Power systems management and associated information exchange - Data and communications security - Part 7: Network and System Management (NSM) data object models

IEC 62351-7:2017 defines network and system management (NSM) data object models that are specific to power system operations. These NSM data objects will be used to monitor the health of networks and systems, to detect possible security intrusions, and to manage the performance and reliability of the information infrastructure. The goal is to define a set of abstract objects that will allow the remote monitoring of the health and condition of IEDs (Intelligent Electronic Devices), RTUs (Remote Terminal Units), DERs (Distributed Energy Resources) systems and other systems that are important to power system operations. This new edition constitutes a technical revision and includes the following significant technical changes with respect to IEC TS 62351-7 (2010): NSM object data model reviewed and enriched; UML model adopted for NSM objects description; SNMP protocol MIBs translation included as Code Components. The Code Components included in this IEC standard are also available as electronic machine readable file at: http://www.iec.ch/tc57/supportdocuments/IEC_62351-7.MIBS.light.zip.

Datenmodelle, Schnittstellen und Informationsaustausch für Planung und Betrieb von Energieversorgungsunternehmen – Daten- und Kommunikationssicherheit - Teil 7: Datenobjektmodelle für Netzwerk- und Systemmanagement (NSM)

Gestion des systèmes d’alimentation et échange d’informations associées - Sécurité des données et des communications - Partie 7: Modèles d’objets de données pour la gestion des réseaux et systèmes (NSM)

IEC 62351-7:2017 définit des modèles d’objets de données de gestion de réseaux et de systèmes (NSM – network and system management) spécifiques aux opérations des systèmes de puissance. Ces objets de données NSM servent à surveiller la bonne santé des réseaux et des systèmes afin de détecter les intrusions de sécurité potentielles, et de gérer les performances et la fiabilité de l’infrastructure d’information. L’objectif est de définir un ensemble d’objets abstraits qui permet de surveiller à distance la bonne santé des appareils électroniques intelligents (IED – Intelligent Electronic Devices), des terminaux à distance (RTU – Remote Terminal Units), des systèmes de ressources énergétiques décentralisées (DER – Distributed Energy Resources) et des autres systèmes importants pour les opérations des opérations des systèmes de puissance. Cette édition de l’IEC 62351-7 annule et remplace l’IEC TS 62351-7 parue en 2010. Cette nouvelle édition constitue une révision technique et inclut les modifications techniques majeures suivantes par rapport à l'IEC TS 62351-7:2010: a) revue et enrichissement du modèle de données d’objets NSM; b) adoption du modèle UML pour la description des objets NSM; c) traduction des MIB de protocole SNMP inclus comme composants codés. Les composants codés inclus dans la présente norme IEC sont également disponibles sous forme d’un fichier électronique lisible sur machine: http://www.iec.ch/tc57/supportdocuments/IEC_62351-7.MIBS.light.zip.

Upravljanje elektroenergetskega sistema in pripadajoča izmenjava informacij - Varnost podatkov in komunikacij - 7. del: Podatkovni modeli pri upravljanju omrežij in sistemov (NSM)

