欢迎来到麦多课文档分享! | 帮助中心 海量文档,免费浏览,给你所需,享你所想!
麦多课文档分享
全部分类
  • 标准规范>
  • 教学课件>
  • 考试资料>
  • 办公文档>
  • 学术论文>
  • 行业资料>
  • 易语言源码>
  • ImageVerifierCode 换一换
    首页 麦多课文档分享 > 资源分类 > PDF文档下载
    分享到微信 分享到微博 分享到QQ空间

    BS PD IEC TR 62351-13-2016 Power systems management and associated information exchange Data and communications security Guidelines on security topics to be covered in standards an.pdf

    • 资源ID:588925       资源大小:4.17MB        全文页数:38页
    • 资源格式: PDF        下载积分:10000积分
    快捷下载 游客一键下载
    账号登录下载
    微信登录下载
    二维码
    微信扫一扫登录
    下载资源需要10000积分(如需开发票,请勿充值!)
    邮箱/手机:
    温馨提示:
    如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
    如需开发票,请勿充值!如填写123,账号就是123,密码也是123。
    支付方式: 支付宝扫码支付    微信扫码支付   
    验证码:   换一换

    加入VIP,交流精品资源
     
    账号:
    密码:
    验证码:   换一换
      忘记密码?
        
    友情提示
    2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
    3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
    4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
    5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。

    BS PD IEC TR 62351-13-2016 Power systems management and associated information exchange Data and communications security Guidelines on security topics to be covered in standards an.pdf

    1、Power systems management and associated informationexchange Data and communications securityPart 13: Guidelines on security topics to be covered in standards and specificationsPD IEC/TR 62351-13:2016BSI Standards PublicationWB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06National forewordThi

    2、s Published Document is the UK implementation of IEC/TR62351-13:2016.The UK participation in its preparation was entrusted to TechnicalCommittee PEL/57, Power systems management and associated information exchange.A list of organizations represented on this committee can be obtained onrequest to its

    3、 secretary.This publication does not purport to include all the necessary provisions ofa contract. Users are responsible for its correct application. The British Standards Institution 2016.Published by BSI Standards Limited 2016ISBN 978 0 580 93723 1ICS 33.200Compliance with a British Standard canno

    4、t confer immunity fromlegal obligations.This Published Document was published under the authority of theStandards Policy and Strategy Committee on 31 August 2016. Amendments/corrigenda issued since publicationDate Text affectedPUBLISHED DOCUMENTPD IEC/TR 62351-13:2016IEC TR 62351-13 Edition 1.0 2016

    5、-08 TECHNICAL REPORT Power systems management and associated information exchange Data and communications security Part 13: Guidelines on security topics to be covered in standards and specifications INTERNATIONAL ELECTROTECHNICAL COMMISSION ICS 33.200 ISBN 978-2-8322-3571-3 Registered trademark of

    6、the International Electrotechnical Commission Warning! Make sure that you obtained this publication from an authorized distributor. colourinsidePD IEC/TR 62351-13:2016 2 IEC TR 62351-13:2016 IEC 2016 CONTENTS FOREWORD . 4 INTRODUCTION . 6 1 Scope 8 2 Normative references. 8 3 Terms and definitions 8

    7、 4 Abbreviated terms and acronyms . 9 5 Security requirements for users and applications interacting with automation systems . 9 5.1 Risk assessment, security policies and security requirements 9 5.2 User-focused cybersecurity procedures and techniques . 12 6 Information and communication technology

    8、 (ICT) cryptographic techniques 14 6.1 General . 14 6.2 Best practices for specifying cryptography . 14 6.3 Cryptographic methods . 15 6.4 Internet cryptography 15 6.5 Wireless cryptography . 16 6.6 Key management using public key cryptography 16 6.7 Multicast and group keys . 17 6.8 Device and plat

    9、form integrity . 18 6.9 Design secure network configurations 18 6.10 Network and system management (NSM) . 18 6.11 Defence-in-depth 18 6.12 Security testing and validation procedures . 19 6.13 Security interoperability . 19 6.14 Additional cybersecurity techniques . 19 7 Engineering design and confi

    10、guration management for grid resilience . 20 7.1 Intertwining of cyber security and engineering to provide grid resilience . 20 7.2 Security planning 20 7.3 Engineering strategies for security . 21 7.4 System engineering practices and configurations . 21 7.5 Power system equipment monitoring, analys

    11、is, and control 22 7.6 Centralized monitoring and control 22 7.7 Centralized power system analysis and control 23 7.8 Testing . 23 7.9 Training 24 8 Correlation of cyber security with information exchange standards 24 8.1 Concepts for correlating cyber security with information exchange standards .

