IEC 62351 is a series of cybersecurity standards for the smart grid, also known as power (energy) systems. This series of standards is specifically designed to help with the security of the TC 57 series of protocols (as shown in the gray box in the following figure). At a high level, IEC 62351 helps to secure both the data communications and the overall operations of power systems. The following list of IEC 62351 standards focuses on both general introductory materials and the security of the TC 57 series of protocols.
- IEC 62351-1: Introduction—This provides the background for overall security in power system operations among other introductory information.
- IEC 62351-2: Glossary—Provides a glossary of terms and acronyms used throughout the series of standards.
- IEC 62351-3: Profiles Including TCP/IP—Data and communication security guidance for power system-based protocols that leverage TCP/IP communications. These include IEC 60870-6, IEC 60870-5-104, DNP3 over TCP/IP, and IEC 61850 over TCP/IP.
- IEC 62351-4: Profiles Including MMS and similar Payloads—Data and communication guidance to secure MMS and other similar payload types. Specifically, IEC 60870-6, IEC 61850-8-1, and IEC 61850-8-2.
- IEC 62351-5: IEC 60870-5 and Derivatives—Data and communication security guidance for IEC 60870-5-101, IEC 60870-5-104, and DNP3 protocols.
- IEC 62351-6: IEC 61850 Profiles—Data and communication security guidance for IEC 61850, specifically peer-to-peer profiles (IEC 61850 that does not use TCP/IP such as GOOSE).
Other than security guidance for energy specific protocols such as DNP3 and IEC 61850, IEC 62351 offers further general cybersecurity standards to keep the overall power system secure. The following are the additional standards in IEC 62351:
- IEC 62351-7: Objects for Network Management—Guidance on network and system management (for example, use of SNMP) for the power system network and information infrastructure.
- IEC 62351-8: Role based Access Control—Guidance on authorization such as users and roles with their associated permissions as it relates specifically to power system operations.
- IEC 62351-9: Key Management—Guidance on managing digital certificates and cryptographic keys.
- IEC 62351-10: Security architecture guidelines for TC 57 systems—Provides guidelines for a power system security architecture using various security controls.
- IEC 62351-11: Security for XML files—Guidelines for securely exchanging XML-based documents, which are used as part of IEC 61970 and in aspects of IEC 61850.
- IEC 62351-12: Resilience and Security Recommendations for Power Systems with DER—Targeted for Distributed Energy Resources (DER) systems with guidance on how to implement resilience and other cybersecurity considerations in these types of systems.
- IEC 62351-13: What Security Topics Should Be Covered in Standards and Specifications—Guidance for the personnel who develop the policies and standards for cybersecurity. Provides information about which security controls to include or what security topics to cover, especially as it pertains to power systems.
- IEC 62351-14: Cyber Security Event Logging—Guidance based on Syslog for the implementation of security logging in power systems.
The previous figure shows how the different power system communication standards (protocols) map to the different standards within IEC 62351. Further information on IEC 62351 can be found on the IEC 62351 Overview site.