EN IEC 62351-3:2023
(Main)Power systems management and associated information exchange - Data and communications security - Part 3: Communication network and system security - Profiles including TCP/IP
Power systems management and associated information exchange - Data and communications security - Part 3: Communication network and system security - Profiles including TCP/IP
IEC 62351-3:2023 specifies how to provide confidentiality, integrity protection, and message level authentication for protocols that make use of TCP/IP as a message transport layer and utilize Transport Layer Security when cyber-security is required. This may relate to SCADA and telecontrol protocols, but also to additional protocols if they meet the requirements in this document. IEC 62351-3 specifies how to secure TCP/IP-based protocols through constraints on the specification of the messages, procedures, and algorithms of Transport Layer Security (TLS) (TLSv1.2 defined in RFC 5246, TLSv1.3 defined in RFC 8446). In the specific clauses, there will be subclauses to note the differences and commonalities in the application depending on the target TLS version. The use and specification of intervening external security devices (e.g., "bump-in-the-wire") are considered out-of-scope. In contrast to previous editions of this document, this edition is self-contained in terms of completely defining a profile of TLS. Hence, it can be applied directly, without the need to specify further TLS parameters, except the port number, over which the communication will be performed. Therefore, this part can be directly utilized from a referencing standard and can be combined with further security measures on other layers. Providing the profiling of TLS without the need for further specifying TLS parameters allows declaring conformity to the described functionality without the need to involve further IEC 62351 documents. This document is intended to be referenced as a normative part of other IEC standards that have the need for providing security for their TCP/IP-based protocol exchanges under similar boundary conditions. However, it is up to the individual protocol security initiatives to decide if this document is to be referenced. The document also defines security events for specific conditions, which support error handling, security audit trails, intrusion detection, and conformance testing. Any action of an organization in response to events to an error condition described in this document are beyond the scope of this document and are expected to be defined by the organization’s security policy. This document reflects the security requirements of the IEC power systems management protocols. Should other standards bring forward new requirements, this document may need to be revised. This second edition cancels and replaces the first edition published in 2014, Amendment 1:2018 and Amendment 2:2020. This edition constitutes a technical revision. This edition includes the following significant technical changes with respect to the previous edition: a) Inclusion of the TLSv1.2 related parameter required in IEC 62351-3 Ed.1.2 to be specified by the referencing standard. This comprises the following parameter: • Mandatory TLSv1.2 cipher suites to be supported. • Specification of session resumption parameters. • Specification of session renegotiation parameters. • Revocation handling using CRL and OCSP. • Handling of security events. b) Inclusion of a TLSv1.3 profile to be applicable for the power system domain in a similar way as for TLSv1.2 session.
Energiemanagementsysteme und zugehöriger Datenaustausch - IT-Sicherheit für Daten und Kommunikation - Teil 3: Sicherheit von Kommunikationsnetzen und Systemen - Profile einschließlich TCP/IP
Gestion des systèmes de puissance et échanges d'informations associés - Sécurité des communications et des données - Partie 3: Sécurité des réseaux et des systèmes de communication - Profils comprenant TCP/IP
IEC 62351-3:2023 spécifie comment assurer la confidentialité, la protection de l’intégrité et l’authentification des niveaux des messages pour les protocoles qui utilisent les protocoles TCP/IP comme couche transport des messages et utilisent la sécurité de la couche transport lorsque la cybersécurité est exigée. Ceci peut concerner les protocoles SCADA/téléconduite, protection, automation et contrôles. L’IEC 62351-3 spécifie une méthode permettant de sécuriser les protocoles TCP/IP par l’intermédiaire de contraintes sur la spécification des messages, procédures et algorithmes de sécurité de la couche transport (TLS) (version 1.2 de TLS définie dans la RFC 5246 et version 1.3 définie dans la RFC 8446). Des articles spécifiques contiennent des paragraphes indiquant les différences et les points communs d’application en fonction de la version TLS cible. L’utilisation et la spécification des dispositifs de sécurité externe concernés (par exemple "bump-in-the-wire") sont considérées comme ne relevant pas du domaine d’application du présent document. Contrairement aux précédentes éditions du présent document, la présente édition est autosuffisante, car elle définit entièrement un profil de TLS. De ce fait, elle peut être appliquée directement, sans nécessiter de spécifier de paramètres TLS supplémentaires, à l’exception du numéro du port par lequel la communication est effectuée. Par conséquent, la présente partie peut être directement utilisée à partir d’une norme de référence et peut être combinée avec des mesures de sécurité supplémentaires sur d’autres couches. La définition du profil de TLS sans nécessiter de spécifier de paramètres TLS supplémentaires permet de déclarer la conformité à la fonctionnalité décrite sans nécessiter de recourir à d’autres documents IEC 62351. Le présent document est destiné à être référencé comme partie normative des autres normes IEC qui traitent de la nécessité d’assurer la sécurité de leurs échanges protocolaires basés sur TCP/IP dans des conditions limites similaires. Cependant, il revient aux initiatives individuelles en matière de sécurité des protocoles de décider si le présent document est à référencer. Le présent document définit également des événements de sécurité pour des conditions spécifiques, qui prennent en charge la gestion des erreurs, les pistes d’audit de sécurité, la détection d’intrusion et les essais de conformité. Toute action d’un organisme en réponse à des événements dus à une condition d’erreur décrite dans le présent document ne relève pas du domaine d’application du présent document et est susceptible d’être définie par la politique de sécurité de l’organisme. Le présent document présente les exigences de sécurité des protocoles de gestion des systèmes de puissance de l’IEC. Une révision du présent document pourrait s’avérer nécessaire en cas d’ajout de nouvelles exigences dans d’autres normes. Cette seconde édition annule et remplace la première édition parue en 2014, l’Amendement 1:2018 et l’Amendement 2:2020. Cette édition constitue une révision technique. Cette édition inclut les modifications techniques majeures suivantes par rapport à l’édition précédente: a) inclusion du paramètre lié à la TLSv1.2 exigé dans l’IEC 62351-3 Éd.1.2 à spécifier par la norme de référence. Ce paramètre comprend les éléments suivants: • les suites chiffrées TLSv1.2 obligatoires à prendre en charge; • la spécification des paramètres de reprise de session; • la spécification des paramètres de renégociation de session; • la gestion des révocations à l’aide de la CRL et du protocole OCSP; • la ges
Upravljanje elektroenergetskega sistema in pripadajoča izmenjava informacij - Varnost podatkov in komunikacij - 3. del: Varnost komunikacijskih omrežij in sistemov - Profili za TCP/IP (IEC 62351-3:2023)
Standard IEC 62351-3:2023 določa, kako zagotoviti zaupnost, zaščito celovitosti in preverjati pristnost na ravni sporočil za protokole, ki za sporočilno transportno plast uporabljajo TCP/IP, ter zagotoviti varnost na transportni plasti, ko je zahtevana kibernetska varnost. To se lahko nanaša na protokole sistema nadzora in pridobivanja podatkov ter protokole za daljinsko vodenje, pa tudi na dodatne protokole, če izpolnjujejo zahteve v tem dokumentu.
Standard IEC 62351-3 določa, kako zaščititi protokole, ki temeljijo na TCP/IP, z omejitvami na specifikacijo sporočil, postopkov in algoritmov varnosti na transportni plasti (TLS) (TLSv1.2 opredeljen v RFC 5246, TLSv1.3 opredeljen v RFC 8446 ). Posebne točke bodo vsebovale podtočke z razlikami in skupnimi značilnostmi v aplikaciji glede na ciljno različico varnosti na transportni plasti. Uporaba in specifikacija vmesnih zunanjih varnostnih naprav (npr. »bump-in-the-wire«) se štejeta izven področja uporabe.