Ta del standarda IEC 62351 opredeljuje podatkovne modele pri upravljanju omrežij in sistemov (NSM), ki se nanašajo na delovanje elektroenergetskega sistema. Ti podatkovni modeli pri upravljanju omrežij in sistemov bodo uporabljeni za nadziranje ustreznega delovanja omrežij in sistemov, odkrivanje morebitnih varnostnih vdorov ter za upravljanje zmogljivosti in zanesljivosti informacijske infrastrukture. Cilj je določiti niz abstraktnih predmetov, ki bodo omogočili oddaljeno nadzorovanje ustreznosti in stanja inteligentnih elektronskih naprav (IED), daljinskih terminalskih enot (RTU), sistemov distribuiranih virov energije (DER) in drugih sistemov, ki so pomembni za delovanje elektroenergetskega sistema. Delovanje elektroenergetskega sistema je vse bolj odvisno od informacijskih infrastruktur, vključno s komunikacijskimi omrežji, inteligentnimi elektronskimi napravami in samoopredeljenimi komunikacijskimi protokoli. Zaradi tega je upravljanje informacijske infrastrukture postalo ključno za zagotavljanje potrebnih visokih ravni varnosti in zanesljivosti delovanja elektroenergetskega sistema.
Telekomunikacijska infrastruktura, ki je v uporabi za prenos protokolov daljinskega vodenja in avtomatizacijo, je že pod nadzorom za spremljanje ustreznosti in stanja s pomočjo konceptov, že razvitih v standardih za upravljanje omrežij, ki obravnavajo protokol za upravljanje naprav v omrežju IETF (SNMP). Toda za posebne naprave v elektroenergetskem sistemu (npr. zaščita na daljavo, daljinsko vodenje, avtomatizacija razdelilne naprave, sinhroni faznik, inverterji in zaščite) so namesto tega potrebne posebne rešitve za nadzor ustreznosti njihovega delovanja.
Ti podatkovni modeli pri upravljanju omrežij in sistemov zagotavljajo nadzorne podatke za protokole IEC, ki se uporabljajo za elektroenergetski sistem (IEC 61850, IEC 60870-5-104) ter za okoljski in varnostni status določenih naprav. Kot izpeljanka standarda IEC 60870-5-104 je IEEE 1815 DNP3 prav tako vključen na seznam nadzorovanih protokolov. Podatkovni modeli pri upravljanju omrežij in sistemov upoštevajo dogovor glede poimenovanj za IEC 61850, ki dodatno obravnava vprašanja v zvezi s temi modeli. Zaradi splošnosti teh podatkovnih objektov in vrst podatkov, iz katerih so sestavljeni, so opredeljeni kot abstraktni modeli podatkovnih objektov. Poleg abstraktnega modela je za integracijo nadzora nad napravami elektroenergetskega sistema v okolju upravljanja omrežij in sistemov v tem delu IEC 62351 potrebna preslikava objektov na protokol za upravljanje naprav v omrežju, ki je del upravljanja informacijske baze (MIB).
Objekti, ki jih že zajema obstoječe upravljanje informacijske baze, tukaj niso opredeljeni, vendar se zanje predvideva, da so skladni z obstoječimi standardi za upravljanje informacijskih baz.

General Information

Status
Published
Publication Date
14-Dec-2017
Withdrawal Date
14-Dec-2020
Current Stage
6060 - Document made available - Publishing
Start Date
15-Dec-2017
Completion Date
15-Dec-2017

Relations

Buy Standard

Standard
EN 62351-7:2018 - BARVE! POZOR: del standarda IEC so tudi zip datoteke: "IEC-62351-7.MIBS.full" in "IEC-62351-7.MIBS.light"
English language
237 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-marec-2018
8SUDYOMDQMHHOHNWURHQHUJHWVNHJDVLVWHPDLQSULSDGDMRþDL]PHQMDYDLQIRUPDFLM
9DUQRVWSRGDWNRYLQNRPXQLNDFLMGHO3RGDWNRYQLPRGHOLSULXSUDYOMDQMX
RPUHåLMLQVLVWHPRY 160
Power systems management and associated information exchange - Data and
communications security - Part 7: Network and System management (NSM) data object
models
Ta slovenski standard je istoveten z: EN 62351-7:2017
ICS:
29.240.30 Krmilna oprema za Control equipment for electric
elektroenergetske sisteme power systems
35.240.50 Uporabniške rešitve IT v IT applications in industry
industriji
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN 62351-7
NORME EUROPÉENNE
EUROPÄISCHE NORM
December 2017
ICS 33.200
English Version
Power systems management and associated information
exchange - Data and communications security -
Part 7: Network and System Management (NSM) data object
models
(IEC 62351-7:2017)
Gestion des systèmes d'alimentation et échange Datenmodelle, Schnittstellen und Informationsaustausch für
d'informations associées - Sécurité des données et des Planung und Betrieb von Energieversorgungsunternehmen
communications - Partie 7: Modèles d'objets de données - Daten- und Kommunikationssicherheit -
pour la gestion des réseaux et systèmes (NSM) Teil 7: Netzwerk und System-Management (NSM) Daten-
(IEC 62351-7:2017) Objekt-Modelle
(IEC 62351-7:2017)
This European Standard was approved by CENELEC on 2017-08-22. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden,
Switzerland, Turkey and the United Kingdom.

