DOCSLIB.ORG

Author Information Only

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Author Information Only Cyber Security Practical considerations for implementing IEC 62351 Frank Hohlbaum, Markus Braendle, Fernando Alvarez ABB [email protected] Switzerland 1. Introduction Two trends are currently changing substation automation systems: IEC 61850 and the need for increased cyber security. IEC 61850 has gained global acceptance by both vendors as well as customers. Cyber security on the other hand has quickly become one of the most dominant topics for control systems in general and electrical utilities in particular. The combination of the two, securing IEC 61850 based communications, has been one of the goals of the recently published technical specification IEC 62351. In the authors‟ view IEC 62351 is overall a good starting point and will be the future standard to help secure IEC 61850 communication. However, there are some shortcomings of the current standard and some challenges that need to be addressed before IEC 62351 can be implemented and gain wide acceptance. This paper will highlight the challenge of addressing secure communication in the substation real-time environment, complying with the IEC 61850 real-time specifications. The major difficulties are to reach the performance defined in IEC 61850 for GOOSE and SV data with today‟s proposed technical specification defined for IEC 62351 part 6. In chapter 2, we will give a short overview about the structure of IEC 61850 as well as the detailed performance requirements for the various data types. Chapter 3 will present an introduction of the IEC 62351 standard including the used methods to secure the IEC 61850 communication. Chapter 4 will then show the major implementation issues of IEC 62351 part 6. Chapters 5 and 6 highlight two of the main remaining challenges: interoperability and manageability of security solutions. This paper focuses on IEC61850 based systems, security, however, must be addressed for all computer systems and communication. Most of the challenges mentioned in this paper are not limited to IEC61850 based systems, but are general in nature. Even system based on serial communications can not work properly without any security measures. 2. IEC 61850 Overview IEC 61850 is the first and only global standard that considers all communication needs within the substation automation environment. The standard defines strict interoperability rules between functions and devices, independent of the device manufacturer, providing protection, monitoring, control and automation. IEC 61850 was published as a standard by IEC in fourteen parts between 2003 and 2005 [1]. In the meantime this standard has gained global acceptance and several thousands of substations worldwide have been energized. The standardization activity has reached a next step and the Edition II of IEC 61850 should be available by end of 2010. Due to the fact that the technical specification IEC 62351 is not jet finalized, security is not finally addressed in IEC 61850 Edition II but it will come in a later step. A key feature of IEC 61850 is that it separates the application from the communication by means of an abstract interface. A domain-specific, object oriented function and device model describes the application data with all services needed. The functions can be allocated freely to different devices. As shown in Figure 1 the stack, selected from mainstream communication technology, comprises MMS (Manufacturing Message Specification) over TCP/IP and Ethernet. The object model is mapped in a standardized way to the MMS application layer, but time critical messages pass directly to the link layer of Ethernet. Specific performance classes are defined for the different communication methods. Figure 1: IEC61850 Communication Services Overview Goose messages like trip, interlocking and inter-trip signals belong to the fast messages which should be transmitted within 10ms (Performance Class P1). For some signals event within 3ms (Performance Class P2/3) are specified. For Sampled Values (SV) the IEC61850-5 standard defines several performance classes for raw data messages from digitizing transducers and digital instrument transformers. Figure 2: Performance classes for raw data messages used for metering As show in Figure 2 the performance classes starts with class M1 (sample rate of 1,5 kHz) refers to revenue metering with accuracy class 0.5, performance class M2 (sample rate of 4 kHz) refers to revenue metering with accuracy class 0.2 and performance class M3 (sample rate of 12 kHz) refers to quality metering . Therefore the devices have to process the raw data each 666 us in performance class M1, each 250 us in performance class M2 and each 83 us in performance class M3. For Client - Server communication there are no explicit timing requirements defined but nevertheless IEC 61850 clients have to receive several hundreds of event from the various protection and control IED‟s. Any security standard that attempts to secure IEC 61850 based traffic must take these performance requirements into