V nasprotju s prejšnjimi izdajami tega dokumenta je ta izdaja samozadostna v smislu popolne opredelitve profila varnosti na transportni plasti. Zato ga je mogoče uporabiti neposredno, brez potrebe po določanju nadaljnjih parametrov varnosti na transportni plasti, razen številke vrat, prek katerih se bo komunikacija izvajala. Tako je ta del mogoče neposredno uporabiti iz referenčnega standarda in ga je mogoče kombinirati z nadaljnjimi varnostnimi ukrepi na drugih plasteh. Zagotavljanje profiliranja varnosti na transportni plasti brez potrebe po nadaljnjem določanju parametrov varnosti na transportni plasti omogoča izjavo o skladnosti z opisano funkcionalnostjo brez potrebe po vključitvi nadaljnjih dokumentov IEC 62351.
Ta dokument naj bi bil normativni del drugih standardov IEC, ki morajo zagotoviti varnost za svoje izmenjave protokolov na osnovi TCP/IP pod podobnimi mejnimi pogoji. Vendar pa se o tem, ali naj se sklicuje na ta dokument, odločijo posamezne varnostne pobude protokola.
Dokument določa tudi varnostne dogodke za posebne pogoje, ki podpirajo obravnavanje napak, varnostne revizijske sledi, odkrivanje vdorov in preskušanje skladnosti. Kakršno koli dejanje organizacije kot odgovor na dogodke zaradi stanja napake, opisanega v tem dokumentu, ne spada v področje uporabe tega dokumenta in pričakuje se, da bo določeno z varnostno politiko organizacije.
Ta dokument odraža varnostne zahteve protokolov za upravljanje elektroenergetskega sistema IEC. Če bodo drugi standardi uvedli nove zahteve, bo morda treba ta dokument revidirati.
Druga izdaja razveljavlja in nadomešča prvo izdajo, objavljeno leta 2014, dopolnilo 1 iz leta 2018 in dopolnilo 2 iz leta 2020. Ta izdaja je tehnično popravljena izdaja.
Ta izdaja v primerjavi s prejšnjo vključuje naslednje pomembne tehnične spremembe:
a) Vključitev s TLSv1.2 povezanega parametra, zahtevanega v standardu IEC 62351-3, izdaja1.2, je treba določiti z referenčnim standardom. To vključuje naslednji parameter:
• Podprti morajo biti obvezni paketi šifre TLSv1.2.
• Specifikacija parametrov za nadaljevanje seje.
• Specifikacija parametrov za vnovično pogajanje za vzpostavitev seje.
• Obravnavanje ukinitve s CRL in OCSP.
• Obravnavanje varnostnih dogodkov.
b) Vključitev profila TLSv1.3, ki se uporablja za domeno elektroenergetskega sistema na podoben način kot za sejo TLSv1.2.
General Information
Relations
Standards Content (Sample)
SLOVENSKI STANDARD
01-oktober-2023
Upravljanje elektroenergetskega sistema in pripadajoča izmenjava informacij -
Varnost podatkov in komunikacij - 3. del: Varnost komunikacijskih omrežij in
sistemov - Profili za TCP/IP
Power systems management and associated information exchange - Data and
communications security - Part 3: Communication network and system security - Profiles
including TCP/IP
Datenmodelle, Schnittstellen und Informationsaustausch für Planung und Betrieb von
Energieversorgungsunternehmen - Daten- und Kommunikationssicherheit - Teil 3:
Sicherheit von Kommunikationsnetzen und Systemen - Profile einschließlich TCP/IP
Gestion des systèmes de puissance et échanges d'informations associés - Sécurité des
communications et des données - Partie 3: Sécurité des réseaux et des systèmes de
communication - Profils comprenant TCP/IP
Ta slovenski standard je istoveten z: EN IEC 62351-3:2023
ICS:
29.240.30 Krmilna oprema za Control equipment for electric
elektroenergetske sisteme power systems
35.240.50 Uporabniške rešitve IT v IT applications in industry
industriji
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
EUROPEAN STANDARD EN IEC 62351-3
NORME EUROPÉENNE
EUROPÄISCHE NORM July 2023
ICS 33.200 Supersedes EN 62351-3:2014; EN 62351-
3:2014/A1:2018; EN 62351-3:2014/A2:2020
English Version
Power systems management and associated information
exchange - Data and communications security - Part 3:
Communication network and system security - Profiles including
TCP/IP
(IEC 62351-3:2023)
Gestion des systèmes de puissance et échanges Datenmodelle, Schnittstellen und Informationsaustausch für
d'informations associés - Sécurité des communications et Planung und Betrieb von Energieversorgungsunternehmen
des données - Partie 3: Sécurité des réseaux et des - Daten- und Kommunikationssicherheit - Teil 3: Sicherheit
systèmes de communication - Profils comprenant TCP/IP von Kommunikationsnetzen und Systemen - Profile
(IEC 62351-3:2023) einschließlich TCP/IP
(IEC 62351-3:2023)
This European Standard was approved by CENELEC on 2023-07-11. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the
Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Türkiye and the United Kingdom.
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2023 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN IEC 62351-3:2023 E
European foreword
The text of document 57/2578/FDIS, future edition 2 of IEC 62351-3, prepared by IEC/TC 57 "Power
systems management and associated information exchange" was submitted to the IEC-CENELEC
parallel vote and approved by CENELEC as EN IEC 62351-3:2023.
The following dates are fixed:
• latest date by which the document has to be implemented at national (dop) 2024-04-11
level by publication of an identical national standard or by endorsement
• latest date by which the national standards conflicting with the (dow) 2026-07-11
document have to be withdrawn
This document supersedes EN 62351-3:2014 and all of its amendments and corrigenda (if any).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.
This document has been prepared under a Standardization Request given to CENELEC by the
European Commission and the European Free Trade Association.
Any feedback and questions on this document should be directed to the users’ national committee. A
complete listing of these bodies can be found on the CENELEC website.
Endorsement notice
The text of the International Standard IEC 62351-3:2023 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standard indicated:
IEC 62351-4:2018 NOTE Approved as EN IEC 62351-4:2018 (not modified)
IEC 62351-4:2018/A1:2020 NOTE Approved as EN IEC 62351-4:2018/A1:2020 (not modified)
IEC 62351-5 NOTE Approved as EN IEC 62351-5
IEC 62351-6:2020 NOTE Approved as EN IEC 62351-6:2020 (not modified)
IEC 62351-7 NOTE Approved as EN 62351-7
IEC 62351-8:2020 NOTE Approved as EN IEC 62351-8:2020 (not modified)
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments)
applies.
NOTE 1 Where an International Publication has been modified by common modifications, indicated by (mod),
the relevant EN/HD applies.
NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available
here: www.cencenelec.eu.
