GB/T 25320.6-2023 Power systems management and associated information exchange—Data and communication security—Part 6: Security for IEC 61850 (English Version)
GB/T 25320.6-2023 Power systems management and associated information exchange - Data and communication security - Part 6: Security for IEC 61850
1 Scope and object
1.1 Scope
This document specifies messages, procedures, and algorithms for securing the operation of all protocols based on or derived from IEC 61850.
Table 1 Scope of application to standards
Number Name
IEC 61850-8-1 Communication networks and systems for power utility automation - Part 8-1: Specific communication service mapping (SCSM) - Mappings to MMS (ISO/IEC 9506-1 and ISO/IEC 9506-2) and to ISO/IEC 8802-3
IEC 61850-8-2 Communication networks and systems for power utility automation - Part 8-2: Specific communication service mapping (SCSM)-Mapping to Extensible Messaging Presence Protocol (XMPP)
IEC 61850-9-2 Communication networks and systems for power utility automation - Part 9-2: Specific communication service mapping (SCSM) - Sampled values over ISO/IEC 8802-3
IEC 61850-6 Communication networks and systems for power utility automation -Part 6: Configuration description language for communication in power utility automation systems related to IEDs
The initial audience for this document is intended to be the members of the working groups developing or making use of the protocols listed in Table 1. For the measures described in this document to take effect, they shall be accepted and referenced by the specifications for the protocols themselves.
This document is written to enable that process.
The subsequent audience for this document is intended to be the developers of products that implement these protocols.
Portions of this document may also be of use to managers and executives in order to understand the purpose and requirements of the work.
1.2 Namespace name and version
This clause is mandatory for any IEC 61850 namespace (as defined by all parts of IEC 61850-7-1).
The parameters which identify this new release of this namespace are:
- Namespace version: 2020
- Namespace revision: A
- Namespace name: “IEC 62351-6: 2020 A”
- Namespace release: 1
The table below provides an overview of all published versions of this namespace.
1.3 Code Component distribution
There is currently no code component scheduled for the code component downloading area.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 9506 (all parts) Industrial automation systems manufacturing message specification)
IEC 61850-6 Communication networks and systems for power utility automation - Part 6: Configuration description language for communication in electrical substations related to IEDs
Note: DL/T 860.6-2012 Communication networks and systems for power utility automation - Part 6 : Configuration description language for communication in electrical substation related to IEDs (IEC 61850-6:2009, IDT)
IEC 61850-7-3 Communication networks and systems for power utility automation- Part 7-3: Basic communication structure - Common data classes
Note: DL/T 860.73-2013 Communication networks and systems for power utility automation - Part 7-3: Basic communication structure-Common data classes (IEC 61850-7-3:2010, IDT)
IEC 61850-8-1:2011 Communication networks and systems for power utility automation- Part 8-1: Specific communication service mapping (SCSM) - Mappings to MMS (ISO 9506-1 and ISO 9506-2) and to ISO/IEC 8802-3
Note: DL/T 860.81-2016 Communication networks and systems for power utility automation - Part 8-1: Specific Communication Service Mapping (SCSM)-Mappings to MMS (ISO 9506-1 and ISO 9506-2) and to ISO/IEC 8802-3 (IEC 61850-8-1:2011, IDT)
IEC 61850-8-2 Communication networks and systems for power utility automation - Part 8-2 : Specific communication service mapping (SCSM) - Mapping to Extensible Messaging Presence Protocol (XMPP)
IEC 61850-9-2 Communication networks and systems for power utility automation- Part 9-2 : Specific communication service mapping (SCSM) - Sampled values over ISO/IEC 8802 -3
Note: DL/T 860.92-2016 Communication networks and systems for power utility automation - Part 9-2: Specific Communication Service Mapping (SCSM) - Sampled values over ISO/IEC 8802-3 (IEC 61850-9-2:2011, IDT)
IEC TS 62351-1 Power systems management and associated information exchange - Data and communications security - Part 1 : Introduction to security issues
Note: GB/Z 25320.1-2010 Power systems management and associated information exchange - Data and communications security - Part 1: Communication network and system security - Introduction to security issues (IEC TS 62351-1:2007, IDT)
IEC TS 62351-2 Power systems management and associated information exchange - Data and communications security - Part 2: Glossary of terms
Note: GB/Z 25320.2-2013 Power systems management and associated information exchange - Data and communications security - Part 2: Glossary of terms (IEC TS 62351-2:2008, IDT)
IEC 62351-3:2023 Power systems management and associated information exchange - Data and communications security - Part 3 : Communication network and system security - Profiles including TCP/IP
Note: GB/Z 25320.3-2010 Power systems management and associated information exchange - Data and communications security - Part 3: Communication network and system security - Profiles including TCP/IP (IEC TS 62351-3: 2007, IDT)
IEC 62351-4:2020 Power systems management and associated information exchange - Data and communications security - Part 4 : Profiles including MMS and derivatives
Note: GB/Z 25320.4-2010 Power systems management and associated information exchange - Data and communications security - Part 4: Profiles including MMS (IEC 62351-4 : 2020, MOD)
IEC 62351-7 Power systems management and associated information exchange- Data and communications security - Part 7 : Network and system management (NSM) data object models.