account. The fast response times that are required for some of the communication types coupled with the limited processing capabilities of some of the device (e.g. IEDs) present a clear challenge. We will look at these challenges in the following sections and analyze if and how IEC 62351 addresses them. 3. Introduction to IEC 62351 The scope of the IEC 62351 series is information security for power system control operations. Its primary objective is to undertake the development of standards for security of the communication protocols defined by IEC TC 57, specifically the IEC 60870-5 series, the IEC 60870-6 series, the IEC 61850 series, the IEC 61970 series, and the IEC 61968 series. The IEC 62351 standard is currently divided into 8 parts. As shown in Table 1 parts 1 - 6 are officially categorized as TS (technical specification) and released by IEC. Parts 7 and 8 are currently under development, with the current state of part 7 being “Circulated Draft Technical Specification” (CDTS) and Part 8 being “Draft approved for Committee Draft with Vote” (ACDV). In addition two new work item proposals (NWP) exist to address "Key management (certificate handling)” and “Security Architecture”. Part Title Status 1 Communication network and system security – TS Introduction to security issues 2 Glossary of terms TS 3 Security for profiles including TCP/IP TS 4 Profiles including MMS TS 5 Security for IEC 60870-5 and derivatives TS 6 Security for IEC 61850 TS 7 Network and system management (NSM) data object CDTS models 8 Role-Based Access Control ACDV Key Management (Certificate Handling) NWP Security Architecture NWP Table 1: Overview of IEC 62351 standard series In this paper we will focus mainly on parts 3, 4, and 6, with an emphasis on part 6 because it defines specific requirements for IEC 61850 based communications. As discussed in the previous section IEC 61850 communications can be divided into client server (i.e. MMS) and real time (i.e. GOOSE and Sample Values) communications. IEC 62351 provides different methods for securing the different communication types: MMS (IEC 61850-8-1): securing MMS traffic is done on the application and the transport level. Peer authentication is performed on the application level by carrying authentication information in the ACSE AARQ and AARE PDUs [2]. Authentication information comprises a X.509 encoded certificate, a time stamp and the digitally signed time value. For security on the transport layer IEC 62351 refers to TLS [4]. It specifies to us port 3782 for secure communications instead of standard port 102. It also specifies a set of mandatory and recommended cipher suites to be used, at a minimum TLS_DH_DSS_WITH_AES_256_SHA1 and TLS_DH_RSA_WITH_AES_128_SHA2 must be supported. GOOSE / Sampled Values: security of real-time traffic is limited to message authentication, i.e. use encryption is not specified. Message authentication is defined by extending the GOOSE / SV PDUs with an authentication value that is calculated by signing a SHA256 hash using RSA [3]. Certificate exchange is not done as part of the messages; X.509 encoded certificates must be pre-installed on the receiving nodes. 1 Specified in IEC 62351-4 2 Specified in IEC 62315-6 Protocol extensions to the affected communication standards are required in order to actually be able to implement IEC 62351. IEC 61850 does not yet include these necessary extensions in its current release. The upcoming Edition II will also not completely cover this because IEC 62351 is not yet finalized. 4. Performance issues in IEC 62351 Part 6 Performance impacts should always be considered for any communication infrastructure before introducing encryption and / or message authentication. This is particularly true if asymmetric cryptography, real-time traffic or systems with limited resources are involved. In case of securing GOOSE and SV using IEC 62315 all three constraints apply: Embedded devices such as Protection & Control IEDs or RTUs typically have little computational power (as compared to personal computers or servers) and only a (small) portion can be made available to functionality other than protection and control. In addition, changing or upgrading hardware is not an easy task for embedded devices that potentially have a very long lifetime. Security solutions for embedded devices should therefore not require major hardware changes. For both GOOSE and SV strict real-time constraints exist – 3ms response time for GOOSE and sampling rates up to 12 kHz for Sampled Values. IEC 62351, as of today, specifies the use of digital signatures (asymmetric cryptography using RSA) to authenticate broadcast GOOSE and SV packets We focus our attention in this discussion on the performance impact on securing real-time traffic as specified in IEC 62351 part 6, in particular the signing of the hash value using the RSA algorithm. The calculation of the SHA256 hash value as well as the verification of the digital signature is considerably less CPU intense and therefore omitted for the moment. In a first step implementing digital signatures in software was analyzed.