    12、24 8.2 Security for different OSI reference model layers . 27 8.3 Interrelationships between the IEC 62351 security standards and IEC communication standards 28 Bibliography . 29 Figure 1 Security requirements, threats, and possible attacks . 7 Figure 2 Focus of different security standards and guid

    13、elines . 10 Figure 3 General security process Continuous cycle 20 PD IEC/TR 62351-13:2016IEC TR 62351-13:2016 IEC 2016 3 Figure 4 ISO/OSI 7-Layer reference model and GWAC Stack reference model 25 Figure 5 Core Smart Grid standards for utilities 26 Figure 6 Customer-focused Smart Grid standards . 26

    14、Figure 7 Interrelationships between the IEC 62351 security standards and certain IEC communication standards . 28 PD IEC/TR 62351-13:2016 4 IEC TR 62351-13:2016 IEC 2016 INTERNATIONAL ELECTROTECHNICAL COMMISSION _ POWER SYSTEMS MANAGEMENT AND ASSOCIATED INFORMATION EXCHANGE DATA AND COMMUNICATIONS S

    15、ECURITY Part 13: Guidelines on security topics to be covered in standards and specifications FOREWORD 1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising all national electrotechnical committees (IEC National Committees). The object of IE

    16、C is to promote international co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports, Publicly Available Specifications (PAS)

    17、 and Guides (hereafter referred to as “IEC Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with may participate in this preparatory work. International, governmental and non-governmental organizations liaising with

    18、the IEC also participate in this preparation. IEC collaborates closely with the International Organization for Standardization (ISO) in accordance with conditions determined by agreement between the two organizations. 2) The formal decisions or agreements of IEC on technical matters express, as near

    19、ly as possible, an international consensus of opinion on the relevant subjects since each technical committee has representation from all interested IEC National Committees. 3) IEC Publications have the form of recommendations for international use and are accepted by IEC National Committees in that

    20、 sense. While all reasonable efforts are made to ensure that the technical content of IEC Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any misinterpretation by any end user. 4) In order to promote international uniformity, IEC National Committees

    21、 undertake to apply IEC Publications transparently to the maximum extent possible in their national and regional publications. Any divergence between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter. 5) IEC itself does not provide an

    22、y attestation of conformity. Independent certification bodies provide conformity assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any services carried out by independent certification bodies. 6) All users should ensure that they have the latest ed

    23、ition of this publication. 7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and members of its technical committees and IEC National Committees for any personal injury, property damage or other damage of any nature whatsoever, whether d

    24、irect or indirect, or for costs (including legal fees) and expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC Publications. 8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is indispe

    25、nsable for the correct application of this publication. 9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent rights. IEC shall not be held responsible for identifying any or all such patent rights. The main task of IEC technical comm

    26、ittees is to prepare International Standards. However, a technical committee may propose the publication of a Technical Report when it has collected data of a different kind from that which is normally published as an International Standard, for example “state of the art“. IEC TR 62351-13, which is

    27、a Technical Report, has been prepared by IEC technical committee 57: Power systems management and associated information exchange. PD IEC/TR 62351-13:2016IEC TR 62351-13:2016 IEC 2016 5 The text of this Technical Report is based on the following documents: Enquiry draft Report on voting 57/1678/DTR

    28、57/1727/RVC Full information on the voting for the approval of this Technical Report can be found in the report on voting indicated in the above table. This publication has been drafted in accordance with the ISO/IEC Directives, Part 2. A list of all parts in the IEC 62351 series, published under th

    29、e general title Power systems management and associated information exchange Data and communications security, can be found on the IEC website. The committee has decided that the contents of this publication will remain unchanged until the stability date indicated on the IEC website under “http:/web

    30、store.iec.ch“ in the data related to the specific publication. At this date, the publication will be reconfirmed, withdrawn, replaced by a revised edition, or amended. A bilingual version of this publication may be issued at a later date. IMPORTANT The colour inside logo on the cover page of this pu

    31、blication indicates that it contains colours which are considered to be useful for the correct understanding of its contents. Users should therefore print this document using a colour printer. PD IEC/TR 62351-13:2016 6 IEC TR 62351-13:2016 IEC 2016 INTRODUCTION This document provides guidelines on w

    32、hat security topics should be covered in standards and specifications (IEC or otherwise) that are to be used in the power industry. These guidelines cannot be prescriptive for every standard, since individual standards and specifications may legitimately have very different focuses, but it should be