Note: GB/Z 25320.7-2015 Power systems management and associated information exchange - Data and communications security - Part 7 : Network and system management (NSM) data object models (IEC TS 62351-7 : 2010, IDT)
IEC 62351-9 Power systems management and associated information exchange - Data and communications security - Part 9 : Cyber security key management for power system equipment
ISO/IEC 13239 Information technology - Telecommunications and information exchange between systems - High-level data link control (HDLC) procedures
RFC 2104-HMAC Keyed - Hashing for Message Authentication
RFC 5905 Network Time Protocol Version 4 : Protocol and Algorithms Specification
RFC 8052 Group Domain of Interpretation (GDOI) Protocol Support for IEC 62351 Security Services
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in IEC TS 62351-2 and IEC 61850-2 apply.
3.1.1
electronic security perimeter
logical border surrounding a network interconnecting critical cyber assets
3.1.2
client
functional unit that establishes an association and issues requests and receives services from a server
3.1.3
server
functional unit that receives an association from a Client and provides services requested by the Client
3.2 Abbreviated terms
ACSE: Association Control Service Element
APDU: Application Protocol Data Unit
ASDU: Application Service Data Unit
ASN.1: Abstract Syntax Notation One
ESP: Electronic Security Perimeter
Standard
GB/T 25320.6-2023 Power systems management and associated information exchange—Data and communication security—Part 6: Security for IEC 61850 (English Version)
Standard No.
GB/T 25320.6-2023
Status
valid
Language
English
File Format
PDF
Word Count
19000 words
Price(USD)
570.0
Implemented on
2024-7-1
Delivery
via email in 1~5 business day
Detail of GB/T 25320.6-2023
Standard No.
GB/T 25320.6-2023
English Name
Power systems management and associated information exchange—Data and communication security—Part 6: Security for IEC 61850
GB/T 25320.6-2023 Power systems management and associated information exchange - Data and communication security - Part 6: Security for IEC 61850
1 Scope and object
1.1 Scope
This document specifies messages, procedures, and algorithms for securing the operation of all protocols based on or derived from IEC 61850.
Table 1 Scope of application to standards
Number Name
IEC 61850-8-1 Communication networks and systems for power utility automation - Part 8-1: Specific communication service mapping (SCSM) - Mappings to MMS (ISO/IEC 9506-1 and ISO/IEC 9506-2) and to ISO/IEC 8802-3
IEC 61850-8-2 Communication networks and systems for power utility automation - Part 8-2: Specific communication service mapping (SCSM)-Mapping to Extensible Messaging Presence Protocol (XMPP)
IEC 61850-9-2 Communication networks and systems for power utility automation - Part 9-2: Specific communication service mapping (SCSM) - Sampled values over ISO/IEC 8802-3
IEC 61850-6 Communication networks and systems for power utility automation -Part 6: Configuration description language for communication in power utility automation systems related to IEDs
The initial audience for this document is intended to be the members of the working groups developing or making use of the protocols listed in Table 1. For the measures described in this document to take effect, they shall be accepted and referenced by the specifications for the protocols themselves.
This document is written to enable that process.
The subsequent audience for this document is intended to be the developers of products that implement these protocols.
Portions of this document may also be of use to managers and executives in order to understand the purpose and requirements of the work.
1.2 Namespace name and version
This clause is mandatory for any IEC 61850 namespace (as defined by all parts of IEC 61850-7-1).
The parameters which identify this new release of this namespace are:
- Namespace version: 2020
- Namespace revision: A
- Namespace name: “IEC 62351-6: 2020 A”
- Namespace release: 1
The table below provides an overview of all published versions of this namespace.
