IEC TECHNICAL SPECIFICATION TS 62351-1 First edition 2007-05 Power systems management and associated information exchange -- Data and communications security Part 1: Communication network and system security - Introduction to security issues Reference number IEC/TS 62351-1:2007(E) Not for Resale THIS PUBLICATION IS COPYRIGHT PROTECTED Copyright @ 2007 IEC, Geneva, Switzerland All rights reserved.Unless otherwise specified, no partofthis publicationmay be reproduced or utilized in anyform or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either IEC orIEC'smemberNational Committee in the countryof therequester. If you have any questions about lEc copyright or have an enquiry about obtaining additional rights to this publication, IEC Central Office 3, rue de Varembe CH-1211 Geneva 20 Switzerland Email: [email protected] Web: www.iec.ch About the IEC The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes International Standards forallelectrical, electronic and relatedtechnologies. AboutlEcpublications The technical content of IEC publications is kept under constant review by the lEC.Please make sure that youhave the latest edition, a corrigenda or an arnendment might have been published. Catalogue of lEC publications:www.iec.ch/searchpub It also gives information on projects,withdrawn and replaced publications. - 1Ec Just Published: ww.iec.ch/online news/justpub Stay up to date on all new IEC publications. Just Published details twice a month all new publications released. Available on-line and also by email. CustomerServiceCentre:www.iec.ch/webstore/custsery If you wish to give us your feedback on this publication or need further assistance, please visit the Customer Service Centre FAQ or contact us: Email: [email protected] Tel.: +41 22 919 02 11 Fax: +41 22 919 03 00 Not for Retale IEC TECHNICAL SPECIFICATION TS 62351-1 First edition 2007-05 Power systems management and associated information exchange Data and communications security Part 1: Communication network and system security - Introduction to security issues V PRICECODE E MekAyHapoAHat3nekrpoTexHuyeckan KoMuco For price,see currenf catalogue Capyriah sefromIHS Nat for Res ale ictien or networking perrnitted wit TS 62351-1 @ IEC:2007(E) 2 CONTENTS FOREWORD Scope and object .6 1.1 Scope.. .6 1.2 Object. 6 2 Normative references Terms, definitions and abbreviations .. 4 Background for information security standards . 4.1 Rationale for addressing information security in power system operations 4.2 IEc Tc 57 data communications protocols 4.3 History of the Development of these Security Standards . 5 Security issues for the IEC 62351 series 0 5.1 General information on security. 5.2 Types of security threats ... 5.3 Security requirements, threats, vulnerabilities, attacks, and countermeasures....12 5.4 Importance of security policies ..... 19 5.5 Security risk assessment... ..20 5.6 Understanding the security requirements and impact of security measures on power system operations.... 5.7 Five-step security process.... 21 5.8 Applying securityto power system operations.... .23 Overview of the lEC 62351 series... 6 .24 6.1 Scope of the lEC 62351 series ... 24 6.2 Authentication as key security requirement.. 6.3 ObjectivesofthelEC62351series.... 24 6.4 RelationshipsbetweenthelEc62351partsandIECprotocols. 25 6.5 IEC 62351-1: Introduction... 26 IEC 62351-2: Glossary of terms... 6.6 6.7 IEC 62351-3: Profiles including TCP/IP IEC 62351-4: Security for profiles that include MMS. 6.8 28 6.9 IEC 62351-5: Security for 1EC 60870-5 and derivatives .28 6.10 EC 62351-6: Security for IEC 61850 Profiles .. 29 6.11 1EC 62351-7: Security through network and system management. 31 Conclusions.. .34 7 Bibliography.. Figure 1 - Security requirements, threats, and possible attacks.. 14 Figure 2 -- Security categories, typical attacks, and common countermeasures.. 14 Figure 3 - Confiden