IEC 62351-3-2018 pdf download.Power systems management and associated information exchange – Data and communications security – Part 3: Communication network and system security – Profiles including TCP/IP.
This part of IEC 62351 specifies how to provide confidentiality, integrity protection, and message level authentication for SCADA and telecontrol protocols that make use of TCP/IP as a message transport layer when cyber-security is required. Although there are many possible solutions to secure TCP/IP, the particular scope of this part is to provide security between communicating entities at either end of a TCP/IP connection within the end communicating entities. The use and specification of intervening external security devices (e.g. “bump-in-the-wire”) are considered out-of-scope. This part of IEC 62351 specifies how to secure TCP/IP-based protocols through constraints on the specification of the messages, procedures, and algorithms of Transport Layer Security (TLS) (defined in RFC 5246) so that they are applicable to the telecontrol environment of the IEC.
TLS is applied to protect the TCP communication. It is intended that this standard be referenced as a normative part of other IEC standards that have the need for providing security for their TCP/IP-based protocol. However, it is up to the individual protocol security initiatives to decide if this standard is to be referenced. This part of IEC 62351 reflects the security requirements of the IEC power systems management protocols. Should other standards bring forward new requirements, this standard may need to be revised. 1 .2 Intended Audience The initial audience for this specification is intended to be experts developing or making use of IEC protocols in the field of power systems management and associated information exchange.
For the measures described in this specification to take effect, they must be accepted and referenced by the specifications for the protocols themselves, where the protocols make use of TCP/IP security. This document is written to enable that process. The subsequent audience for this specification is intended to be the developers of products that implement these protocols. Portions of this specification may also be of use to managers and executives in order to understand the purpose and requirements of the work.
2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies.
For undated references, the latest edition of the referenced document (including any amendments) applies. IEC TS 62351 -1 :2007, Power systems management and associated information exchange – Data and communications security – Part 1: Communication network and system security – Introduction to security issues IEC TS 62351 -2:2008, Power systems management and associated information exchange – Data and communications security – Part 2: Glossary of terms.IEC 62351-3 pdf download.