EN IEC 62351-4:2018/A1:2020
(Amendment)Power systems management and associated information exchange - Data and communications security - Part 4: Profiles including MMS and derivatives
Power systems management and associated information exchange - Data and communications security - Part 4: Profiles including MMS and derivatives
Energiemanagementsysteme und zugehöriger Datenaustausch - IT-Sicherheit für Daten und Kommunikation - Teil 4: Profile einschließlich MMS und Ableitungen
Gestion des systèmes de puissance et échanges d’informations associés - Sécurité des communications et des données - Partie 4: Profils comprenant le MMS et ses dérivés
Upravljanje elektroenergetskega sistema in pripadajoča izmenjava informacij - Varnost podatkov in komunikacij - 4. del: Profili, vključno z MMS in izpeljankami - Dopolnilo A1
General Information
Relations
Standards Content (Sample)
SLOVENSKI STANDARD
01-november-2020
Upravljanje elektroenergetskega sistema in pripadajoča izmenjava informacij -
Varnost podatkov in komunikacij - 4. del: Profili, vključno z MMS in izpeljankami -
Dopolnilo A1
Power systems management and associated information exchange - Data and
communications security - Part 4: Profiles including MMS and derivatives
Energiemanagementsysteme und zugehöriger Datenaustausch - IT-Sicherheit für Daten
und Kommunikation - Teil 4: Profile einschließlich MMS und Ableitungen
Gestion des systèmes de puissance et échanges d'informations associés - Sécurité des
communications et des données - Partie 4 : Profils comprenant MMS
Ta slovenski standard je istoveten z: EN IEC 62351-4:2018/A1:2020
ICS:
29.240.30 Krmilna oprema za Control equipment for electric
elektroenergetske sisteme power systems
35.240.50 Uporabniške rešitve IT v IT applications in industry
industriji
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
EUROPEAN STANDARD EN IEC 62351-4:2018/A1
NORME EUROPÉENNE
EUROPÄISCHE NORM
September 2020
ICS 33.200
English Version
Power systems management and associated information
exchange - Data and communications security - Part 4: Profiles
including MMS and derivatives
(IEC 62351-4:2018/A1:2020)
Gestion des systèmes de puissance et échanges Energiemanagementsysteme und zugehöriger
d'informations associés - Sécurité des communications et Datenaustausch - IT-Sicherheit für Daten und
des données - Partie 4: Profils comprenant le MMS et ses Kommunikation - Teil 4: Profile einschließlich MMS und
dérivés Ableitungen
(IEC 62351-4:2018/A1:2020) (IEC 62351-4:2018/A1:2020)
This amendment A1 modifies the European Standard EN IEC 62351-4:2018; it was approved by CENELEC on 2020-08-21. CENELEC
members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this amendment the
status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This amendment exists in three official versions (English, French, German). A version in any other language made by translation under the
responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the same status as
the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the
Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2020 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN IEC 62351-4:2018/A1:2020 E
European foreword
The text of document 57/2217/FDIS, future IEC 62351-4/A1, prepared by IEC/TC 57 "Power systems
management and associated information exchange" was submitted to the IEC-CENELEC parallel vote
and approved by CENELEC as EN IEC 62351-4:2018/A1:2020.
The following dates are fixed:
• latest date by which the document has to be implemented at national (dop) 2021-05-21
level by publication of an identical national standard or by endorsement
• latest date by which the national standards conflicting with the (dow) 2023-08-21
document have to be withdrawn
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.
Endorsement notice
The text of the International Standard IEC 62351-4:2018/A1:2020 was approved by CENELEC as a
European Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standards
indicated:
IEC 61850-8-1:2011 NOTE Harmonized as EN 61850-8-1:2011 (not modified)
IEC 61850-8-2:2018 NOTE Harmonized as EN IEC 61850-8-2:2019 (not modified)
Annex ZA
(normative)
Normative references to international publications with their
corresponding European publications
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments)
applies.
NOTE 1 Where an International Publication has been modified by common modifications, indicated by (mod),
the relevant EN/HD applies.
NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available
here: www.cenelec.eu.