European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2017 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN 62351-7:2017 E
European foreword
The text of document 57/1857/FDIS, future edition 1 of IEC 62351-7, prepared by IEC/TC 57 "Power
systems management and associated information exchange" was submitted to the IEC-CENELEC
parallel vote and approved by CENELEC as EN 62351-7:2017.

The following dates are fixed:
(dop) 2018-06-15
• latest date by which the document has to be
implemented at national level by
publication of an identical national
standard or by endorsement
• latest date by which the national (dow) 2020-12-15
standards conflicting with the
document have to be withdrawn
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.

This document has been prepared under a mandate given to CENELEC by the European Commission
and the European Free Trade Association.
Endorsement notice
The text of the International Standard IEC 62351-7:2017 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standards indicated:

IEC 61850-7-2 NOTE Harmonized as EN 61850-7-2.
IEC 61850-7-4 NOTE Harmonized as EN 61850-7-4.
IEC 61850-8-1 NOTE Harmonized as EN 61850-8-1.
IEC 61850-9-2 NOTE Harmonized as EN 61850-9-2.
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications

The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments)
applies.
NOTE 1  Where an International Publication has been modified by common modifications, indicated by (mod), the relevant
EN/HD applies.
NOTE 2  Up-to-date information on the latest versions of the European Standards listed in this annex is available here:
www.cenelec.eu.
Publication Year Title EN/HD Year

IEC/TS 62351-1 -  Power systems management and - -
associated information exchange - Data
and communications security -
Part 1: Communication network and
system security - Introduction to security
issues
IEC/TS 62351-2 -  Power systems management and - -
associated information exchange - Data
and communications security -
Part 2: Glossary of terms
IEC 62351-3 -  Power systems management and EN 62351-3 -
associated information exchange - Data
and communications security -
Part 3: Communication network and
system security - Profiles including TCP/IP
1 2
IEC 62351-4 -  Power systems management and prEN 62351-4 -
associated information exchange -
Data and communications security -
Part 4: Profiles including MMS
IEC/TS 62351-5 -  Power systems management and - -
associated information exchange - Data
and communications security -
Part 5: Security for IEC 60870-5 and
derivatives
IEC/TS 62351-8 -  Power systems management and - -
associated information exchange - Data
and communications security -
Part 8: Role-based access control
IEC 62351-9 -  Power systems management and EN 62351-9 -
associated information exchange - Data
and communications security -
Part 9: Cyber security key management for
power system equipment
Under preparation. Stage at the time of publication: IEC CDV 62351-4:2017.
Under preparation. Stage at the time of publication: prEN 62351-4:2017.
Publication Year Title EN/HD Year