Load more

Recommended publications
  • An Introduction to Integrated Process and Power Automation
    Power Up Your Plant An introduction to integrated process and power automation Jeffrey Vasel ABB, Inc. June 30, 2010 Rev 1 Abstract This paper discusses how a single integrated system can increase energy efficiency, improve plant uptime, and lower life cycle costs. Often referred to as Electrical Integration, Integrated Process and Power Automation is a new system integration architecture and power strategy that addresses the needs of the process and power generation industries. The architecture is based on Industrial Ethernet standards such as IEC 61850 and Profinet as well as Fieldbus technologies. Emphasis is placed on tying the IEC 61850 substation automation standard with the process control system. The energy efficiency gains from integration are discussed in a power generation use case. In this use case, energy efficiency is explored with integrated variable frequency drives, improved visibility into power consumption, and energy efficiency through faster plant startup times. Demonstrated capital expenditure (CAPEX) savings is discussed in a cost avoidance section where a real world example of wiring savings is described. Lastly, a power management success story from a major oil and gas company, Petrobras, is discussed. In this case, Petrobras utilized integrated process and power automation to lower CAPEX, operational expenditure (OPEX), and explore future energy saving opportunities. Executive Summary Document ID: 3BUS095060 Page 1 Date: 6/30/2010 © Copyright 2010 ABB. All rights reserved. Pictures, schematics and other graphics contained herein are published for illustration purposes only and do not represent product configurations or functionality. Executive Summary Document ID: 3BUS095060 Page 2 Date: 6/30/2010 © Copyright 2010 ABB.
    [Show full text]
  • A Survey on Vulnerabilities and Countermeasures in the Communications of the Smart Grid
    electronics Review A Survey on Vulnerabilities and Countermeasures in the Communications of the Smart Grid Jesús Lázaro 1,* , Armando Astarloa 1, Mikel Rodríguez 2, Unai Bidarte 1 and Jaime Jiménez 1 1 UPV/EHU, 48015 Bilbao, Spain; [email protected] (A.A.); [email protected] (U.B.); [email protected] (J.J.) 2 System-on-Chip Engineering, 48950 Erandio, Spain; [email protected] * Correspondence: [email protected] Abstract: Since the 1990s, the digitalization process has transformed the communication infras- tructure within the electrical grid: proprietary infrastructures and protocols have been replaced by the IEC 61850 approach, which realizes interoperability among vendors. Furthermore, the latest networking solutions merge operational technologies (OTs) and informational technology (IT) traffics in the same media, such as time-sensitive networking (TSN)—standard, interoperable, deterministic, and Ethernet-based. It merges OT and IT worlds by defining three basic traffic types: scheduled, best-effort, and reserved traffic. However, TSN demands security against potential new cyberattacks, primarily, to protect real-time critical messages. Consequently, security in the smart grid has turned into a hot topic under regulation, standardization, and business. This survey collects vulnerabilities of the communication in the smart grid and reveals security mechanisms introduced by international electrotechnical commission (IEC) 62351-6 and how to apply them to time-sensitive networking. Citation: Lázaro, J.; Astarloa, A.; Keywords: IEC 62351-6; smart grid; time-sensitive networking; IEC 61950 Rodríguez, M.; Bidarte U.; Jiménez, J. A Survey on Vulnerabilities and Countermeasures in the Communications of the Smart Grid. 1. Introduction Electronics 2021, 10, 1881.
    [Show full text]
  • Integration Ecosystems Panel (Howard Self)
    Howard Self, ABB , Program Manager Smart Grid, May 10, 2017 GMLC Interoperability Technical Meeting © ABB June 6, 2017 | Slide 1 Utility Network Control Overview Transmission – 1970 - 1995 SCADA‪ Control Center Proprietary‪ Protocols Harris‪ 5000 CDC‪ I & II Conitel‪ 2020/3000 Telegyr‪ 6500/8979 Valmet‪ III & V PG&E‪ 2179 SES‪ 92 © ABB June 6, 2017 | Slide 2 Microprocessor Evolution(Integration Nightmare) 1988-1996, RS232,RS485 – 9600 Baud Relay/IEDs‪ Regulator‪ Controller RTU/Data‪ Concentrator GETAC‪ 2179‪ Incom‪ /Modbus ASCII Incom‪ Meter‪ IED PLC/Data‪ Concentrator SEL‪ ASCII Modbus/DNP‪ © ABB June 6, 2017 | Slide 3 The Birth of DNP3 1992-1994 through today o Open, non-proprietary o SBO (Select Before Operate) o Accurate Time Sync and Time Stamped Data o Quality flags, Internal Indications o Multiple Data Formats o Layer Separation (Link, transport, application) o Quiescent, Report-by-exception, polling o File transfer o UDP/TCP o Secure Authentication V2/V5 © ABB June 6, 2017 | Slide 4 The Need for Speed Inside the substation o Modbus Plus – 1 mb/s (Serial Taken ring) o Modbus TCP/IP – 10/100 mb/s o Profibus – 12mbs o DNP/IP – 10/100mbs o LON o UCA – 10/100 mb/s (Client/Server, Peer-to-peer) o IEC 61850 – 10/100 mb/s (Client/Server, Peer-to- peer, Sample measured Values) © ABB June 6, 2017 | Slide 5 Introduction UCA 2.0/IEC 61850 start-up UCA Project Origin: . Utility Communications Architecture (UCA) - enterprise-wide unified scheme to share all operating and management information . 1994 - EPRI member utilities called for common standard for IEDs in substations .