Publication Year Title EN/HD Year
IEC/TS 62351-1 2007 Power systems management and associated - -
information exchange - Data and communications
security - Part 1: Communication network and system
security - Introduction to security issues
IEC/TS 62351-2 2008 Power systems management and associated - -
information exchange - Data and communications
security - Part 2: Glossary of terms
IEC 62351-9 - Power systems management and associated - -
information exchange - Data and communications
security - Part 9: Cyber security key management for
power system equipment
ISO/IEC 9594-8 2020 Information technology - Open systems - -
interconnection - Part 8: The Directory: Public-key and
attribute certificate frameworks
RFC 5246 2008 The Transport Layer Security (TLS) Protocol - -
Version 1.2
RFC 5280 2008 Internet X.509 Public Key Infrastructure Certificate - -
and Certificate Revocation List (CRL) Profile
RFC 5288 2008 AES Galois Counter Mode (GCM) Cipher Suites for - -
TLS
RFC 5289 2008 TLS Elliptic Curve Cipher Suites with SHA-256/384 - -
and AES Galois Counter Mode (GCM)
RFC 5746 2010 Transport Layer Security (TLS) Renegotiation - -
Indication Extension
RFC 6066 2011 Transport Layer Security (TLS) Extensions: Extension - -
Definitions
RFC 6176 2011 Prohibiting Secure Sockets Layer (SSL) Version 2.0 - -
RFC 8422 2018 ECC Cipher Suites for TLSv1.2 and earlier - -
RFC 8446 2018 The TLS Protocol Version 1.3 - -
RFC 9150 2021 TLS 1.3 Authentication and Integrity only Cipher - -
Suites
IEC 62351-3 ®
Edition 2.0 2023-06
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Power systems management and associated information exchange – Data and
communications security –
Part 3: Communication network and system security – Profiles including TCP/IP
Gestion des systèmes de puissance et échanges d’informations associés –
Sécurité des communications et des données –
Partie 3: Sécurité des réseaux et des systèmes de communication – Profils
comprenant TCP/IP
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 33.200 ISBN 978-2-8322-6935-0
– 2 – IEC 62351-3:2023 © IEC 2023
CONTENTS
FOREWORD . 5
INTRODUCTION . 7
1 Scope . 8
1.1 Scope . 8
1.2 Intended audience . 8
2 Normative references . 9
3 Terms, definitions and abbreviated terms . 9
3.1 Terms and definitions . 9
3.2 Abbreviated terms . 10
4 Security issues addressed by this document . 10
4.1 General . 10
4.2 Security threats countered . 11
4.3 Attack methods countered . 11
4.4 Handling of security events . 12
5 Overview of differences in TLS versions . 12
5.1 General . 12
5.2 Main differences between TLSv1.2 and TLSv1.3 . 12
5.3 Cipher suite naming . 13
5.4 Backward compatibility . 14
5.5 Extensions . 14
6 Generic requirements . 15
6.1 General . 15
6.2 Signalling of supported TLS versions . 15
6.3 Usage of non-encrypting cipher suites . 16
6.4 Certificate support . 17
6.4.1 Support of multiple trust anchors . 17
6.4.2 Certificate size . 17
6.4.3 Certificate exchange . 17
6.4.4 Public-key certificate validation . 18
6.5 Co-existence with non-secure protocol traffic . 21
7 Requirements specific to TLSv1.2. 21
7.1 General . 21
7.2 Supported cipher suites . 21
7.3 Disallowed cipher suites . 22
7.4 Key exchange . 22
7.4.1 General . 22
7.4.2 Key exchange mechanisms . 22
7.4.3 Cryptographic algorithms . 22
7.4.4 Session resumption . 24
7.4.5 Session renegotiation . 25
7.5 Support of extensions . 26
7.5.1 General . 26
7.5.2 TLS session renegotiation extension . 26
7.5.3 Signalling of client supported CA certificates via Trusted CA . 27
7.5.4 Signalling of supported signature algorithms . 27
7.5.5 Stapling of OCSP response messages . 28
IEC 62351-3:2023 © IEC 2023 – 3 –
7.5.6 Signalling of intended target TLS server via Server Name Indication . 29
7.5.7 Support of encryption before authentication . 29
8 Requirements specific to TLSv1.3. 30
8.1 General . 30
8.2 Supported cipher suites . 30
8.3 Key exchange . 30
8.3.1 General . 30
8.3.2 Handshake modes . 31
8.3.3 Diffie-Hellman Groups . 32
8.3.4 Signature algorithms . 32
8.4 Session key update (post-handshake message) . 33
8.5 New session ticket (post-handshake message) . 34
8.6 Session resumption . 34
8.7 Certificate validation . 34
8.8 Support of extensions . 35
8.8.1 General . 35
8.8.2 Signalling of supported TLS versions . 35
8.8.3 Cookie . 35
8.8.4 Signalling of supported signature algorithms . 35
8.8.5 Signalling of supported groups . 36
8.8.6 Signalling of key share . 36
8.8.7 Signalling of intended target TLS server via Server Name Indication . 36
8.8.8 Signalling of supported certificate authorities . 37
8.8.9 Support of PSK based key agreement . 37
8.8.10 Stapling of OCSP response messages . 37
8.8.11 Signalling of early data . 38
9 Optional security measure support. 38
10 Conformance . 38
10.1 General . 38
10.2 Notation . 38
10.3 Conformance to selected TLS versions . 38
10.4 Conformance to certificate handling . 39
10.5 Conformance to TLSv1.2 specifics . 39
10.5.1 Conformance to selected cipher suites . 39
10.5.2 Conformance to cryptographic algorithm support . 40
10.5.3 Conformance to TLSv1.2 session management features . 40
10.5.4 Conformance to selected TLSv1.2 extensions . 41
10.6 Conformance to TLSv1.3 specifics . 41
10.6.1 Conformance to selected TLSv1.3 cipher suites. 41
10.6.2 Conformance to selected TLSv1.3 session management features . 42
10.6.3 Conformance to selected TLSv1.3 extensions . 44
10.6.4 Conformance to selected TLSv1.3 post-handshake messages . 44
Annex A (informative) Security Events . 46
A.1 Security event logs . 46
A.2 Mapping of TLS events related to the TLS handshake . 46
A.3 Mapping of TLS events related to the certificate handling . 48
Bibliography . 49
– 4 – IEC 62351-3:2023 © IEC 2023
Figure 1 – Definition of cipher suites according to TLSv1.2 (RFC 5246) . 14
Figure 2 – Definition of cipher suites according to TLSv1.3 (RFC 8446) . 14
Table 1 – Support of cipher suites for TLSv1.2. 21
Table 2 – Support of cipher suites for TLSv1.3. 30
Table 3 – Support of PSK-based handshake modes for TLSv1.3 . 31
Table 4 – Support of Diffie Hellman Groups for TLSv1.3 . 32
Table 5 – Supported signature algorithms for the handshake in TLSv1.3 . 32
Table 6 – Supported signature algorithms for the certificates in TLSv1.3 . 33
Table 7 – Conformance to TLS versions . 38
Table 8 – Conformance to certificate support . 39
Table 9 – Conformance to TLSv1.2 usable cipher suites . 40
Table 10 – Conformance to cryptographic algorithm support . 40
Table 11 – Conformance to TLSv1.2 session management features. 41
Table 12 – Conformance to TLSv1.2 handshake extensions . 41
Table 13 – Conformance to TLSv1.3 cipher suites . 42
Table 14 – Conformance to handshake modes of TLSv1.3 . 42
Table 15 –Conformance to early data feature (0-RTT) of TLSv1.3 . 42
Table 16 – Conformance to supported Diffie Hellman Groups in TLSv1.3 . 43
Table 17 – Conformance to supported signature algorithms for the handshake in
TLSv1.3 . 43
Table 18 – Conformance to supported signature algorithms for the certificates in
TLSv1.3 . 44
Table 19 – Conformance to TLSv1.3 extensions . 44
Table 20 – Conformance to post-handshake messages of TLSv1.3 . 45
Table A.1 – Security event logs related to TLS handshake defined in IEC 62351-3:—
(Ed.2) mapped to IEC 62351-14 . 46
Table A.2 – Security event logs related to certificate validation defined in IEC 62351-3
Ed.2 mapped to IEC 62351-14 . 48
IEC 62351-3:2023 © IEC 2023 – 5 –
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
POWER SYSTEMS MANAGEMENT AND ASSOCIATED INFORMATION
EXCHANGE – DATA AND COMMUNICATIONS SECURITY –
Part 3: Communication network and system security –
Profiles including TCP/IP
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international
co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and
in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports,
Publicly Available Specifications (PAS) and Guides (hereafter referred to as "IEC Publication(s)"). Their
preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with
may participate in this preparatory work. International, governmental and non-governmental organizations liaising
with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for
Standardization (ISO) in accordance with conditions determined by agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence between
any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent
rights. IEC shall not be held responsible for identifying any or all such patent rights.
