EN IEC 62351-6 pdf free download

EN IEC 62351-6 pdf free download.Power systems management and associated information exchange – Data and communications security – Part 6: Security for IEC 61850.
4 Security issues addressed by this document
4.1 Operational issues affecting choice of security options
For applications using Layer 2 IEC 61850-8-1 GOOSE and Layer 2 IEC 61850-9-2 Sampled Value and requiring 3 ms response times, multicast configurations and low CPU overhead, encryption is not recommended. Instead, the communication path selection process (e.g. the fact that Layer 2 GOOSE and SV are supposed to be restricted to a logical substation LAN) shall be used to provide confidentiality for information exchanges. However, this document does define a mechanism for allowing confidentiality for applications where the 3 ms delivery criterion is not a concern.
NOTE The actual performance characteristics of an implementation claiming conformance to this technical specification is outside the scope of this document.
With the exception of confidentiality, this document sets forth a mechanism that allows coexistence of secure and non-secure PDUs.
4.2 Security threats countered
See IEC TS 62351-1 for a discussion of security threats and attack methods.
If encryption is not employed, then the specific threats countered in this clause include:
. unauthorized modification (tampering) of information through message level authentication of the messages.
If encryption is employed, then the specific threats countered in this clause include:
. unauthorized access to information through message level authentication and encryption of the messages;
. unauthorized modification (tampering) or theft of information through message level authentication and encryption of the messages.
. information disclosure is countered.
4.3 Attack methods countered
The following security attack methods are intended to be countered through the appropriate implementation of the specifications/recommendations found within this document:
• man-in-the-middle: this threat will be countered through the use of a Message Authentication Code mechanism specified within this document;
• tamper detection/message integrity: These threats will be countered through the algorithm used to create the authentication mechanism as specified within this document;
• replay: this threat will be countered through the use of specialized processing machines specified within IEC 6235 1-4 and this document.
5 Correlation of IEC 61850 parts and IEC 62351 parts
5.1 General
There are four levels of interaction between the parts of the IEC 62351 series and parts of the IEC 61850 series. This part is concerned with the:
• Communication profile security regarding:
— IEC 6 1850-8-1 Application Profile for Client/Server communications.
— IEC 6 1850-8-2 Application Profile for Client/Server communications.
— lEO 61850-8-1 Layer 2 T-Profile for GOOSE/GSE
— IEC 6 1850-8-1 Layer 2 T-Profile for Multicast Sampled Values
— IEC 61850-8-1 Layer 3 Routable GOOSE and Sampled Values
• Configuration extensions required for configuration of the Application and Transport communication profiles of concern. These extensions would impact IEC 61850-6.
• Object definitions, regarding security and identification, that are exposed at run-time as part of the IEC 6 1850-8-1 and IEC 61850-8-2 object mappings.
• The binding of Originator ID values to authenticated peers for Client/Server services.
The scope of this document provides security specifications for use within an Electronic Security
Perimeter (ESP) and between ESPs.
5.2 IEC 61850-8-1 Profile for ClientlServer communications
5.2.1 General
IEC 61850 implementations claiming conformance to this specification and declaring support for the lEG 61850-8-1 profile utilizing TCP/IP and ISO 9506 (MMS) shall implement Clauses 5 and 6 of IEC 62351-4:2020.
IEC 6 1850-8-1 specifies the use of MMS within a substation. However, the scope of this specification provides security specifications for use within the substation and external to the substation (e.g. Control Centre to Substation).EN IEC 62351-6 pdf download.