    33、 expected that the combination of such standards and specifications used in any implementation should cover these security topics. These guidelines could therefore be used as a checklist for the combination of standards and specifications used in implementations of systems. The security requirements

    34、 for human users and software applications are different from the purely technical security requirements found in many communication and device standards. For user security standards, more emphasis should be on “policy and procedures” and “roles and authorization” rather than “bits and bytes” crypto

    35、graphic technologies that should be included in Information and Communications Technology (ICT). In addition, engineering practices and system configurations should be taken into account, since no cryptography can compensate for poor design. Figure 1 illustrates the relationships between security re

    36、quirements, threats, and attacks. This document is structured into four sections: Clause 5: Security requirements for standards and specifications which do not address specific cybersecurity technologies but where interactions between human users, software applications, and smart devices should be s

    37、ecured. Clause 6: Security requirements for standards and specifications that address information and communication technologies (ICT). Clause 7: Engineering design and configuration requirements that provide system reliability, defence in depth, and other security threat mitigations. Clause 8: Secu

    38、rity requirements related to the OSI reference model. PD IEC/TR 62351-13:2016IEC TR 62351-13:2016 IEC 2016 7 Figure 1 Security requirements, threats, and possible attacks IEC AttacksThreatsRequirementsAttacksThreatsConfidentialityIntegrity Availability AccountabilityResource exhaustionIntegrity viol

    39、ationPlanted in systemVirus/WormsTrojan horseTrapdoorService spoofingStolen/AlteredRepudiationEavesdroppingTraffic analysisEM/RFinterceptionIndiscretionsby personnelMedia scavengingListeningAfter the factDenial of serviceInteractionsMasqueradeBypassingcontrolsAuthorizationviolationPhysicalintrusionM

    40、an in the middleIntegrity violationTheftReplayIntercept/AlterRepudiationModificationUnauthorized access to informationUnauthorized modification or theft of information Denial of service or prevention of authorized accessDenial that action took place or claim of action that did not take placeCybersec

    41、urity requirements, threats, and attacksPD IEC/TR 62351-13:2016 8 IEC TR 62351-13:2016 IEC 2016 POWER SYSTEMS MANAGEMENT AND ASSOCIATED INFORMATION EXCHANGE DATA AND COMMUNICATIONS SECURITY Part 13: Guidelines on security topics to be covered in standards and specifications 1 Scope This part of IEC

    42、62351, which is a Technical Report, provides guidelines on what security topics could or should be covered in standards and specifications (IEC or otherwise) that are to be used in the power industry, and the audience is therefore the developers of standards and specifications. These guidelines cann

    43、ot be prescriptive for every standard, since individual standards and specifications may legitimately have very different focuses, but it should be expected that the combination of such standards and specifications used in any implementation should cover these security topics. These guidelines are t

    44、herefore to be used as a checklist for the combination of standards and specifications used in implementations of systems. Out-of-scope are explicit methods for cyber security in product development, implementations, or operations. 2 Normative references The following documents are referred to in th

    45、e text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. IEC TS 62351-2, Power systems management a

    46、nd associated information exchange Data and communications security Part 2: Glossary of terms 3 Terms and definitions For the purposes of this document, the terms and definitions given in IEC TS 62351-2 and the following apply. ISO and IEC maintain terminological databases for use in standardization

    47、 at the following addresses: IEC Electropedia: available at http:/www.electropedia.org/ ISO Online browsing platform: available at http:/www.iso.org/obp 3.1 end-to-end security reliance on security policies, procedures, and technologies which guarantees secure data exchange between a source (sender)

    48、 and a sink (receiver), preventing third-parties from unauthorized access and/or modifications of these data while transferred from one end to the other through multiple devices PD IEC/TR 62351-13:2016IEC TR 62351-13:2016 IEC 2016 9 4 Abbreviated terms and acronyms Acronym Definition NISTIR National

    49、 Institute of Standards and Technology Internal Report NIST National Institute of Standards and Technology NERC North American Electric Reliability Corporation ISO International Standards Organization 5 Security requirements for users and applications interacting with automation systems 5.1 Risk assessment, security policies and security requirements The following general cyber security considerations should be covered in the standards and specifications as a


    注意事项

    本文(BS PD IEC TR 62351-13-2016 Power systems management and associated information exchange Data and communications security Guidelines on security topics to be covered in standards an.pdf)为本站会员(proposalcash356)主动上传,麦多课文档分享仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文档分享(点击联系客服),我们立即给予删除!




    关于我们 - 网站声明 - 网站地图 - 资源地图 - 友情链接 - 网站客服 - 联系我们

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1 

    收起
    展开