1.3 Code Component distribution
There is currently no code component scheduled for the code component downloading area.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 9506 (all parts) Industrial automation systems manufacturing message specification)
Note: GB/T 16720 (all parts) Industrial automation systems - Manufacturing message specification [ISO 9506 (all parts)]
IEC 61850-6 Communication networks and systems for power utility automation - Part 6: Configuration description language for communication in electrical substations related to IEDs
Note: DL/T 860.6-2012 Communication networks and systems for power utility automation - Part 6 : Configuration description language for communication in electrical substation related to IEDs (IEC 61850-6:2009, IDT)
IEC 61850-7-3 Communication networks and systems for power utility automation- Part 7-3: Basic communication structure - Common data classes
Note: DL/T 860.73-2013 Communication networks and systems for power utility automation - Part 7-3: Basic communication structure-Common data classes (IEC 61850-7-3:2010, IDT)
IEC 61850-8-1:2011 Communication networks and systems for power utility automation- Part 8-1: Specific communication service mapping (SCSM) - Mappings to MMS (ISO 9506-1 and ISO 9506-2) and to ISO/IEC 8802-3
Note: DL/T 860.81-2016 Communication networks and systems for power utility automation - Part 8-1: Specific Communication Service Mapping (SCSM)-Mappings to MMS (ISO 9506-1 and ISO 9506-2) and to ISO/IEC 8802-3 (IEC 61850-8-1:2011, IDT)
IEC 61850-8-2 Communication networks and systems for power utility automation - Part 8-2 : Specific communication service mapping (SCSM) - Mapping to Extensible Messaging Presence Protocol (XMPP)
IEC 61850-9-2 Communication networks and systems for power utility automation- Part 9-2 : Specific communication service mapping (SCSM) - Sampled values over ISO/IEC 8802 -3
Note: DL/T 860.92-2016 Communication networks and systems for power utility automation - Part 9-2: Specific Communication Service Mapping (SCSM) - Sampled values over ISO/IEC 8802-3 (IEC 61850-9-2:2011, IDT)
IEC TS 62351-1 Power systems management and associated information exchange - Data and communications security - Part 1 : Introduction to security issues
Note: GB/Z 25320.1-2010 Power systems management and associated information exchange - Data and communications security - Part 1: Communication network and system security - Introduction to security issues (IEC TS 62351-1:2007, IDT)
IEC TS 62351-2 Power systems management and associated information exchange - Data and communications security - Part 2: Glossary of terms
Note: GB/Z 25320.2-2013 Power systems management and associated information exchange - Data and communications security - Part 2: Glossary of terms (IEC TS 62351-2:2008, IDT)
IEC 62351-3:2023 Power systems management and associated information exchange - Data and communications security - Part 3 : Communication network and system security - Profiles including TCP/IP
Note: GB/Z 25320.3-2010 Power systems management and associated information exchange - Data and communications security - Part 3: Communication network and system security - Profiles including TCP/IP (IEC TS 62351-3: 2007, IDT)
IEC 62351-4:2020 Power systems management and associated information exchange - Data and communications security - Part 4 : Profiles including MMS and derivatives
Note: GB/Z 25320.4-2010 Power systems management and associated information exchange - Data and communications security - Part 4: Profiles including MMS (IEC 62351-4 : 2020, MOD)
IEC 62351-7 Power systems management and associated information exchange- Data and communications security - Part 7 : Network and system management (NSM) data object models.
Note: GB/Z 25320.7-2015 Power systems management and associated information exchange - Data and communications security - Part 7 : Network and system management (NSM) data object models (IEC TS 62351-7 : 2010, IDT)
IEC 62351-9 Power systems management and associated information exchange - Data and communications security - Part 9 : Cyber security key management for power system equipment
ISO/IEC 13239 Information technology - Telecommunications and information exchange between systems - High-level data link control (HDLC) procedures
RFC 2104-HMAC Keyed - Hashing for Message Authentication
RFC 5905 Network Time Protocol Version 4 : Protocol and Algorithms Specification
RFC 8052 Group Domain of Interpretation (GDOI) Protocol Support for IEC 62351 Security Services
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in IEC TS 62351-2 and IEC 61850-2 apply.
3.1.1
electronic security perimeter
logical border surrounding a network interconnecting critical cyber assets
3.1.2
client
functional unit that establishes an association and issues requests and receives services from a server
3.1.3
server
functional unit that receives an association from a Client and provides services requested by the Client
3.2 Abbreviated terms
ACSE: Association Control Service Element
APDU: Application Protocol Data Unit
ASDU: Application Service Data Unit
ASN.1: Abstract Syntax Notation One
ESP: Electronic Security Perimeter
