https://rs-485.com/index.php?action=history&feed=atom&title=IEC_62351IEC 62351 - Revision history2026-05-03T23:04:58ZRevision history for this page on the wikiMediaWiki 1.42.3https://rs-485.com/index.php?title=IEC_62351&diff=1581&oldid=prevRS-485: Imported from Wikipedia (overwrite)2026-05-03T13:52:14Z<p>Imported from Wikipedia (overwrite)</p>
<p><b>New page</b></p><div>{{Short description|Cyber security in power management systems}}<br />
{{Use British (Oxford) English|date=December 2011}}<br />
'''IEC 62351''' is a standard developed by WG15 of [[International Electrotechnical Commission|IEC]] [[IEC TC 57|TC57]]. This is developed for handling the security of TC 57 series of protocols including [[IEC 60870-5]] series, [[IEC 60870-6]] series, [[IEC 61850]] series, [[IEC 61970]] series & [[IEC 61968]] series. The different security objectives include authentication of data transfer through [[digital signatures]], ensuring only authenticated access, prevention of [[eavesdropping]], prevention of playback and [[Spoofing attack|spoofing]], and [[Intrusion detection system|intrusion detection]].<br />
<br />
==Standard details==<br />
* ''IEC 62351-1'' — Introduction to the standard<br />
* ''IEC 62351-2'' — Glossary of terms<br />
* ''IEC 62351-3 Ed. 2'' — Security for any profiles including [[TCP/IP]]. Current edition was published 06/2023, replacing edition 1.2.<br />
** [[Transport Layer Security|TLS]] Encryption<br />
** Node Authentication by means of [[X.509|X.509 certificates]]<br />
** Message Authentication<br />
* ''IEC 62351-4'' — Security for any profiles including [[Manufacturing Message Specification|MMS]] (e.g., ICCP-based [[IEC 60870-6]], [[IEC 61850]], etc.).<br />
** Authentication for MMS<br />
** TLS (RFC 2246)is inserted between RFC 1006 & RFC 793 to provide transport layer security<br />
* ''IEC 62351-5'' — Security for any profiles including [[IEC 60870-5]] (e.g., [[DNP3]] derivative)<br />
** TLS for TCP/IP profiles and encryption for serial profiles.<br />
* ''IEC 62351-6'' — Security for [[IEC 61850]] profiles.<br />
** [[VLAN]] use is made as mandatory for [[GOOSE]]<br />
** RFC 2030 to be used for SNTP<br />
* ''IEC 62351-7'' — Security through network and system management.<br />
** Defines [[Management Information Base]] (MIBs) that are specific for the power industry, to handle network and system management through [[SNMP]] based methods.<br />
* ''IEC 62351-8'' — Role-based access control.<br />
** Covers the access control of users and automated agents to data objects in power systems by means of role-based access control ([[RBAC]]).<br />
* ''IEC 62351-9'' — Key Management<br />
** Describes the correct and safe usage of safety-critical parameters, e.g. passwords, encryption keys.<br />
** Covers the whole life cycle of cryptographic information (enrollment, creation, distribution, installation, usage, storage and removal). <br />
** Methods for algorithms using asymmetric cryptography<br />
*** Handling of [[Public_key_certificate|digital certificates ]] (public / private key) <br />
*** Setup of the [[Public_key_infrastructure|PKI]] environment with [[X.509|X.509 certificates]]<br />
*** Certificate enrollment by means of [[Simple_Certificate_Enrollment_Protocol|SCEP]] / [[Enrollment over Secure Transport|EST]], while allowing the use of other enrollment protocols<br />
*** [[Certificate revocation]] by means of [[Revocation_list|CRL]] / [[Online_Certificate_Status_Protocol|OCSP]]<br />
** A secure distribution mechanism based on [[Group_Domain_of_Interpretation|GDOI]] and the [[Internet_Key_Exchange|IKEv1]] protocol is presented for the usage of symmetric keys, e.g. session keys.<br />
* ''IEC 62351-10'' — Security Architecture<br />
** Explanation of security architectures for the entire IT infrastructure<br />
** Identifying critical points of the communication architecture, e.g. substation control center, substation automation<br />
** Appropriate mechanisms security requirements, e.g. data encryption, user authentication<br />
** Applicability of well-proven standards from the IT domain, e.g. VPN tunnel, secure FTP, HTTPS<br />
* ''IEC 62351-11'' — Security for XML Files<br />
** Embedding of the original XML content into an XML container<br />
** Date of issue and access control for XML data<br />
** X.509 signature for authenticity of XML data<br />
** Optional data encryption<br />
<br />
==See also==<br />
* [[IEC TC 57]]<br />
* [[List of IEC technical committees]]<br />
<br />
== External links ==<br />
* [http://ipcomm.de/protocol/IEC62351/en/sheet.html Application of the IEC 62351 at IPCOMM GmbH]<br />
* [https://web.archive.org/web/20150924001524/http://www.epri.com/abstracts/Pages/ProductAbstract.aspx?ProductId=000000003002003738 Report about the implementation of IEC 62351-7]<br />
* {{IEC|62351}}<br />
{{List of International Electrotechnical Commission standards}}<br />
{{List of automation protocols}}<br />
[[Category:IEC standards|#62351]]<br />
[[Category:Electric power]]<br />
[[Category:Computer network security]]</div>RS-485