IEC 62351-3 has been prepared by IEC technical committee 57: Power systems management
and associated information exchange. It is an International Standard.
This second edition cancels and replaces the first edition published in 2014, Amendment 1:2018
and Amendment 2:2020. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous
edition:
a) Inclusion of the TLSv1.2 related parameter required in IEC 62351-3 Ed.1.2 to be specified
by the referencing standard. This comprises the following parameter:
• Mandatory TLSv1.2 cipher suites to be supported.
• Specification of session resumption parameters.
• Specification of session renegotiation parameters.
– 6 – IEC 62351-3:2023 © IEC 2023
• Revocation handling using CRL and OCSP.
• Handling of security events.
b) Inclusion of a TLSv1.3 profile to be applicable for the power system domain in a similar way
as for TLSv1.2 session.
The text of this International Standard is based on the following documents:
Draft Report on voting
57/2578/FDIS 57/2593/RVD
Full information on the voting for its approval can be found in the report on voting indicated in
the above table.
The language used for the development of this International Standard is English.
This document was drafted in accordance with ISO/IEC Directives, Part 2, and developed in
accordance with ISO/IEC Directives, Part 1 and ISO/IEC Directives, IEC Supplement, available
at www.iec.ch/members_experts/refdocs. The main document types developed by IEC are
described in greater detail at www.iec.ch/publications.
NOTE The following print types are used:
• Abstract Syntax Notation One (ASN.1) are presented in courier new and bold courier new
A list of all parts in the IEC 62351 series, published under the general title Power systems
management and associated information exchange – Data and communications security, can
be found on the IEC website.
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under webstore.iec.ch in the data related to the
specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
IMPORTANT – The "colour inside" logo on the cover page of this document indicates that it
contains colours which are considered to be useful for the correct understanding of its
contents. Users should therefore print this document using a colour printer.
IEC 62351-3:2023 © IEC 2023 – 7 –
INTRODUCTION
This edition of IEC 62351-3 is a self-contained document profiling the usage of TLS for to secure
power system communication. It is recommended to refer to this edition of this document rather
than any previous edition, because this edition updates the utilized cryptographic algorithms
(ciphersuites), provides enhanced functionality, and covers different TLS versions. In contrast
to previous editions, this document specifies all necessary TLS specific settings and does not
require the referencing standard to define specific settings for TLS.
Note that the recommendation to use this edition, potentially also with older referencing
standards, requires technical support by implementations of the TLS settings specified in this
edition of the document.
– 8 – IEC 62351-3:2023 © IEC 2023
POWER SYSTEMS MANAGEMENT AND ASSOCIATED INFORMATION
EXCHANGE – DATA AND COMMUNICATIONS SECURITY –
Part 3: Communication network and system security –
Profiles including TCP/IP
1 Scope
1.1 Scope
This part of IEC 62351 specifies how to provide confidentiality, integrity protection, and
message level authentication for protocols that make use of TCP/IP as a message transport
layer and utilize Transport Layer Security when cyber-security is required. This may relate to
SCADA/telecontrol, protection, automation and control protocols.
IEC 62351-3 specifies how to secure TCP/IP-based protocols through constraints on the
specification of the messages, procedures, and algorithms of Transport Layer Security (TLS)
(TLSv1.2 defined in RFC 5246, TLSv1.3 defined in RFC 8446). In the specific clauses, there
will be subclauses to note the differences and commonalities in the application depending on
the target TLS version. The use and specification of intervening external security devices (e.g.,
"bump-in-the-wire") are considered out-of-scope.
In contrast to previous editions of this document, this edition is self-contained in terms of
completely defining a profile of TLS. Hence, it can be applied directly, without the need to
specify further TLS parameters, except the port number, over which the communication will be
performed. Therefore, this part can be directly utilized from a referencing standard and can be
combined with further security measures on other layers. Providing the profiling of TLS without
the need for further specifying TLS parameters allows declaring conformity to the described
functionality without the need to involve further IEC 62351 documents.
This document is intended to be referenced as a normative part of other IEC standards that
have the need for providing security for their TCP/IP-based protocol exchanges under similar
boundary conditions. However, it is up to the individual protocol security initiatives to decide if
this document is to be referenced.
The document also defines security events for specific conditions, which support error handling,
security audit trails, intrusion detection, and conformance testing. Any action of an organization
in response to events to an error condition described in this document are beyond the scope of
this document and are expected to be defined by the organization’s security policy.
This document reflects the security requirements of the IEC power systems management
protocols. Should other standards bring forward new requirements, this document may need to
be revised.
1.2 Intended audience
The initial audience for this document is intended to be experts developing or making use of
protocols in the field of power systems management and associated information exchange. For
the measures described in this document to take effect, they must be accepted and referenced
by the specifications of protocols making use of TCP/IP security by applying TLS. This
document is written to enable that process.
The subsequent audience for this document is intended to be the developers of products that
implement these protocols.
IEC 62351-3:2023 © IEC 2023 – 9 –
Portions of this document may also be of use to managers and executives in order to understand
the purpose and requirements of the work.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies.
For undated references, the latest edition of the referenced document (including any
amendments) applies.
IEC TS 62351-1:2007, Power systems management and associated information exchange –
Data and communications security – Part 1: Communication network and system security –
Introduction to security issues
IEC TS 62351-2:2008, Power systems management and associated information exchange –
Data and communications security – Part 2: Glossary of terms
IEC 62351-9, Power systems management and associated information exchange – Data and
communications security – Part 9: Cyber security key management for power system equipment
ISO/IEC 9594-8:2020 | Rec. ITU-T X.509 (2019), Information technology – Open systems
interconnection – The Directory: Public-key and attribute certificate frameworks
RFC 5246:2008, The TLS Protocol Version 1.2
RFC 5280:2008, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation
List (CRL) Profile
RFC 5288:2008, AES Galois Counter Mode (GCM) Cipher Suites for TLS
RFC 5289:2008, TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter
Mode (GCM)
RFC 5746:2010, Transport Layer Security (TLS) Renegotiation Indication Extension
RFC 6066:2011, Transport Layer Security Extensions
RFC 6176:2011, Prohibiting Secure Sockets Layer (SSL) Version 2.0
RFC 8422:2018, ECC Cipher Suites for TLSv1.2 and earlier
RFC 8446:2018, The TLS Protocol Version 1.3
RFC 9150:2021, TLS 1.3 Authentication and Integrity only Cipher Suites
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in IEC TS 62351-2 and the
following apply.
___________
This is typically referred to as SSL/TLS.
– 10 – IEC 62351-3:2023 © IEC 2023
ISO and IEC maintain terminological databases for use in standardization at the following
addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
3.2 Abbreviated terms
ACSE Association Control Service Element
AEAD Authenticated Encryption with Associated Data
BCP Best Current Practice
CRL Certificate Revocation List
DER Distinguished Encoding Rules
DH(E) Diffie Hellman (Ephemeral) Key Agreement (see also IEC 62351-9)
ECDH(E) Elliptic Curve based Diffie Hellman (Ephemeral) Key Agreement (see also
IEC 62351-9)
ECDSA Elliptic Curve Digital Signature Algorithm
IV Initialization Vector
MAC Message Authentication Code
MitM Man-in-the-Middle (type of attack)
OCSP Online Certificate Status Protocol (see RFC 6960)
PICS Protocol Implementation Conformance Statement
PIXIT Protocol Implementation eXtra Information for Testing
PSK Pre-shared key
TLS Transport Layer Security
4 Security issues addressed by this document
4.1 General
The IEC power system environment has different operational requirements from many
Information Technology (IT) applications that make use of TLS to protect the transport of
information over a TCP/IP connection. This requires on one hand the management of
certificates used to authenticate entities, which is handled in IEC 62351-9. On the other hand,
specific TLS related security parameters such as selected cipher suites, session management
parameter and utilized extensions need to be defined, which is the focus of this document. One
main difference in the application of TLS in the power system domain is the duration of the
TCP/IP connection for which security needs to be maintained. Besides this it also has to be
considered that the equipment in power system automation is long lasting. This may also require
supporting older versions of TLS or cipher suites to retain backward compatibility.
