IEC 62351

IEC 62351 is a standard developed by WG15 of IEC TC57. This is developed for handling the security of TC 57 series of protocols including IEC 60870-5 series, IEC 60870-6 series, IEC 61850 series, IEC 61970 series & IEC 61968 series. The different security objectives include authentication of data transfer through digital signatures, ensuring only authenticated access, prevention of eavesdropping, prevention of playback and spoofing, and intrusion detection.

Standard details

• IEC 62351-1 — Introduction to the standard
• IEC 62351-2 — Glossary of terms
• IEC 62351-3 — Security for any profiles including TCP/IP.
  • TLS Encryption
  • Node Authentication
  • Message Authentication
• IEC 62351-4 — Security for any profiles including MMS (e.g., ICCP-based IEC 60870-6, IEC 61850, etc.).
  • Authentication for MMS
  • TLS (RFC 2246)is inserted between RFC 1006 & RFC 793 to provide transport layer security
• IEC 62351-5 — Security for any profiles including IEC 60870-5 (e.g., DNP3 derivative)
  • TLS for TCP/IP profiles and encryption for serial profiles.
• IEC 62351-6 — Security for IEC 61850 profiles.
  • VLAN use is made as mandatory for GOOSE
  • RFC 2030 to be used for SNTP
• IEC 62351-7 — Security through network and system management.
  • Defines Management Information Base (MIBs) that are specific for the power industry, to handle network and system management through SNMP based methods.
• IEC 62351-8 — Role-based access control.
  • Covers the access control of users and automated agents to data objects in power systems by means of role-based access control (RBAC).
• IEC 62351-9 — Key Management.
• IEC 62351-10 — Security Architecture.
• IEC 62351-11 — Security for XML Files.

See also

• IEC TC 57
• List of IEC Technical Committees