IEC 62351 is a standard developed by WG15 ofIECTC57. This is developed for handling the security of TC 57 series of protocols includingIEC 60870-5 series,IEC 60870-6 series,IEC 61850 series,IEC 61970 series &IEC 61968 series. The different security objectives include authentication of data transfer throughdigital signatures, ensuring only authenticated access, prevention ofeavesdropping, prevention of playback andspoofing, andintrusion detection.

• IEC 62351-1 — Introduction to the standard
• IEC 62351-2 — Glossary of terms
• IEC 62351-3 Ed. 2 — Security for any profiles includingTCP/IP. Current edition was published 06/2023, replacing edition 1.2.
  • TLS Encryption
  • Node Authentication by means ofX.509 certificates
  • Message Authentication
• IEC 62351-4 — Security for any profiles includingMMS (e.g., ICCP-basedIEC 60870-6,IEC 61850, etc.).
  • Authentication for MMS
  • TLS (RFC 2246)is inserted between RFC 1006 & RFC 793 to provide transport layer security
• IEC 62351-5 — Security for any profiles includingIEC 60870-5 (e.g.,DNP3 derivative)
  • TLS for TCP/IP profiles and encryption for serial profiles.
• IEC 62351-6 — Security forIEC 61850 profiles.
  • VLAN use is made as mandatory forGOOSE
  • RFC 2030 to be used for SNTP
• IEC 62351-7 — Security through network and system management.
  • DefinesManagement Information Base (MIBs) that are specific for the power industry, to handle network and system management throughSNMP based methods.
• IEC 62351-8 — Role-based access control.
  • Covers the access control of users and automated agents to data objects in power systems by means of role-based access control (RBAC).
• IEC 62351-9 — Key Management
  • Describes the correct and safe usage of safety-critical parameters, e.g. passwords, encryption keys.
  • Covers the whole life cycle of cryptographic information (enrollment, creation, distribution, installation, usage, storage and removal).
  • Methods for algorithms using asymmetric cryptography
    • Handling ofdigital certificates (public / private key)
    • Setup of thePKI environment withX.509 certificates
    • Certificate enrollment by means ofSCEP /EST, while allowing the use of other enrollment protocols
    • Certificate revocation by means ofCRL /OCSP
  • A secure distribution mechanism based onGDOI and theIKEv1 protocol is presented for the usage of symmetric keys, e.g. session keys.
• IEC 62351-10 — Security Architecture
  • Explanation of security architectures for the entire IT infrastructure
  • Identifying critical points of the communication architecture, e.g. substation control center, substation automation
  • Appropriate mechanisms security requirements, e.g. data encryption, user authentication
  • Applicability of well-proven standards from the IT domain, e.g. VPN tunnel, secure FTP, HTTPS
• IEC 62351-11 — Security for XML Files
  • Embedding of the original XML content into an XML container
  • Date of issue and access control for XML data
  • X.509 signature for authenticity of XML data
  • Optional data encryption

• IEC TC 57
• List of IEC technical committees

• Application of the IEC 62351 at IPCOMM GmbH
• Report about the implementation of IEC 62351-7
• "IEC 62351" atInternational Electrotechnical Commission

• IEC standards
• Electric power
• Computer network security

• Use Oxford spelling from December 2011
• All Wikipedia articles written in British English with Oxford spelling