Power systems management and associated information exchange - Data and communications security - Part 6: Security for IEC 61850

IEC 62351-6:2020 specifies messages, procedures, and algorithms for securing the operation of all protocols based on or derived from the IEC 61850 series. This document applies to at least those protocols listed below: IEC 61850-8-1 Communication networks and systems for power utility automation – Part 8-1: Specific communication service mapping (SCSM) – Mappings to MMS (ISO/IEC 9506-1 and ISO/IEC 9506-2) and to ISO/IEC 8802-3 IEC 61850-8-2 Communication networks and systems for power utility automation – Part 8-2: Specific communication service mapping (SCSM) – Mapping to Extensible Messaging Presence Protocol (XMPP) IEC 61850-9-2 Communication networks and systems for power utility automation – Part 9-2: Specific communication service mapping (SCSM) – Sampled values over ISO/IEC 8802-3 IEC 61850-6 Communication networks and systems for power utility automation – Part 6: Configuration description language for communication in power utility automation systems related to IEDs The initial audience for this document is intended to be the members of the working groups developing or making use of the protocols listed in Table 1. For the measures described in this specification to take effect, they must be accepted and referenced by the specifications for the protocols themselves. This document is written to enable that process. The subsequent audience for this document is intended to be the developers of products that implement these protocols. Portions of this document may also be of use to managers and executives in order to understand the purpose and requirements of the work.

Energiemanagementsysteme und zugehöriger Datenaustausch - IT-Sicherheit für Daten und Kommunikation - Teil 6: Sicherheit für IEC 61850

Gestion des systèmes de puissance et échanges d'informations associés - Sécurité des communications et des données - Partie 6: Sécurité pour l'IEC 61850

IEC 62351-6:2020 spécifie les messages, procédures et algorithmes qui permettent de sécuriser le fonctionnement de tous les protocoles fondés sur ou dérivés de la série IEC 61850. Les premiers utilisateurs auxquels s’adresse le présent document sont les membres des groupes de travail qui développent ou utilisent les protocoles répertoriés dans le Tableau 1. Pour que les mesures décrites dans la présente spécification soient mises en œuvre, elles doivent être acceptées et référencées dans les spécifications des protocoles elles-mêmes. Le présent document est rédigé afin de permettre ce traitement. Les premiers utilisateurs auxquels s’adresse le présent document sont présumés être les concepteurs de produits qui mettent en œuvre ces protocoles. Des parties du présent document peuvent aussi être utiles aux gestionnaires et aux dirigeants pour comprendre l'objectif d’une activité et les exigences correspondantes.

Upravljanje elektroenergetskega sistema in pripadajoča izmenjava informacij - Varnost podatkov in komunikacij - 6. del: Varnost za IEC 61850

General Information

Status
Published
Publication Date
03-Dec-2020
Current Stage
6060 - Document made available - Publishing
Start Date
04-Dec-2020
Completion Date
04-Dec-2020

Buy Standard

Standard
EN IEC 62351-6:2021 - BARVE
English language
37 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-februar-2021
Upravljanje elektroenergetskega sistema in pripadajoča izmenjava informacij -
Varnost podatkov in komunikacij - 6. del: Varnost za IEC 61850
Power systems management and associated information exchange - Data and
communications security - Part 6: Security for IEC 61850
Ta slovenski standard je istoveten z: EN IEC 62351-6:2020
ICS:
29.240.30 Krmilna oprema za Control equipment for electric
elektroenergetske sisteme power systems
35.240.50 Uporabniške rešitve IT v IT applications in industry
industriji
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN IEC 62351-6

NORME EUROPÉENNE
EUROPÄISCHE NORM
December 2020
ICS 33.200
English Version
Power systems management and associated information
exchange - Data and communications security - Part 6: Security
for IEC 61850
(IEC 62351-6:2020)
Gestion des systèmes de puissance et échanges Energiemanagementsysteme und zugehöriger
d'informations associés - Sécurité des communications et Datenaustausch - IT-Sicherheit für Daten und
des données - Partie 6: Sécurité pour l'IEC 61850 Kommunikation - Teil 6: Sicherheit für IEC 61850
(IEC 62351-6:2020) (IEC 62351-6:2020)
This European Standard was approved by CENELEC on 2020-11-24. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the
Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.

European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2020 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN IEC 62351-6:2020 E