Many IT protocols have short duration connections, which allow the encryption algorithms to be
renegotiated at connection re-establishment. However, the connections within a telecontrol
environment tend to have longer durations, often "permanent". It is the longevity of connections
in the field of power systems management and associated information exchange that give rise
to the need for specific consideration. In this regard, in order to provide protection for the
"permanent" connections, a mechanism for updating the session key is selected within this
document, based upon existing TLS features. Note that TLSv1.2 and TLSv1.3 support different
approaches for rekeying.
IEC 62351-3:2023 © IEC 2023 – 11 –
TLS allows for a wide variety of settings such as selected cipher suites to protect the handshake
and the record layer protocol, which are negotiated during connection establishment. It also
supports session management mechanisms to setup new sessions or renew existing sessions.
To ensure interoperability between different implementations, this document specifies a
common set of TLS features to be supported by conforming implementations.
TLS has evolved and is available in version 1.3. In version 1.3 several parts of the protocol
have been reworked, resulting in a protocol, which is functionally not backward compatible to
TLSv1.2. As the first message exchange is defined in a backward compatible way, the TLS
server may be able to switch to either version, depending on the security policy.
Additionally, this document specifies the use of particular TLS capabilities that allow for specific
security threats to be countered (see also 4.2). Specifically, TLS allows the definition of
extensions to the protocol to mitigate potential protocol vulnerabilities or to enhance protocol
functionality. This specification makes use of already-defined extensions.
Note that TLS utilizes X.509 certificates (see also ISO/IEC 9594-8 or RFC 5280) for
authentication and key agreement. In the context of this document the term certificate always
relates to public-key certificates (in contrast to attribute certificates).
NOTE It is assumed that the certificate management necessary to operate TLS is addressed in accordance with
IEC 62351-9.
4.2 Security threats countered
See IEC TS 62351-1 for a discussion of security threats and attack methods.
TCP/IP and the security specifications in this document cover only the communication transport
layers (OSI layers 4 and lower). Specifically, TLS protects the transported messages from OSI
layer 5 and above in a transparent way. This document does not cover security functionality
specific for the communication application layers (OSI layers 5 and above) or application-to-
application security. This is defined in other parts of IEC 62351, e.g., IEC 62351-4 for MMS,
IEC 62351-5 for serial communication and telecontrol, and IEC 62351-6 for (R)GOOSE and
(R)SV.
NOTE The application of TLS as profiled in this document supports the protection of information sent over a TLS
protected connection.
The specific threats countered in this document for the transport layer include:
– Tampering (unauthorized modification or insertion of messages) is addressed by mutual,
certificate-based authentication of the communication participants, and TLS packet-level
integrity protection.
Additionally, when the information has been identified as requiring confidentiality protection:
– Unauthorized access to information through TLS packet-level encryption of the messages.
4.3 Attack methods countered
The following security attack methods are countered through the appropriate implementation of
the specifications and recommendations in this document.
– Impersonation: This threat is countered through the use of mutual authentication based on
X.509 certificates during the TLS handshake and digitally signed information as revocation
information.
– Man-in-the-middle (MitM): This threat is countered for the TLS record layer through the use
of cryptographic checksums (MAC) based on mutually authenticated negotiation of session
keys. These keys are set up during the TLS handshake. Protection against MitM attacks
during the TLS handshake phase itself is provided by the Finish message, ending the
handshake phase. This message is encrypted and contains a hash value over all messages
– 12 – IEC 62351-3:2023 © IEC 2023
exchanged in the handshake. In addition, TLSv1.3 already provides cryptographic protection
of the handshake messages directly (except the ClientHello).
– Replay: This threat is countered by the application of a MAC for integrity protection on a per
packet bases including a sequence number to detect an actual replay.
– Eavesdropping: This threat is countered through the use of encryption cipher suites, when
negotiating TLS record layer security.
NOTE The actual performance characteristics of an implementation claiming conformance to this part of the
IEC 62351 series are out-of-scope of this document.
4.4 Handling of security events
Throughout the document security events are defined. These security events are intended to
support error handling and thus to increase system resilience. Implementations should provide
a mechanism for announcing security events to an evaluation system. A recommended standard
is IEC 62351-4.
The information about security events and potential detailed information can only be provided
by the entity based on the availability of this information through the underlying platform or
utilized components.
It is recommended that the security events defined throughout this document are made
available to the operational infrastructure by cyber security events as specified in IEC 62351-14
or by monitoring objects as specified in IEC 62351-7. Annex A provides a mapping of the
defined events in this document to the notion of IEC 62351-14.
Note that notice, warnings, errors, and alarms are used to indicate the severity of an event from
a security point of view. The following notion from IEC 62351-14 is used:
– A notice refers to a cyber security related activity during the routine use or maintenance of
an entity. It does not relate to a cyber security breach or attack or deviation from the normal
operating condition of an entity.
– A warning is a deviation from the normal operating condition of an entity but not necessary
a cyber-attack.
– An error de
...
SLOVENSKI STANDARD
01-oktober-2023
Upravljanje elektroenergetskega sistema in pripadajoča izmenjava informacij -
Varnost podatkov in komunikacij - 3. del: Varnost komunikacijskih omrežij in
sistemov - Profili za TCP/IP (IEC 62351-3:2023)
Power systems management and associated information exchange - Data and
communications security - Part 3: Communication network and system security - Profiles
including TCP/IP (IEC 62351-3:2023)
Datenmodelle, Schnittstellen und Informationsaustausch für Planung und Betrieb von
Energieversorgungsunternehmen - Daten- und Kommunikationssicherheit - Teil 3:
Sicherheit von Kommunikationsnetzen und Systemen - Profile einschließlich TCP/IP
(IEC 62351-3:2023)
Gestion des systèmes de puissance et échanges d'informations associés - Sécurité des
communications et des données - Partie 3: Sécurité des réseaux et des systèmes de
communication - Profils comprenant TCP/IP (IEC 62351-3:2023)
Ta slovenski standard je istoveten z: EN IEC 62351-3:2023
ICS:
29.240.30 Krmilna oprema za Control equipment for electric
elektroenergetske sisteme power systems
35.240.50 Uporabniške rešitve IT v IT applications in industry
industriji
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
EUROPEAN STANDARD EN IEC 62351-3
NORME EUROPÉENNE
EUROPÄISCHE NORM July 2023
ICS 33.200 Supersedes EN 62351-3:2014; EN 62351-
3:2014/A1:2018; EN 62351-3:2014/A2:2020
English Version
Power systems management and associated information
exchange - Data and communications security - Part 3:
Communication network and system security - Profiles including
TCP/IP
(IEC 62351-3:2023)
Gestion des systèmes de puissance et échanges Datenmodelle, Schnittstellen und Informationsaustausch für
d'informations associés - Sécurité des communications et Planung und Betrieb von Energieversorgungsunternehmen
des données - Partie 3: Sécurité des réseaux et des - Daten- und Kommunikationssicherheit - Teil 3: Sicherheit
systèmes de communication - Profils comprenant TCP/IP von Kommunikationsnetzen und Systemen - Profile
(IEC 62351-3:2023) einschließlich TCP/IP
(IEC 62351-3:2023)
This European Standard was approved by CENELEC on 2023-07-11. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the
Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Türkiye and the United Kingdom.
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2023 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN IEC 62351-3:2023 E
European foreword
The text of document 57/2578/FDIS, future edition 2 of IEC 62351-3, prepared by IEC/TC 57 "Power
systems management and associated information exchange" was submitted to the IEC-CENELEC
parallel vote and approved by CENELEC as EN IEC 62351-3:2023.
