Unfortunately, defending today’s power systems is challenging because they typically use communication protocols optimized for bandwidth and efficiency, with zero or simple security protections. Furthermore, many grids have received little to no security enhancements post deployment.
To help counter this problem, in the early 2000s IEC Technical Committee (TC) 57, a group devoted to power system management standards, started working on how to make power grids secure-by-design. Working Group (WG) 15 was formed to evaluate the requirements from a technology perspective, and define a standard way to implement them.
I’ve been a member of WG15 since 2015, and led the Nozomi Networks hosting of the WG15 Winter ’17 meeting in Lugano, Switzerland. As we approach the group’s next meeting this spring, I thought it might be helpful to inform you about these standards and provide an update on their status.
Overview of WG15
First a brief overview of WG15. The group is made up of ICS operators, SCADA engineers, security specialists, and networking experts from 90 organizations worldwide. Members include ABB, Siemens, Schneider Electric, General Electric, Enel, IREQ, Nozomi Networks and others.
Together we have identified the components needed for a secure-by-design power system. These include the end-to-end encryption principle, the definition of roles for all users and identity management, and pervasive monitoring of the system itself.
Another duty of WG15 is to review other Working Group’s documents to assess and validate cyber security aspects.
Status of the IEC 62351 Standards
Currently, the 62351 family of standards (see IEC 62351-1: Introduction for an in-depth overview) depicts the architecture of a secure power system and standardizes its protocols and components. An interesting read for a better overview of it is: IEC 62351-10: Security Architecture Guidelines for TC57 Systems.
To truly obtain effective end-to-end security, secure protocols must:
The former is standardized in IEC 62351-9: Key Management, while the latter is standardized in IEC 62351-8: Role-based Access Control (RBAC), and further reviewed and explained in IEC TR 62351-90-1: RBAC Guidelines.
Communication protocols play a key role when it comes to resolving “common OT protocol issues”, such as the lack of authentication, integrity checks, confidentiality, etc. Although some OT protocols already address these areas, it is very common within the OT world to have very low “protocol security”, that is insecurity-by-design. For this reason, the whole set of power system protocols designed under the IEC umbrella has been extended to provide end-to-end encryption, identity management and RBAC.
Of course, the role of existing secure protocols like TLS (Transport Layer Security) play a big role, but many other aspects have been tackled to define all possible facets of a secure architecture. These include:
Monitoring Power Systems with IEC 62351 Standards
In the IEC 62351 family of standards, end-to-end encryption is certainly an important feature, but system monitoring plays a key role as well. Several parts are in fact devoted to monitoring the healthy status of a power system:
A lot of discussion has occurred on this topic because of its controversial nature. Nonetheless, deep monitoring of encrypted communications in a machine-to-machine framework offers more advantages than not, including full visibility of ongoing activities.