IEC TR 62210-2003 pdf – Power system control and associated communications – Data and communication security.
1 Scope and object This Technical Report applies to computerised supervision, control, metering, and protection systems in electrical utilities. It deals with security aspects related to communication protocols used within and between such systems, the access to, and use of the systems. NOTE This report does not include recommendations or criteria development associated with physical security issues. Realistic threats to the system and its operation are discussed. The vulnerability and the consequences of intrusion are exemplified. Actions and countermeasures to improve the current situation are discussed but solutions are to be considered issues for future work items. 2 Overview Safety, security, and reliability have always been important issues in the design and operation of systems in electrical utilities. Supervision, protection, and control system have been designed with the highest possible level of safety, security, and reliability. The communication protocols have been developed with a residual error rate approaching zero. All these measures have been taken to minimise the risk of danger for personnel and equipment and to promote an efficient operation of the power network.
Physical threats on vulnerable objects have been handled in the classical ways by locked buildings, fences and guards but the quite possible terrorist threat of tripping a critical breaker by a faked SCADA command on a tapped communication link has been neglected. There is no function in the currently used protocols that ensure that the control command comes from an authorised source. The deregulated electricity market has imposed new threats: knowledge of the assets of a competitor and the operation of his system can be beneficial and acquisition of such information is a possible reality. The communication protocols and systems need protection from advertent and inadvertent intruders, the more the protocols are open and standardised and the more the communication system is integrated in the corporate and world-wide communication network. This Technical Report discusses the security process of the electrical utility. The security process involves the corporate security policy, the communication network security, and the (end-to-end) application security. The security of the total system depends on secure network devices, i.e. the security of any device that can communicate. A secure network device has to be capable of performing ‘safe’ communication and of authenticating the access level of the user. Intrusive attacks have to be efficiently detected, recorded and prosecuted as part of an active audit system. The threats are analysed based on possible consequences to a system, i.e. what is the worst that could happen if an illicit intruder has ambition and resources? The vulnerability of a utility and its assets are analysed together with the threats.
3 Reference documents The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. IEC 60870-5 (all parts), Telecontrol equipment and systems – Part 5: Transmission protocols IEC 60870-6 (all parts), Telecontrol equipment and systems – Part 6: Telecontrol protocols compatible with ISO standards and ITU-T recommendations IEC 61 334 (all parts), Distribution automation using distribution line carrier systems IEC 61 850 (all parts), Communication networks and systems in substations ISO/IEC 7498-1 , Information technology – Open Systems Interconnection – Basic Reference Model: The Basic Model ISO 7498-2:1 989, Information processing systems – Open Systems Interconnection – Basic Reference Model – Part 2: Security Architecture ISO/IEC 1 01 81 -1 :1 996, Information technology – Open Systems Interconnection – Security frameworks for open systems: Overview ISO/IEC 1 01 81 -7:1 996, Information technology – Open Systems Interconnection – Security frameworks for open systems: Security audit and alarms framework ISO/IEC 1 5408-1 , Information technology – Security techniques – Evaluation criteria for IT Security – Part 1: Introduction and general model ISO/IEC 1 5408-2, Information technology – Security techniques – Evaluation criteria for IT Security – Part 2: Security functional requirements ISO/IEC 1 5408-3, Information technology – Security techniques – Evaluation criteria for IT Security – Part 3: Security assurance requirements