NORMSERVIS s.r.o.

IEC 62351-5-ed.1.0

Power systems management and associated information exchange - Data and communications security - Part 5: Security for IEC 60870-5 and derivatives

STANDARD published on 13.1.2023

English and French -
electronic design (pdf) (554.80 USD)

English and French -
Print design (554.80 USD)

English and French -
CD-ROM (556.50 USD)

The information about the standard:

Designation standards: IEC 62351-5-ed.1.0
Publication date standards: 13.1.2023
The number of pages: 263
Approximate weight : 820 g (1.81 lbs)
Country: International technical standard
Category: Technical standards IEC

Annotation of standard text IEC 62351-5-ed.1.0 :

IEC 62351-5:2023 defines the application profile (A-profile) secure communication mechanism specifying messages, procedures and algorithms for securing the operation of all protocols based on or derived from IEC 60870-5, Telecontrol Equipment and Systems – Transmission Protocols. For the measures described in this document to take effect, they must be accepted and referenced by the specifications for the protocols themselves. This document is written to enable that process. The subsequent audience for this document is intended to be the developers of products that implement these protocols. Portions of this document may also be of use to managers and executives in order to understand the purpose and requirements of the work. This document is organized working from the general to the specific, as follows: • Clauses 2 through 4 provide background terms, definitions, and references. • Clause 5 describes the problems this specification is intended to address. • Clause 6 describes the mechanism generically without reference to a specific protocol. • Clauses 7 and 8 describe the mechanism more precisely and are the primary normative part of this specification. • Clause 9 define the interoperability requirements for this secure communication mechanism. • Clause 10 describes the requirements for other standards referencing this document. The actions of an organization in response to events and error conditions described in this document are expected to be defined by the organization’s security policy and they are beyond the scope of this document. This International Standard cancels and replaces IEC TS 62351-5 published in 2013. It constitutes a technical revision. The primary changes in this International Standard are: a) The secure communication mechanism is performed on per controlling station/controlled station association. b) User management to add, change or delete a User, was removed. c) Symmetric method to change the Update Key was removed. d) Asymmetric method to the change Update Key was reviewed. e) Challenge/Reply procedure and concepts were removed. f) Aggressive Mode concept was replaced with the Secure Data message exchange mechanism. g) Authenticated encryption of application data was added. h) The list of permitted security algorithms has been updated. i) The rules for calculating messages sequence numbers have been updated j) Events monitoring and logging was added IEC 62351-5:2023 definit le mecanisme de communication securisee du profil dapplication (profil A) qui specifie les messages, les procedures et les algorithmes pour securiser le fonctionnement de tous les protocoles fondes sur ou derives de l’IEC 60870-5, Materiels et systemes de teleconduite – Protocoles de transmission. Pour que les mesures decrites dans le present document entrent en application, elles doivent etre acceptees et referencees par les specifications des protocoles eux-memes. Le present document est redige dans le but de permettre ce processus. Il est prevu que les lecteurs suivants du present document soient les personnes chargees d’elaborer les produits qui mettent en ouvre ces protocoles. Certaines parties du present document peuvent egalement etre utiles aux gestionnaires et aux cadres dirigeants pour comprendre le but et les exigences du travail. Ce document est organise du plus general au plus specifique, comme suit: • les Articles 2 a 4 fournissent des termes, des definitions et des references de contexte; • l’Article 5 decrit les problemes que la presente specification est destinee a traiter; • l’Article 6 decrit le mecanisme de maniere generale, sans reference a un protocole specifique; • les Articles 7 et 8 decrivent le mecanisme plus precisement. Ils constituent la partie normative principale de la presente specification; • l’Article 9 definit les exigences d’interoperabilite pour ce mecanisme de communication securisee y compris la relation entre cette norme et la CEI 62351-3 pour la securite de la couche transport; • l’Article 10 decrit les exigences des autres normes qui font reference au present document. Il est attendu que les actions d’une organisation en reponse aux evenements et conditions d’erreurs decrits dans le present document soient definies par la politique de securite de l’organisme. Elles ne relevent pas du domaine d’application du present document. Cette Norme internationale annule et remplace lIEC TS 62351-5 parue en 2013. Elle constitue une revision technique. Les modifications principales presentees dans la presente Norme internationale sont les suivantes: a) le mecanisme de communication securisee est realise par une association poste de conduite/poste teleconduit; b) la gestion des Utilisateurs, qui sert a ajouter, modifier ou supprimer un Utilisateur, a ete supprimee; c) la methode symetrique, qui sert a modifier la Cle de Mise a Jour, a ete supprimee; d) la methode asymetrique, qui sert a modifier la Cle de Mise a Jour, a ete revisee; e) la procedure et les concepts de Stimulation/Reponse ont ete supprimes; f) le concept de Mode Agressif a ete remplace par le mecanisme d’echange de messages de Donnees Securisees; g) un chiffrement authentifie des donnees d’application a ete ajoute; h) la liste des algorithmes de securite admis a ete mise a jour; i) les regles de calcul des numeros de sequence des messages ont ete mises a jour; j) la surveillance et l’enregistrement des evenements ont ete ajoutes.