Replace the existing reference to ISO/IEC 9594-8 with the following reference:
Publication Year Title EN/HD Year
ITU-T X.509 - Information technology - Open systems - -
interconnection - The Directory: Public-key
and attribute certificate frameworks
IEC 62351-4 ®
Edition 1.0 2020-07
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
A MENDMENT 1
AM ENDEMENT 1
Power systems management and associated information exchange – Data and
communications security –
Part 4: Profiles including MMS and derivatives
Gestion des systèmes de puissance et échanges d'informations associés –
Sécurité des communications et des données –
Partie 4: Profils comprenant le MMS et ses dérivés
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 33.200 ISBN 978-2-8322-8520-6
– 2 – IEC 62351-4:2018/AMD1:2020
© IEC 2020
FOREWORD
This amendment has been prepared by working group 15: Data and communication security, of
IEC technical committee 57: Power systems management and associated information
exchange.
The text of this amendment is based on the following documents:
FDIS Report on voting
57/2217/FDIS 57/2233/RVD
Full information on the voting for the approval of this amendment can be found in the report on
voting indicated in the above table.
The committee has decided that the contents of this amendment and the base publication will
remain unchanged until the stability date indicated on the IEC website under
"http://webstore.iec.ch" in the data related to the specific publication. At this date, the
publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
_____________
2 Normative references
Replace the existing reference to ISO/IEC 9594-8 with the following new reference:
ISO/IEC 9594-8:2020 | Rec. ITU-T X.509 (2019), Information technology – Open Systems
Interconnection – The Directory: Public-key and attribute certificate frameworks
3 Terms and definitions
3.2.2
Replace the existing text:
[SOURCE: ISO/IEC 7498-1:1994 | Rec. ITU-T X.200:1994, 7.1.1.2]
with the following new text:
[SOURCE: ISO/IEC 7498-1:1994 | Rec. ITU-T X.200 (1994), 7.1.1.2]
Add, after 3.2.2, the following new definition and renumber subsequent subclauses accordingly:
3.2.3
alarm
security event that might be caused by an adversary
IEC 62351-4:2018/AMD1:2020 – 3 –
© IEC 2020
3.2.7
Replace the existing text:
[SOURCE: Rec. ITU-T X.217:1995, 3.5.1]
with the following new text:
[SOURCE: Rec. ITU-T X.217 (1995), 3.5.1]
3.2.11
Replace the existing text:
[SOURCE: ISO/IEC 9594-8:2017 | Rec. ITU-T X.509 (2016), 3.5.14]
with the following new text:
[SOURCE: ISO/IEC 9594-8:2020 | Rec. ITU-T X.509 (2019), 3.5.14]
3.2.12
Replace the existing text:
[SOURCE: ISO/IEC 9594-8:2017 | Rec. ITU-T X.509:2016, 3.5.21]
with the following new text:
[SOURCE: ISO/IEC 9594-8:2020 | Rec. ITU-T X.509 (2019), 3.5.21]
3.2.18
Replace the existing text:
[SOURCE: ISO/IEC 9594-8:2017 | Rec. ITU-T X.509:2016, 3.5.31]
with the following new text:
[SOURCE: ISO/IEC 9594-8:2020 | Rec. ITU-T X.509 (2019), 3.5.31]
Add, after 3.2.20, the following new definition and renumber subsequent subclauses
accordingly:
3.2.21
error
security event that is caused by bad implementation behaviour resulting in disruption of
communication
Add, after 3.2.27, the following new definition and renumber subsequent subclauses
accordingly:
3.2.28
protocol control information
information exchanged between entities of a given layer, via the service provided by the next
lower layer, to coordinate their joint operation
– 4 – IEC 62351-4:2018/AMD1:2020
© IEC 2020
3.2.29
Replace the existing text:
[SOURCE: ISO/IEC 9594-8:2017 | Rec. ITU-T X.509:2016, 3.5.57]
with the following new text:
[SOURCE: ISO/IEC 9594-8:2020 | Rec. ITU-T X.509 (2019), 3.5.58]
3.2.34
Replace the existing text:
[SOURCE: ISO/IEC 9594-8:2017 | Rec. ITU-T X.509:2016, 3.5.71]
with the following new text:
[SOURCE: ISO/IEC 9594-8:2020 | Rec. ITU-T X.509 (2019), 3.5.72]
3.3 Abbreviated terms
Add the following new abbreviation:
PCI Protocol Control Information
4.2 Security for application and transport profiles
Table 1 – Relationship between security and security measure combinations
Remove the end parenthesis in the first column, first row of Table 1.