The following dates are fixed:
• latest date by which the document has to be implemented at national (dop) 2024-04-11
level by publication of an identical national standard or by endorsement
• latest date by which the national standards conflicting with the (dow) 2026-07-11
document have to be withdrawn
This document supersedes EN 62351-3:2014 and all of its amendments and corrigenda (if any).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.
This document has been prepared under a Standardization Request given to CENELEC by the
European Commission and the European Free Trade Association.
Any feedback and questions on this document should be directed to the users’ national committee. A
complete listing of these bodies can be found on the CENELEC website.
Endorsement notice
The text of the International Standard IEC 62351-3:2023 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standard indicated:
IEC 62351-4:2018 NOTE Approved as EN IEC 62351-4:2018 (not modified)
IEC 62351-4:2018/A1:2020 NOTE Approved as EN IEC 62351-4:2018/A1:2020 (not modified)
IEC 62351-5 NOTE Approved as EN IEC 62351-5
IEC 62351-6:2020 NOTE Approved as EN IEC 62351-6:2020 (not modified)
IEC 62351-7 NOTE Approved as EN 62351-7
IEC 62351-8:2020 NOTE Approved as EN IEC 62351-8:2020 (not modified)
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments)
applies.
NOTE 1 Where an International Publication has been modified by common modifications, indicated by (mod),
the relevant EN/HD applies.
NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available
here: www.cencenelec.eu.
Publication Year Title EN/HD Year
IEC/TS 62351-1 2007 Power systems management and associated - -
information exchange - Data and communications
security - Part 1: Communication network and system
security - Introduction to security issues
IEC/TS 62351-2 2008 Power systems management and associated - -
information exchange - Data and communications
security - Part 2: Glossary of terms
IEC 62351-9 - Power systems management and associated - -
information exchange - Data and communications
security - Part 9: Cyber security key management for
power system equipment
ISO/IEC 9594-8 2020 Information technology - Open systems - -
interconnection - Part 8: The Directory: Public-key and
attribute certificate frameworks
RFC 5246 2008 The Transport Layer Security (TLS) Protocol - -
Version 1.2
RFC 5280 2008 Internet X.509 Public Key Infrastructure Certificate - -
and Certificate Revocation List (CRL) Profile
RFC 5288 2008 AES Galois Counter Mode (GCM) Cipher Suites for - -
TLS
RFC 5289 2008 TLS Elliptic Curve Cipher Suites with SHA-256/384 - -
and AES Galois Counter Mode (GCM)
RFC 5746 2010 Transport Layer Security (TLS) Renegotiation - -
Indication Extension
RFC 6066 2011 Transport Layer Security (TLS) Extensions: Extension - -
Definitions
RFC 6176 2011 Prohibiting Secure Sockets Layer (SSL) Version 2.0 - -
RFC 8422 2018 ECC Cipher Suites for TLSv1.2 and earlier - -
RFC 8446 2018 The TLS Protocol Version 1.3 - -
RFC 9150 2021 TLS 1.3 Authentication and Integrity only Cipher - -
Suites
IEC 62351-3 ®
Edition 2.0 2023-06
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Power systems management and associated information exchange – Data and
communications security –
Part 3: Communication network and system security – Profiles including TCP/IP
Gestion des systèmes de puissance et échanges d’informations associés –
Sécurité des communications et des données –
Partie 3: Sécurité des réseaux et des systèmes de communication – Profils
comprenant TCP/IP
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 33.200 ISBN 978-2-8322-6935-0
– 2 – IEC 62351-3:2023 © IEC 2023
CONTENTS
FOREWORD . 5
INTRODUCTION . 7
1 Scope . 8
1.1 Scope . 8
1.2 Intended audience . 8
2 Normative references . 9
3 Terms, definitions and abbreviated terms . 9
3.1 Terms and definitions . 9
3.2 Abbreviated terms . 10
4 Security issues addressed by this document . 10
4.1 General . 10
4.2 Security threats countered . 11
4.3 Attack methods countered . 11
4.4 Handling of security events . 12
5 Overview of differences in TLS versions . 12
5.1 General . 12
5.2 Main differences between TLSv1.2 and TLSv1.3 . 12
5.3 Cipher suite naming . 13
5.4 Backward compatibility . 14
5.5 Extensions . 14
6 Generic requirements . 15
6.1 General . 15
6.2 Signalling of supported TLS versions . 15
6.3 Usage of non-encrypting cipher suites . 16
6.4 Certificate support . 17
6.4.1 Support of multiple trust anchors . 17
6.4.2 Certificate size . 17
6.4.3 Certificate exchange . 17
6.4.4 Public-key certificate validation . 18
6.5 Co-existence with non-secure protocol traffic . 21
7 Requirements specific to TLSv1.2. 21
7.1 General . 21
7.2 Supported cipher suites . 21
7.3 Disallowed cipher suites . 22
7.4 Key exchange . 22
7.4.1 General . 22
7.4.2 Key exchange mechanisms . 22
7.4.3 Cryptographic algorithms . 22
7.4.4 Session resumption . 24
7.4.5 Session renegotiation . 25
7.5 Support of extensions . 26
7.5.1 General . 26
7.5.2 TLS session renegotiation extension . 26
7.5.3 Signalling of client supported CA certificates via Trusted CA . 27
7.5.4 Signalling of supported signature algorithms . 27
7.5.5 Stapling of OCSP response messages . 28
IEC 62351-3:2023 © IEC 2023 – 3 –
7.5.6 Signalling of intended target TLS server via Server Name Indication . 29
7.5.7 Support of encryption before authentication . 29
8 Requirements specific to TLSv1.3. 30
8.1 General . 30
8.2 Supported cipher suites . 30
8.3 Key exchange . 30
8.3.1 General . 30
8.3.2 Handshake modes . 31
8.3.3 Diffie-Hellman Groups . 32
8.3.4 Signature algorithms . 32
8.4 Session key update (post-handshake message) . 33
8.5 New session ticket (post-handshake message) . 34
8.6 Session resumption . 34
8.7 Certificate validation . 34
8.8 Support of extensions . 35
8.8.1 General . 35
8.8.2 Signalling of supported TLS versions . 35
8.8.3 Cookie . 35
8.8.4 Signalling of supported signature algorithms . 35
8.8.5 Signalling of supported groups . 36
8.8.6 Signalling of key share . 36
8.8.7 Signalling of intended target TLS server via Server Name Indication . 36
8.8.8 Signalling of supported certificate authorities . 37
8.8.9 Support of PSK based key agreement . 37
8.8.10 Stapling of OCSP response messages . 37
8.8.11 Signalling of early data . 38
9 Optional security measure support. 38
10 Conformance . 38
10.1 General . 38
10.2 Notation . 38
10.3 Conformance to selected TLS versions . 38
10.4 Conformance to certificate handling . 39
10.5 Conformance to TLSv1.2 specifics . 39
10.5.1 Conformance to selected cipher suites . 39
10.5.2 Conformance to cryptographic algorithm support . 40
10.5.3 Conformance to TLSv1.2 session management features . 40
10.5.4 Conformance to selected TLSv1.2 extensions . 41
10.6 Conformance to TLSv1.3 specifics . 41
10.6.1 Conformance to selected TLSv1.3 cipher suites. 41
10.6.2 Conformance to selected TLSv1.3 session management features . 42
10.6.3 Conformance to selected TLSv1.3 extensions . 44
10.6.4 Conformance to selected TLSv1.3 post-handshake messages . 44
Annex A (informative) Security Events . 46
A.1 Security event logs . 46
A.2 Mapping of TLS events related to the TLS handshake . 46
A.3 Mapping of TLS events related to the certificate handling . 48
Bibliography . 49
– 4 – IEC 62351-3:2023 © IEC 2023
Figure 1 – Definition of cipher suites according to TLSv1.2 (RFC 5246) . 14
Figure 2 – Definition of cipher suites according to TLSv1.3 (RFC 8446) . 14
Table 1 – Support of cipher suites for TLSv1.2. 21
Table 2 – Support of cipher suites for TLSv1.3. 30
Table 3 – Support of PSK-based handshake modes for TLSv1.3 . 31
Table 4 – Support of Diffie Hellman Groups for TLSv1.3 . 32
Table 5 – Supported signature algorithms for the handshake in TLSv1.3 . 32
Table 6 – Supported signature algorithms for the certificates in TLSv1.3 . 33
Table 7 – Conformance to TLS versions . 38
Table 8 – Conformance to certificate support . 39
Table 9 – Conformance to TLSv1.2 usable cipher suites . 40
Table 10 – Conformance to cryptographic algorithm support . 40
Table 11 – Conformance to TLSv1.2 session management features. 41
Table 12 – Conformance to TLSv1.2 handshake extensions . 41
Table 13 – Conformance to TLSv1.3 cipher suites . 42
Table 14 – Conformance to handshake modes of TLSv1.3 . 42
