collaborate on standards development called the Smart Grid Interoperability Panel (SGIP). NIST and the SGIP are selecting a framework of standards which are being used as the backbone of the new Smart Grid. The IEEE 1686 standard is one of these.

3.3.1.3 Process Not applicable.

3.3.1.4 Practice

Not known.

3.3.1.5 Formal Status

None.

3.3.1.6 Relation to other standards / schemes

This standard is designed to provide the tools and features for a user to implement an IED security effort in response to NERC CIP requirements; see section 5.3.3.

This standard references:

•        IEEE 1711 Trial-use standard for a cryptographic protocol for cyber security of substation serial links.

Other standards that reference this standard:

•        IEEE 1815 Electric Power Systems Communications-Distributed Network Protocol (DNP3).

•        ETSI - TR 103 118 Machine-to-machine communications (M2M); smart energy infrastructures security; review of existing security measures and convergence investigations.

•        IEC/TR 62351-10: Power Systems Management and Associated Information Exchange – Data and Communications Security – Part 10: Security Architecture Guidelines.

•        IEC TR 62351-13: Power systems management and associated information exchange - data and communications security - part 13: guidelines on security topics to be covered in standards and specifications.