    [Show full text]
  • IEC 62351-7 ® Edition 1.0 2017-07
    This is a preview - click here to buy the full publication IEC 62351-7 ® Edition 1.0 2017-07 INTERNATIONAL STANDARD colour inside Power systems management and associated information exchange – Data and communications security – Part 7: Network and System Management (NSM) data object models INTERNATIONAL ELECTROTECHNICAL COMMISSION ICS 33.200 ISBN 978-2-8322-4442-5 Warning! Make sure that you obtained this publication from an authorized distributor. ® Registered trademark of the International Electrotechnical Commission This is a preview - click here to buy the full publication – 2 – IEC 62351-7:2017 © IEC 2017 CONTENTS FOREWORD ........................................................................................................................... 8 1 Scope ............................................................................................................................ 10 2 Normative references .................................................................................................... 10 3 Terms and definitions .................................................................................................... 12 4 Abbreviated terms and acronyms ................................................................................... 13 5 Overview of Network and System Management (NSM) .................................................. 14 5.1 Objectives ............................................................................................................. 14 5.2 NSM concepts......................................................................................................
    [Show full text]
  • Smart Reconfiguration of Distribution Grids Using Agent-Based Technology
    FACULDADE DE ENGENHARIA DA UNIVERSIDADE DO PORTO Smart Reconfiguration of Distribution Grids using Agent-based Technology Matheus Macedo Lopes Dissertation conducted under the Master’s in Electrical and Computers Engineering Program - Major Energy Supervisor: Prof. Vladimiro Miranda , Ph.D. Co-Supervisor: Prof. Diego Issicaba , Ph.D. July 28, 2016 © Matheus Macedo Lopes, 2016 Resumo As manobras de isolamento para reconfiguração em redes de distribuição de média tensão são tradicionalmente manuais ou dependem de decisões tomadas pelos operadores de rede. A abor- dagem proposta assume uma arquitetura onde os agentes interagem em um ambiente de rede de distribuição simulado a partir do estabelecimento de metas projetadas seguindo o paradigma de orientação mulit-agente. A aplicação é implementada de tal forma que agentes AgentSpeak in- teragem entre eles através de uma comunicação baseada em ato de fala/comunicação, bem como com um ambiente desenvolvido em linguagem JAVA. Neste contexto, esta tese propõe a modelagem e verificação de soluções baseadas em agentes para apoiar as operações de reconfiguração em redes de distribuição em nível de média tensão. A metodologia foi utilizada para apoiar as actividades dos operadores de redes de distribuição por meio de planos de restabelecimento de energia para ajudar em casos de falhas permanentes. As abordagens empregadas para arquitetura de agentes para a reconfiguração foram baseadas em modelo hierárquico e uma abordagem totalmente descentralizada. A capabilidade dos agentes foram desenvolvidas prevendo as possiveis aplicações do sistema de distribuição com foco em procedimentos de gestão des interrupções de service. As abordagens foram testadas em um ali- mentador teste trifásico do IEEE de 123 nós.
    [Show full text]
  • Introduction to IEC 61850
    IEC 61850 - Communication Networks and Systems in Substations: An Overview of Computer Science Jianqing Zhang and Carl A. Gunter University of Illinois at Urbana-Champaign Agenda • Overview • Data modeling approach • Communication model • Communication service mapping • Sampled measured values • Configuration description language • Conclusion • Reference 2 Background I: Power Substation 3 Intelligent Electronic Device • Microprocessor-based controllers of power system equipment – e.g. circuit breaker, protective relay… • Receive digitalized data from sensors and power equipment • Issue control commands in case of anomalies to maintain the desired status of power grid – e.g. tripping circuit breakers 4 Why Standards Are Needed • Interoperability and Integration – No standard for data representation or how devices should look and behave to network applications • Intuitive device and data modeling and naming – Hierarchical and structured, rather than plain formatted • Fast and convenient communication • Lower cost for installation, configuration and maintenance – Wire connected legacy devices 5 History of IEC 61850 UCA: Utility Communication Architecture • Protocols • Data models • Abstract service definitions GOAL: One International Standard IEC 61850 IEC 60870-5 • A communication profile for sending basic telecontrol messages between two systems • Based on permanent directly connected data circuits 6 IEC 61850 Substation Architecture • IEC61850-enabled IEDs get digitalized power grid condition data via process bus and merge units • IEDs communicate with each other using substation buses • Legacy devices use IEC61850 wrapper 7 Core Components of IEC 61850 • An object model describing the information available from the different primary equipment and from the substation automation functions – Abstract definitions of services, data and Common Data Class, independent of underlying protocols • A specification of the communication between the IEDs of the substation automation system.
