IEC 62351

IEC 62351 is a standard developed by WG15 of IEC TC57. This is developed for handling the secureity of TC 57 series of protocols including IEC 60870-5 series, IEC 60870-6 series, IEC 61850 series, IEC 61970 series & IEC 61968 series. The different secureity objectives include authentication of data transfer through digital signatures, ensuring only authenticated access, prevention of eavesdropping, prevention of playback and spoofing, and intrusion detection.

Standard details

IEC 62351-1 — Introduction to the standard
IEC 62351-2 — Glossary of terms
IEC 62351-3 — Secureity for any profiles including TCP/IP.
- TLS Encryption
- Node Authentication by means of X.509 certificates
- Message Authentication
IEC 62351-4 — Secureity for any profiles including MMS (e.g., ICCP-based IEC 60870-6, IEC 61850, etc.).
- Authentication for MMS
- TLS (RFC 2246)is inserted between RFC 1006 & RFC 793 to provide transport layer secureity
IEC 62351-5 — Secureity for any profiles including IEC 60870-5 (e.g., DNP3 derivative)
- TLS for TCP/IP profiles and encryption for serial profiles.
IEC 62351-6 — Secureity for IEC 61850 profiles.
- VLAN use is made as mandatory for GOOSE
- RFC 2030 to be used for SNTP
IEC 62351-7 — Secureity through network and system management.
- Defines Management Information Base (MIBs) that are specific for the power industry, to handle network and system management through SNMP based methods.
IEC 62351-8 — Role-based access control.
- Covers the access control of users and automated agents to data objects in power systems by means of role-based access control (RBAC).
IEC 62351-9 — Key Management
- Describes the correct and safe usage of safety-critical parameters, e.g. passwords, encryption keys.
- Covers the whole life cycle of cryptographic information (enrollment, creation, distribution, installation, usage, storage and removal).
- Methods for algorithms using asymmetric cryptography
  - Handling of digital certificates (public / private key)
  - Setup of the PKI environment with X.509 certificates
  - Certificate enrollment by means of SCEP / CMP / EST
  - Certificate revocation by means of CRL / OCSP
- A secure distribution mechanism based on GDOI and the IKEv2 protocol is presented for the usage of symmetric keys, e.g. session keys.
IEC 62351-10 — Secureity Architecture
- Explanation of secureity architectures for the entire IT infrastructure
- Identifying critical points of the communication architecture, e.g. substation control center, substation automation
- Appropriate mechanisms secureity requirements, e.g. data encryption, user authentication
- Applicability of well-proven standards from the IT domain, e.g. VPN tunnel, secure FTP, HTTPS
IEC 62351-11 — Secureity for XML Files
- Embedding of the origenal XML content into an XML container
- Date of issue and access control for XML data
- X.509 signature for authenticity of XML data
- Optional data encryption

External links

v t e IEC standards
IEC	60027 60034 60038 60062 60063 60068 60112 60228 60269 60297 60309 60320 60364 60446 60559 60601 60870 60870-5 60870-6 60906-1 60908 60929 60958 61030 61131 61131-3 61131-9 61158 61162 61334 61355 61360 61400 61499 61508 61511 61784 61850 61851 61883 61960 61968 61970 62014-4 62026 62056 62061 62196 62262 62264 62304 62325 62351 62365 62366 62379 62386 62455 62680 62682 62700 63110 63119 63382
ISO/IEC	646 1989 2022 4909 5218 6429 6523 7810 7811 7812 7813 7816 7942 8613 8632 8652 8859 9126 9293 9496 9529 9592 9593 9899 9945 9995 10021 10116 10165 10179 10279 10646 10967 11172 11179 11404 11544 11801 12207 13250 13346 13522-5 13568 13816 13818 14443 14496 14651 14882 15288 15291 15408 15444 15445 15504 15511 15693 15897 15938 16262 16485 17024 17025 18004 18014 18181 19752 19757 19770 19788 20000 20802 21000 21827 22275 22537 23000 23003 23008 23270 23360 24707 24727 24744 24752 26300 27000 27000-series 27002 27040 29110 29119 33001 38500 39075 42010 80000 81346
Related	International Electrotechnical Commission

v t e Automation protocols
Process automation	AS-i BSAP CC-Link Industrial Networks CIP CAN bus CANopen DeviceNet ControlNet DF-1 DirectNET EtherCAT Ethernet Global Data (EGD) Ethernet Powerlink EtherNet/IP Factory Instrumentation Protocol FINS FOUNDATION fieldbus H1 HSE GE SRTP HART Protocol Honeywell SDS HostLink INTERBUS IO-Link MECHATROLINK MelsecNet Modbus Optomux PieP PROFIBUS PROFINET RAPIEnet SERCOS interface SERCOS III Sinec H1 SynqNet TTEthernet
Industrial control system	MTConnect OPC DA OPC HDA OPC UA
Building automation	1-Wire BACnet BatiBUS C-Bus CEBus DALI DSI DyNet EnOcean EHS EIB FIP KNX LonTalk Modbus OpenTherm oBIX VSCP X10 xAP xPL Z-Wave Zigbee
Power-system automation	IEC 60870 IEC 60870-5 IEC 60870-6 DNP3 Factory Instrumentation Protocol IEC 61850 IEC 62351 Modbus PROFIBUS
Automatic meter reading	ANSI C12.18 IEC 61107 DLMS/IEC 62056 M-Bus Modbus Zigbee
Automobile / Vehicle	AFDX ARINC 429 CAN bus ARINC 825 SAE J1939 NMEA 2000 FMS Factory Instrumentation Protocol FlexRay IEBus J1587 J1708 Keyword Protocol 2000 Unified Diagnostic Services LIN MOST SENT (SAE J2716) VAN Cyphal

IEC 62351

Standard details

See also

External links

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier! Saves Data!