Power systems management and associated information exchange – Data and communications security – Part 3: Communication network and system security – Profiles including TCP/IP
|Publication Date:||1 June 2007|
|ICS Code (Telecontrol. Telemetering):||33.200|
Scope and object
This part of IEC 62351, which is a technical specification, specifies how to provide confidentiality, tamper detection, and message level authentication for SCADA and telecontrol protocols that make use of TCP/IP as a message transport layer.
Although there are many possible solutions to secure TCP/IP, the particular scope of this part is to provide security between communicating entities at either end of a TCP/IP connection within the end communicating entities. The use and specification of intervening external security devices (e.g. "bump-in-the-wire") are considered outside the scope of this technical specification.
This part of IEC 62351 specifies how to secure TCP/IP-based protocols through constraints on the specification of the messages, procedures, and algorithms of Transport Layer Security (TLS) (defined in RFC 2246) so that they are applicable to the telecontrol environment of IEC TC 57. It is intended that this specification be referenced as a normative part of other IEC TC 57 standards that have the need for providing security for their TCP/IP-based protocol. However, it is up to the individual protocol security initiatives to decide if this technical specification is to be referenced.
This part reflects the security requirements of the IEC TC 57 protocols. Should other standards bring forward new requirements, this specification may need to be revised.
The initial audience for this specification is intended to be the members of the working groups developing or making use of the protocols within IEC TC 57. For the measures described in this specification to take effect, they must be accepted and referenced by the specifications for the protocols themselves, where the protocols make use of TCP/IP. This specification is written to enable that process.
The subsequent audience for this specification is intended to be the developers of products that implement these protocols.
Portions of this specification may also be of use to managers and executives in order to understand the purpose and requirements of the work.