Table 15 –Conformance to early data feature (0-RTT) of TLSv1.3 . 42
Table 16 – Conformance to supported Diffie Hellman Groups in TLSv1.3 . 43
Table 17 – Conformance to supported signature algorithms for the handshake in
TLSv1.3 . 43
Table 18 – Conformance to supported signature algorithms for the certificates in
TLSv1.3 . 44
Table 19 – Conformance to TLSv1.3 extensions . 44
Table 20 – Conformance to post-handshake messages of TLSv1.3 . 45
Table A.1 – Security event logs related to TLS handshake defined in IEC 62351-3:—
(Ed.2) mapped to IEC 62351-14 . 46
Table A.2 – Security event logs related to certificate validation defined in IEC 62351-3
Ed.2 mapped to IEC 62351-14 . 48
IEC 62351-3:2023 © IEC 2023 – 5 –
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
POWER SYSTEMS MANAGEMENT AND ASSOCIATED INFORMATION
EXCHANGE – DATA AND COMMUNICATIONS SECURITY –
Part 3: Communication network and system security –
Profiles including TCP/IP
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international
co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and
in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports,
Publicly Available Specifications (PAS) and Guides (hereafter referred to as "IEC Publication(s)"). Their
preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with
may participate in this preparatory work. International, governmental and non-governmental organizations liaising
with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for
Standardization (ISO) in accordance with conditions determined by agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence between
any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent
rights. IEC shall not be held responsible for identifying any or all such patent rights.
IEC 62351-3 has been prepared by IEC technical committee 57: Power systems management
and associated information exchange. It is an International Standard.
This second edition cancels and replaces the first edition published in 2014, Amendment 1:2018
and Amendment 2:2020. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous
edition:
a) Inclusion of the TLSv1.2 related parameter required in IEC 62351-3 Ed.1.2 to be specified
by the referencing standard. This comprises the following parameter:
• Mandatory TLSv1.2 cipher suites to be supported.
• Specification of session resumption parameters.
• Specification of session renegotiation parameters.
– 6 – IEC 62351-3:2023 © IEC 2023
• Revocation handling using CRL and OCSP.
• Handling of security events.
b) Inclusion of a TLSv1.3 profile to be applicable for the power system domain in a similar way
as for TLSv1.2 session.
The text of this International Standard is based on the following documents:
Draft Report on voting
57/2578/FDIS 57/2593/RVD
Full information on the voting for its approval can be found in the report on voting indicated in
the above table.
The language used for the development of this International Standard is English.
This document was drafted in accordance with ISO/IEC Directives, Part 2, and developed in
accordance with ISO/IEC Directives, Part 1 and ISO/IEC Directives, IEC Supplement, available
at www.iec.ch/members_experts/refdocs. The main document types developed by IEC are
described in greater detail at www.iec.ch/publications.
NOTE The following print types are used:
• Abstract Syntax Notation One (ASN.1) are presented in courier new and bold courier new
A list of all parts in the IEC 62351 series, published under the general title Power systems
management and associated information exchange – Data and communications security, can
be found on the IEC website.
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under webstore.iec.ch in the data related to the
specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
IMPORTANT – The "colour inside" logo on the cover page of this document indicates that it
contains colours which are considered to be useful for the correct understanding of its
contents. Users should therefore print this document using a colour printer.
IEC 62351-3:2023 © IEC 2023 – 7 –
INTRODUCTION
This edition of IEC 62351-3 is a self-contained document profiling the usage of TLS for to secure
power system communication. It is recommended to refer to this edition of this document rather
than any previous edition, because this edition updates the utilized cryptographic algorithms
(ciphersuites), provides enhanced functionality, and covers different TLS versions. In contrast
to previous editions, this document specifies all necessary TLS specific settings and does not
require the referencing standard to define specific settings for TLS.
Note that the recommendation to use this edition, potentially also with older referencing
standards, requires technical support by implementations of the TLS settings specified in this
edition of the document.
– 8 – IEC 62351-3:2023 © IEC 2023
POWER SYSTEMS MANAGEMENT AND ASSOCIATED INFORMATION
EXCHANGE – DATA AND COMMUNICATIONS SECURITY –
Part 3: Communication network and system security –
Profiles including TCP/IP
1 Scope
1.1 Scope
This part of IEC 62351 specifies how to provide confidentiality, integrity protection, and
message level authentication for protocols that make use of TCP/IP as a message transport
layer and utilize Transport Layer Security when cyber-security is required. This may relate to
SCADA/telecontrol, protection, automation and control protocols.
IEC 62351-3 specifies how to secure TCP/IP-based protocols through constraints on the
specification of the messages, procedures, and algorithms of Transport Layer Security (TLS)
(TLSv1.2 defined in RFC 5246, TLSv1.3 defined in RFC 8446). In the specific clauses, there
will be subclauses to note the differences and commonalities in the application depending on
the target TLS version. The use and specification of intervening external security devices (e.g.,
"bump-in-the-wire") are considered out-of-scope.
In contrast to previous editions of this document, this edition is self-contained in terms of
completely defining a profile of TLS. Hence, it can be applied directly, without the need to
specify further TLS parameters, except the port number, over which the communication will be
performed. Therefore, this part can be directly utilized from a referencing standard and can be
combined with further security measures on other layers. Providing the profiling of TLS without
the need for further specifying TLS parameters allows declaring conformity to the described
functionality without the need to involve further IEC 62351 documents.
This document is intended to be referenced as a normative part of other IEC standards that
have the need for providing security for their TCP/IP-based protocol exchanges under similar
boundary conditions. However, it is up to the individual protocol security initiatives to decide if
this document is to be referenced.
The document also defines security events for specific conditions, which support error handling,
security audit trails, intrusion detection, and conformance testing. Any action of an organization
in response to events to an error condition described in this document are beyond the scope of
this document and are expected to be defined by the organization’s security policy.
This document reflects the security requirements of the IEC power systems management
protocols. Should other standards bring forward new requirements, this document may need to
be revised.
1.2 Intended audience
The initial audience for this document is intended to be experts developing or making use of
protocols in the field of power systems management and associated information exchange. For
the measures described in this document to take effect, they must be accepted and referenced
by the specifications of protocols making use of TCP/IP security by applying TLS. This
document is written to enable that process.
The subsequent audience for this document is intended to be the developers of products that
implement these protocols.
IEC 62351-3:2023 © IEC 2023 – 9 –
Portions of this document may also be of use to managers and executives in order to understand
the purpose and requirements of the work.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies.
For undated references, the latest edition of the referenced document (including any
amendments) applies.