    [Show full text]
  • Add Ons for Simatic PCS 7
    © Siemens AG 2015 Add-ons for the SIMATIC PCS 7 Process Control System SIMATIC PCS 7 Catalog Edition ST PCS 7 AO 2015 Answers for industry. Umschlag_STPCS7AO_2015_xx.indd 3 20.08.2015 10:51:57 © Siemens AG 2015 Related catalogs SIMATIC ST PCS 7 SITRAIN ITC SIMATIC PCS 7 Training for Industry Process Control System System components Only available in German E86060-K4678-A111-C1-7600 E86060-K6850-A101-C4 SIMATIC ST PCS 7 T Products for Automation and Drives CA 01 SIMATIC PCS 7 Interactive Catalog, DVD Process Control System Technology components E86060-K4678-A141-A2-7600 E86060-D4001-A510-D4-7600 SIMATIC ST 70 Industry Mall Products for Information and Ordering Platform Totally Integrated Automation in the Internet: E86060-K4670-A101-B5-7600 www.siemens.com/industrymall SIMATIC HMI / ST 80/ST PC PC-based Automation Human Machine Interface Systems PC-based Automation E86060-K4680-A101-C2-7600 Industrial Communication IK PI SIMATIC NET E86060-K6710-A101-B8-7600 Process Automation FI 01 Field Instruments for Process Automation PDF (E86060-K6201-A101-B9-7600) Process Automation AP 01 Process Analytical Instruments PDF (E86060-K3501-A101-B2-7600) Weighing Technology WT 10 Products for Weighing Technology E86060-K6410-A101-A4-7600 © Siemens AG 2015 Add-ons for the SIMATIC PCS 7 Process Control System SIMATIC PCS 7 Information and management systems 1 Advanced Process Control 2 Operator control and monitoring 3 Libraries/blocks/tools 4 Catalog ST PCS 7 AO · 2015 Supersedes: Distributed I/O on PROFIBUS 5 Catalog ST PCS 7 AO · 2013 Refer to the Industry Mall for current updates of this catalog: Diagnostics www.siemens.com/industrymall 6 and as PDF at the following address: www.siemens.com/stpcs7ao The products contained in this catalog can also be found in the Interactive Catalog CA 01.
    [Show full text]
  • Preview - Click Here to Buy the Full Publication
    This is a preview - click here to buy the full publication IEC/TR 62351-10 ® Edition 1.0 2012-10 TECHNICAL REPORT colour inside Power systems management and associated information exchange – Data and communications security – Part 10: Security architecture guidelines INTERNATIONAL ELECTROTECHNICAL COMMISSION PRICE CODE X ICS 33.200 ISBN 978-2-83220-419-1 Warning! Make sure that you obtained this publication from an authorized distributor. ® Registered trademark of the International Electrotechnical Commission This is a preview - click here to buy the full publication – 2 – TR 62351-10 © IEC:2012(E) CONTENTS FOREWORD ........................................................................................................................... 4 INTRODUCTION ..................................................................................................................... 6 1 Scope ............................................................................................................................... 7 2 Normative references ....................................................................................................... 7 3 Terms, definitions and abbreviations ................................................................................ 7 3.1 Terms and definitions .............................................................................................. 7 3.2 Abbreviations .......................................................................................................... 7 4 Power systems – specifics and related
    [Show full text]
  • ASE 61850 Suite
    ASE 61850 Suite Applied Systems Engineering, Inc. now offers the ASE 61850 Suite to meet all your IEC 61850 compliance and management needs. The ASE 61850 Suite is powered by the ASE 61850 Communications TestSet, SCL Manager and IED Smart. ASE 61850 COMMUNICATIONS TESTSET The ASE 61850 Communications TestSet simplifies access to IEC 61850 environments and devices. It allows easy identification of equipment on the network by either scanning for connected devices or entering specific device network addresses. GOOSE messages and report data from the devices are displayed as received. Individual data nodes may be selected for monitoring, and information from GOOSE, reports, and scans are updated in a single view. The ASE-61850 TestSet provides a user interface familiar to our many ASE2000 V2 Communications TestSet product users. ASE 61850 SCL MANAGER (SUBSTATION CONFIGURATION ENGINEERING MANAGEMENT) ASE 61850 SCL Manager is a vendor agnostic, comprehensive graphical tool that allows the user to create, configure, view and edit all substation elements, and its data models specified in the IEC 61850 Substation Configuration Language specification. Capabilities and Functions • Helps create, import and export SCD/SSD/SED/ICD/IID SCL files with SLD Info • Creates architectures for substations, wind/hydro power plants and distributed energy resources (DER) and defines complete system specifications • Links different Intelligent Electronic Devices (IEDs) and their logical functions to substation specifications • Supports IEC 61850 Ed. 1.0 and Ed.