4.5.3 Attacks countered in native mode
In the second set of bullet items, replace the existing text:
– Man-in-the-middle: This threat is countered through the use of authentication during end-
to-end association by use of digital signature and during data transfer by use of ICV.
with the following new text:
– Man-in-the-middle: This threat is countered through the use of authentication during end-
to-end association establishment by use of digital signature and during data transfer by use
of ICV.
6.2.6 Public-key certificate size
Replace the existing text of the first paragraph of 6.2.6 with the following new text:
An implementation that claims conformance to this document shall support a public-key
certificate size of minimum and maximum 8192 octets. It is a local issue if larger public-key
certificates are supported.
Add, after the first paragraph of 6.2.6, the following new paragraph:
In order to achieve interoperability of public-key certificates, it is necessary to set a maximum
allowed size for the public-key certificates exchanged by ACSE. This size shall be limited to a
maximum encoding size of 8192 octets.
IEC 62351-4:2018/AMD1:2020 – 5 –
© IEC 2020
6.3.4.1 General
Replace the existing text of the second paragraph of 6.3.4.1 with the following new text:
TLS prioritizes the proposed cipher suites in the TLS handshake according to the order in the
proposed cipher suite list in the ClientHello message. To accommodate a security policy it is
strongly recommended to have the order of proposed cipher suites according to the local
security policy. Cipher suites marked as mandatory shall be stated in the proposal list of the
ClientHello message.
6.3.4.2 Mandatory and recommended cipher suites for compatibility mode
Replace the existing text of the first paragraph of 6.3.4.2 with the following new text:
All implementations that claim conformance to IEC TS 62351-4:2007 shall support
TLS_DH_DSS_WITH_AES_256_CBC_SHA at a minimum.
Replace existing Table 2 with the following new table:
Table 2 – Commented recommended cipher suites from IEC TS 62351-4:2007
Key exchange Encryption Hash IANA Value Source Support
Algorithm Signature
TLS_RSA_ WITH_RC4_128_ SHA 0x00,0x05 RFC 2246 Disallowed (RC 4
(TLS 1.0) considered weak)
TLS_RSA_ WITH_3DES_ede_CBC_ SHA 0x00,0x0A RFC 2246 o
(TLS 1.0)
TLS_DH_ DSS_ WITH_3DES_ede_CBC_ SHA 0x00,0x0D RFC 2246 o
(TLS 1.0)
TLS_DH_ RSA_ WITH_3DES_ede_CBC_ SHA 0x00,0x10 RFC 2246 o
(TLS 1.0)
TLS_DHE_ DSS_ WITH_3DES_ede_CBC_ SHA 0x00,0x13 RFC 2246 o
(TLS 1.0)
TLS_DHE_ RSA_ WITH_3DES_ede_CBC_ SHA 0x00,0x16 RFC 2246 o
(TLS 1.0)
TLS_DH_ DSS_ WITH_AES_128_CBC_ SHA 0x00,0x30 RFC 4346 o
(TLS 1.1)
TLS_DH_ DSS_ WITH_AES_256_CBC_ SHA 0x00,0x36 RFC 4346 m
(TLS 1.1)
TLS_DH_ WITH_AES_128_CBC SHA 0x00, 0x34 RFC 4346 Disallowed
(TLS 1.1) (anonymous)
TLS_DH_ WITH_AES_256_CBC SHA 0x00, 0x3A RFC 4346 Disallowed
(TLS 1.1) (anonymous)
6.3.4.3 Mandatory and recommended cipher suites for native mode
Replace the existing text of the first paragraph of 6.3.4.3 with the following new text:
All implementations that claim conformance to the native mode shall support the mandatory
cipher suites listed in Table 3.
Replace existing Table 3 with the following new table:
– 6 – IEC 62351-4:2018/AMD1:2020
© IEC 2020
Table 3 – Cipher suites combinations in the context of this document
Key exchange Encryption Hash IANA Value Source Support
Algorithm Signature
TLS_RSA WITH_AES_128_CBC_ SHA256 0x00,0x3C RFC 5246 m
TLS_DH_ RSA_ WITH_AES_128_CBC_ SHA256 0x00,0x31 RFC 5246 o
TLS_DH_ RSA_ WITH_AES_128_GCM_ SHA256 0x00,0xA0 RFC 5288 m
[20]
TLS_DHE_ RSA_ WITH_AES_128_GCM_ SHA256 0xC0,0x9E RFC 5288 m
[20]
TLS_DH_ RSA_ WITH_AES_256_GCM_ SHA384 0x00,0xA1 RFC 5288 o
[20]
TL
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.