IEEE 754 2008 IEEE Standard for Binary Floating-Point - -
Arithmetic
IETF RFC 2578 1999 Structure of Management Information - -
Version 2 (SMIv2), April 1999,
http://tools.ietf.org/html/rfc2578
IETF RFC 3410 2002 Introduction and Applicability Statements - -
for Internet Standard Management
Framework, December 2002,
http://tools.ietf.org/rfc/rfc3410
IETF RFC 3414 2002 User-based Security Model (USM) for - -
version 3 of the Simple Network
Management Protocol (SNMPv3),
December 2002,
http://tools.ietf.org/rfc/rfc3414
IETF RFC 3826 2004 The Advanced Encryption Standard (AES) - -
Cipher Algorithm in the SNMP User-based
Security Model, June 2004, http://www.rfc-
editor.org/rfc/rfc3826
IETF RFC 4022 2005 Management Information Base for the - -
Transmission Control Protocol (TCP),
March 2005,
http://tools.ietf.org/html/rfc4022
IETF RFC 4113 2005 Management Information Base for the User - -
Datagram Protocol (UDP), June 2005,
http://tools.ietf.org/html/rfc4113
IETF RFC 4292 2006 IP Forwarding Table MIB, April 2006, - -
http://www.rfc-editor.org/rfc/rfc4292
IETF RFC 4293 2006 Management Information Base for the - -
Internet Protocol (IP), April 2006,
http://tools.ietf.org/rfc/rfc4293
IETF RFC 4898 2007 TCP Extended Statistics MIB, May 2007, - -
http://tools.ietf.org/rfc/rfc4898
IETF RFC 5132 2007 IP Multicast MIB, December 2007, - -
http://tools.ietf.org/rfc/rfc5132
IETF RFC 5905 2010 Network Time Protocol Version 4: Protocol - -
and Algorithms Specification, June 2010,
http://tools.ietf.org/rfc/rfc5905
IETF RFC 5590 2009 Transport Subsystem for the Simple - -
Network Management Protocol (SNMP),
June 2009, http://tools.ietf.org/rfc/rfc5590
IETF RFC 5591 2009 Transport Security Model for the Simple - -
Network Management Protocol (SNMP),
June 2009, http://tools.ietf.org/rfc/rfc5591
IETF RFC 5592 2009 Secure Shell Transport Model for the - -
Simple Network Management Protocol
(SNMP), June 2009, http://www.rfc-
editor.org/rfc/rfc5592
Publication Year Title EN/HD Year

IETF RFC 5953 2010 Transport Layer Security (TLS) Transport - -
Model for the Simple Network
Management Protocol (SNMP), August
2010, http://www.rfc-editor.org/rfc/rfc5953
IETF RFC 6347 2012 Datagram Transport Layer Security - -
Version 1.2, January 2012,
http://tools.ietf.org/rfc/rfc6347
IETF RFC 6353 2011 Transport Layer Security (TLS) Transport - -
Model for the Simple Network
Management Protocol (SNMP), July 2011,
http://tools.ietf.org/rfc/rfc6353
IETF RFC 7860 2016 HMAC-SHA-2, Authentication Protocols in - -
User-Based Security Model (USM) for
SNMPv3, April 2016,
http://tools.ietf.org/rfc/rfc7860

IEC 62351-7 ®
Edition 1.0 2017-07
INTERNATIONAL
STANDARD
colour
inside
Power systems management and associated information exchange – Data and

communications security –
Part 7: Network and System Management (NSM) data object models

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 33.200 ISBN 978-2-8322-4442-5

– 2 – IEC 62351-7:2017 © IEC 2017
CONTENTS
FOREWORD . 8
1 Scope . 10
2 Normative references . 10
3 Terms and definitions . 12
4 Abbreviated terms and acronyms . 13
5 Overview of Network and System Management (NSM) . 14
5.1 Objectives . 14
5.2 NSM concepts. 15
5.2.1 Simple Network Management Protocol (SNMP) . 15
5.2.2 ISO NSM categories . 15
5.2.3 NSM “data objects” for power system operations . 16
5.2.4 Other NSM protocols . 16
5.3 Communication network management . 16
5.3.1 Network configuration . 16
5.3.2 Network backup . 17
5.3.3 Communications failures and degradation . 17
5.4 Communication protocols . 18
5.5 End systems management . 18
5.6 Intrusion detection systems (IDS) . 19
5.6.1 IDS guidelines . 19
5.6.2 IDS: Passive observation techniques . 20
5.6.3 IDS: Active security monitoring architecture with NSM data objects . 20
5.7 End-to-end security . 21
5.7.1 End-to-end security concepts. 21
5.7.2 Role of NSM in end-to-end security . 22
5.8 NSM requirements: detection functions . 24
5.8.1 Detecting unauthorized access . 24
5.8.2 Detecting resource exhaustion as a denial of service (DoS) attack . 24
5.8.3 Detecting invalid buffer access DoS attacks . 25
5.8.4 Detecting tampered/malformed PDUs . 25
5.8.5 Detecting physical access disruption . 25
5.8.6 Detecting invalid network access . 25
5.8.7 Detecting coordinated attacks . 26
5.9 Abstract object and agent UML descriptions. 26
5.9.1 Purpose of UML . 26
5.9.2 Abstract types and base types .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.