    [Show full text]
  • ABB Review Special Report: IEC 61850
    The corporate ABB technical journal review IEC 61850: The new approach 7 Products for the standard 16 Verification and validation 23 Case studies of IEC 61850 38 Special Report IEC 61850 Communication is more than ex- changing data; it means globally understandable information based on syntax and semantic. This is behind IEC 61850, the topic of this issue of ABB Review Special Report. Electric energy is the backbone of our global society. Its reliable sup- ply from conventional and renew- able sources via complex networks requires seamless control that is only possible with the help of a standard providing a high-level and compre- hensive description of the information exchanged. ABB serves the power system with substations as well as utility automation solutions. Learn more about IEC 61850 and ABB’s commitment from the onset both to developing the standard and imple- menting it in products and system solutions. 2 ABB review special report Contents 7 The concept of IEC 61850 Background A new approach for communication in substation automation and beyond 13 Common denominator Innovation and Common components have helped ABB adopt the IEC 61850 substation communication standard in record time development 16 Pushing the limits ABB product development based on the IEC 61850 standard 23 Verified and validated ABB has its own system verification and validation center 29 A testing environment ABB’s comprehensive suite of software testing and commissioning tools for substation automation systems 33 Next generation substations Smarter Impact of
    [Show full text]
  • Technical Specifications, Technical Reports, Publicly Available Specifications (PAS) and Guides (Hereafter Referred to As “IEC Publication(S)”)
    This is a preview - click here to buy the full publication IEC/TS 62351-5 ® Edition 2.0 2013-04 TECHNICAL SPECIFICATION Power systems management and associated information exchange – Data and communications security – Part 5: Security for IEC 60870-5 and derivatives INTERNATIONAL ELECTROTECHNICAL COMMISSION PRICE CODE XE ICS 33.200 ISBN 978-2-83220-732-1 Warning! Make sure that you obtained this publication from an authorized distributor. ® Registered trademark of the International Electrotechnical Commission This is a preview - click here to buy the full publication – 2 – TS 62351-5 © IEC:2013(E) CONTENTS FOREWORD ........................................................................................................................... 6 1 Scope and object .............................................................................................................. 8 2 Normative references ....................................................................................................... 9 3 Terms and definitions ..................................................................................................... 10 4 Abbreviated terms .......................................................................................................... 11 5 Problem description (informative) ................................................................................... 11 5.1 Overview of clause ................................................................................................ 11 5.2 Specific threats addressed ...................................................................................
    [Show full text]
  • IEC 62351 Security Standards for the Power System Information Infrastructure
    IEC TC57 WG15: IEC 62351 Security Standards for the Power System Information Infrastructure Frances Cleveland, WG15 Convenor Xanthus Consulting International Contents 1. OVERVIEW: IEC TC57 WG15 SECURITY FOR POWER SYSTEM COMMUNICATIONS ................... 1 2. DUAL INFRASTRUCTURES: THE POWER SYSTEM AND THE INFORMATION SYSTEM .................. 2 3. WHY CYBERSECURITY? ............................................................................................................ 3 3.1 Legacy Approach: Security by Obscurity .......................................................................... 3 3.2 Smart Grid as Cyber-Physical Systems .............................................................................. 4 4. SECURITY CONCEPTS ............................................................................................................... 5 4.1 Security Threats ............................................................................................................... 5 4.2 Security Purposes ............................................................................................................ 5 4.3 Security Processes ........................................................................................................... 6 4.4 Security Planning ............................................................................................................. 7 4.5 Security Requirements .................................................................................................... 8 4.6 Security Attacks ..............................................................................................................
    [Show full text]