IEC TS 62351-1:2007, Power systems management and associated information exchange –
Data and communications security – Part 1: Communication network and system security –
Introduction to security issues
IEC TS 62351-2:2008, Power systems management and associated information exchange –
Data and communications security – Part 2: Glossary of terms
IEC 62351-9, Power systems management and associated information exchange – Data and
communications security – Part 9: Cyber security key management for power system equipment
ISO/IEC 9594-8:2020 | Rec. ITU-T X.509 (2019), Information technology – Open systems
interconnection – The Directory: Public-key and attribute certificate frameworks
RFC 5246:2008, The TLS Protocol Version 1.2
RFC 5280:2008, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation
List (CRL) Profile
RFC 5288:2008, AES Galois Counter Mode (GCM) Cipher Suites for TLS
RFC 5289:2008, TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter
Mode (GCM)
RFC 5746:2010, Transport Layer Security (TLS) Renegotiation Indication Extension
RFC 6066:2011, Transport Layer Security Extensions
RFC 6176:2011, Prohibiting Secure Sockets Layer (SSL) Version 2.0
RFC 8422:2018, ECC Cipher Suites for TLSv1.2 and earlier
RFC 8446:2018, The TLS Protocol Version 1.3
RFC 9150:2021, TLS 1.3 Authentication and Integrity only Cipher Suites
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in IEC TS 62351-2 and the
following apply.
___________
This is typically referred to as SSL/TLS.
– 10 – IEC 62351-3:2023 © IEC 2023
ISO and IEC maintain terminological databases for use in standardization at the following
addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
3.2 Abbreviated terms
ACSE Association Control Service Element
AEAD Authenticated Encryption with Associated Data
BCP Best Current Practice
CRL Certificate Revocation List
DER Distinguished Encoding Rules
DH(E) Diffie Hellman (Ephemeral) Key Agreement (see also IEC 62351-9)
ECDH(E) Elliptic Curve based Diffie Hellman (Ephemeral) Key Agreement (see also
IEC 62351-9)
ECDSA Elliptic Curve Digital Signature Algorithm
IV Initialization Vector
MAC Message Authentication Code
MitM Man-in-the-Middle (type of attack)
OCSP Online Certificate Status Protocol (see RFC 6960)
PICS Protocol Implementation Conformance Statement
PIXIT Protocol Implementation eXtra Information for Testing
PSK Pre-shared key
TLS Transport Layer Security
4 Security issues addressed by this document
4.1 General
The IEC power system environment has different operational requirements from many
Information Technology (IT) applications that make use of TLS to protect the transport of
information over a TCP/IP connection. This requires on one hand the management of
certificates used to authenticate entities, which is handled in IEC 62351-9. On the other hand,
specific TLS related security parameters such as selected cipher suites, session management
parameter and utilized extensions need to be defined, which is the focus of this document. One
main difference in the application of TLS in the power system domain is the duration of the
TCP/IP connection for which security needs to be maintained. Besides this it also has to be
considered that the equipment in power system automation is long lasting. This may also require
supporting older versions of TLS or cipher suites to retain backward compatibility.
Many IT protocols have short duration connections, which allow the encryption algorithms to be
renegotiated at connection re-establishment. However, the connections within a telecontrol
environment tend to have longer durations, often "permanent". It is the longevity of connections
in the field of power systems management and associated information exchange that give rise
to the need for specific consideration. In this regard, in order to provide protection for the
"permanent" connections, a mechanism for updating the session key is selected within this
document, based upon existing TLS features. Note that TLSv1.2 and TLSv1.3 support different
approaches for rekeying.
IEC 62351-3:2023 © IEC 2023 – 11 –
TLS allows for a wide variety of settings such as selected cipher suites to protect the handshake
and the record layer protocol, which are negotiated during connection establishment. It also
supports session management mechanisms to setup new sessions or renew existing sessions.
To ensure interoperability between different implementations, this document specifies a
common set of TLS features to be supported by conforming implementations.
TLS has evolved and is available in version 1.3. In version 1.3 several parts of the protocol
have been reworked, resulting in a protocol, which is functionally not backward compatible to
TLSv1.2. As the first message exchange is defined in a backward compatible way, the TLS
server may be able to switch to either version, depending on the security policy.
Additionally, this document specifies the use of particular TLS capabilities that allow for specific
security threats to be countered (see also 4.2). Specifically, TLS allows the definition of
extensions to the protocol to mitigate potential protocol vulnerabilities or to enhance protocol
functionality. This specification makes use of already-defined extensions.
Note that TLS utilizes X.509 certificates (see also ISO/IEC 9594-8 or RFC 5280) for
authentication and key agreement. In the context of this document the term certificate always
relates to public-key certificates (in contrast to attribute certificates).
NOTE It is assumed that the certificate management necessary to operate TLS is addressed in accordance with
IEC 62351-9.
4.2 Security threats countered
See IEC TS 62351-1 for a discussion of security threats and attack methods.
TCP/IP and the security specifications in this document cover only the communication transport
layers (OSI layers 4 and lower). Specifically, TLS protects the transported messages from OSI
layer 5 and above in a transparent way. This document does not cover security functionality
specific for the communication application layers (OSI layers 5 and above) or application-to-
application security. This is defined in other parts of IEC 62351, e.g., IEC 62351-4 for MMS,
IEC 62351-5 for serial communication and telecontrol, and IEC 62351-6 for (R)GOOSE and
(R)SV.
NOTE The application of TLS as profiled in this document supports the protection of information sent over a TLS
protected connection.
The specific threats countered in this document for the transport layer include:
– Tampering (unauthorized modification or insertion of messages) is addressed by mutual,
certificate-based authentication of the communication participants, and TLS packet-level
integrity protection.
Additionally, when the information has been identified as requiring confidentiality protection:
– Unauthorized access to information through TLS packet-level encryption of the messages.
4.3 Attack methods countered
The following security attack methods are countered through the appropriate implementation of
the specifications and recommendations in this document.
– Impersonation: This threat is countered through the use of mutual authentication based on
X.509 certificates during the TLS handshake and digitally signed information as revocation
information.
– Man-in-the-middle (MitM): This threat is countered for the TLS record layer through the use
of cryptographic checksums (MAC) based on mutually authenticated negotiation of session
keys. These keys are set up during the TLS handshake. Protection against MitM attacks
during the TLS handshake phase itself is provided by the Finish message, ending the
handshake phase. This message is encrypted and contains a hash value over all messages
– 12 – IEC 62351-3:2023 © IEC 2023
exchanged in the handshake. In addition, TLSv1.3 already provides cryptographic protection
of the handshake messages directly (except the ClientHello).
– Replay: This threat is countered by the application of a MAC for integrity protection on a per
packet bases including a sequence number to detect an actual replay.
– Eavesdropping: This threat is countered through the use of encryption cipher suites, when
negotiating TLS record layer security.
NOTE The actual performance characteristics of an implementation claiming conformance to this part of the
IEC 62351 series are out-of-scope of this document.
4.4 Handling of security events
Throughout the document security events are defined. These security events are intended to
support error handling and thus to increase system resilience. Implementations should provide
a mechanism for announcing security events to an evaluation system. A recommended standard
is IEC 62351-4.
The information about security events and potential detailed information can only be provided
by the entity based on the availability of this information through the underlying platform or
utilized components.
It is recommended that the security events defined throughout this document are made
available to the operational infrastructure by cyber security events as specified in IEC 62351-14
or by monitoring objects as specified in IEC 62351-7. Annex A provides a mapping of the
defined events in this document to the notion of IEC 62351-14.
Note that notice, warnings, errors, and alarms are used to indicate the severity of an event from
a security point of view. The following notion from IEC 62351-14 is used:
– A notice refers to a cyber security related activity during the routine use or maintenance of
an entity. It does not relate to a cyber security breach or attack or deviation from the normal
operating condition of an entity.
– A warning is a deviation from the normal opera
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.
Loading comments...