European foreword
The text of document 57/2234/FDIS, future edition 1 of IEC 62351-6, prepared by IEC/TC 57 "Power
systems management and associated information exchange" was submitted to the IEC-CENELEC
parallel vote and approved by CENELEC as EN IEC 62351-6:2020.
The following dates are fixed:
• latest date by which the document has to be implemented at national (dop) 2021-08-24
level by publication of an identical national standard or by endorsement
• latest date by which the national standards conflicting with the (dow) 2023-11-24
document have to be withdrawn
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.
Endorsement notice
The text of the International Standard IEC 62351-6:2020 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following note has to be added for the standard indicated:
IEC 62351-3 NOTE Harmonized as EN 62351-3
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments)
applies.
NOTE 1  Where an International Publication has been modified by common modifications, indicated by (mod),
the relevant EN/HD applies.
NOTE 2  Up-to-date information on the latest versions of the European Standards listed in this annex is available
here: www.cenelec.eu.
Publication Year Title EN/HD Year
IEC 61850-6 - Communication networks and systems for EN 61850-6 -
power utility automation - Part 6:
Configuration description language for
communication in electrical substations
related to IEDs
IEC 61850-7-3 - Communication networks and systems for EN 61850-7-3 -
power utility automation - Part 7-3: Basic
communication structure - Common data
classes
IEC 61850-8-1 - Communication networks and systems for EN 61850-8-1 -
power utility automation - Part 8-1:
Specific communication service mapping
(SCSM) - Mappings to MMS (ISO 9506-1
and ISO 9506-2) and to ISO/IEC 8802-3
IEC 61850-8-2 - Communication networks and systems for EN IEC 61850-8-2 -
power utility automation - Part 8-2:
Specific communication service mapping
(SCSM) - Mapping to Extensible
Messaging Presence Protocol (XMPP)
IEC 61850-9-2 - Communication networks and systems for EN 61850-9-2 -
power utility automation - Part 9-2:
Specific communication service mapping
(SCSM) - Sampled values over ISO/IEC
8802-3
IEC/TS 62351-1 - Power systems management and - -
associated information exchange - Data
and communications security - Part 1:
Communication network and system
security - Introduction to security issues
Publication Year Title EN/HD Year
IEC/TS 62351-2 - Power systems management and - -
associated information exchange - Data
and communications security - Part 2:
Glossary of terms
IEC 62351-4 2020 Power systems management and - -
associated information exchange - Data
and communications security - Part 4:
Profiles including MMS and derivatives
IEC 62351-9 - Power systems management and EN 62351-9 -
associated information exchange - Data
and communications security - Part 9:
Cyber security key management for
power system equipment
ISO/IEC 13239 - Information technology - - -
Telecommunications and information
exchange between systems - High-level
data link control (HDLC) procedures
ISO/IEC 9594-8 | - Information technology - Open Systems - -
Rec. ITU-T X.509 Interconnection - The Directory - Part 8:
Public-key and attribute certificate
frameworks
RFC 2104 - HMAC: Keyed-Hashing for Message - -
Authentication
RFC 5905 - Network Time Protocol Version 4: - -
Protocol and Algorithms Specification
RFC 8052 - Group Domain of Interpretation (GDOI) - -
Protocol Support for IEC 62351 Security
Services
NIST SP 800-38D - Recommendation for Block Cipher Modes - -
of Operation - Galois/Counter Mode
(GCM) and GMAC
Restricted to SNTP profile only.
IEC 62351-6 ®
Edition 1.0 2020-10
INTERNATIONAL
STANDARD
colour
inside
Power systems management and associated information exchange –

Data and communication security –

Part 6: Security for IEC 61850

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 33.200 ISBN 978-2-8322-8766-8

– 2 – IEC 62351-6:2020 © IEC 2020
CONTENTS
FOREWORD . 4
1 Scope and object . 6
1.1 Scope . 6
1.2 Namespace name and version . 6
1.3 Code Component distribution . 7
2 Normative references . 7
3 Terms, definitions and abbreviated terms . 8
3.1 Terms and definitions . 8
3.2 Abbreviated terms . 8
4 Security issues addressed by this document . 9
4.1 Operational issues affecting choice of security options . 9
4.2 Security threats countered . 9
4.3 Attack methods countered . 9
5 Correlation of IEC 61850 parts and IEC 62351 parts . 9
5.1 General . 9
5.2 IEC 61850-8-1 Profile for Client/Server communications . 10
5.2.1 General . 10
5.2.2 Control centre to substation . 11
5.2.3 Substation communications . 11
5.3 IEC 61850 security for profiles using VLAN IDs . 11
5.4 IEC 61850-8-2 for Client/Server communications . 11
5.5 Using OriginatorID for Client/Server Services. 11
6 Multicast Association Protocols . 12
6.1 General . 12
6.2 Replay Protection . 12
6.2.1 GOOSE replay protection . 12
6.2.2 Sampled Value replay protection . 16
7 Security for SNTP . 19
8 Layer 2 security for profiles for IEC 61850-8-1 GOOSE and IEC 61850-9-2
Sampled Value . 20
8.1 Overview of Ethertype (informative) . 20
8.2 Extended PDU . 20
8.2.1 General format of extended PDU . 20
8.2.2 Format of extension octets . 21
9 Substation configuration language extensions . 25
9.1 Service capability . 25
9.1.1 Access Point support security for GOOSE Publisher . 25
9.1.2 Access Point support security for SV Publisher . 25
9.1.3 Acces Point support security for GOOSE and SMV subscriber . 25
9.1.4 Server Access Point support security for TPAA . 26
9.1.5 Client Access Point support security for TPAA . 26
9.2 Publish with security enabled . 26
9.2.1 GOOSE . 26
9.2.2 SMV . 26
9.2.3 Key Policy and Management . 27
9.3 Use of Simulation . 27

IEC 62351-6:2020 © IEC 2020 – 3 –
10 Extension of LGOS and LSVS . 27
11 Conformance . 27
11.1 General conformance . 27
11.2 Conformance for implementations claiming IEC 61850-8-1 ISO 9506 profile
security . 28
11.2.1 General . 28
11.2.2 IEC 62351-4 TLS Conformity for ISO-9506 Client/Server Profile using

ACSE Authentication . 29
11.3 Conformance for implementations claiming
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.